Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

Published byPriscilla Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2."— Presentation transcript:

1 PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2 Spring Meeting 2004 The E-Authentication Initiative March 2, 2004

2 2 The E-Authentication Initiative E-Gov Program Management Office Why Does PKI Fit into the e-Authentication Architecture?  While the bulk of the early phase rollouts of e-Gov applications are web-enabled applications..  2003 OASIS survey identified signed electronic forms as the highest priority use for PKI (1)  Does anybody want to estimate how many Government forms are in use?  (1) OASIS Public Key Infrastructure Technical Committee, “Analysis of June 2003 Survey on Obstacles to PKI Deployment and Usage”, August 8, 2003 http://www.oasis- open.org/committees/pki/pkiobstaclesjune2003surveyreport.pdf

3 3 The E-Authentication Initiative E-Gov Program Management Office OASIS Survey of PKI Issues: Uses  ApplicationsMost ImportantImportantNot ImportantNo Answer WeightWeight Rank  Document Signing43%47%6%3%1.381  Web Server Security42%48%6%4%1.372  Secure Email40%46%8%6%1.333  Web Services Security34%53%9%4%1.264  Virtual Private Network33%50%11%6%1.245  Electronic Commerce34%48%13%5%1.226  Single Sign On28%56%12%4%1.177  Secure Wireless LAN25%48%19%8%1.068  Code Signing20%50%22%8%0.989  Secure RPC6%40%40%13%0.6110  Other Application9%3%7%81%0.2111  (1) OASIS Public Key Infrastructure Technical Committee, “Analysis of June 2003 Survey on Obstacles to PKI Deployment and Usage”, August 8, 2003 http://www.oasis- open.org/committees/pki/pkiobstaclesjune2003surveyreport.pdf

4 4 The E-Authentication Initiative E-Gov Program Management Office What Role Does PKI Play in the e- Authentication Architecture?  Reliably satisfies identity assurance levels 3 & 4 (OMB M-04-04)  Reliably satisfies risk levels 3 & 4 (FIPS 199, SP 800-63)  In Hoc Signo Vinces – PKI with Bridge interoperability is a great example of federated identity management  PKI integrates well with emerging technologies that link authentication and authorization, e.g., SAML

5 5 The E-Authentication Initiative E-Gov Program Management Office Therefore..  PKI is the prime candidate technology for satisfying electronic forms signing business processes;  PKI is the prime candidate for satisfying the authentication needs of business transactions that require levels 3 and 4 identity assurance  PKI is an excellent technology match for e- Authentication authentication and authorization implementations

6 6 The E-Authentication Initiative E-Gov Program Management Office Status of PKI in the Federal e-Authentication Framework  Federal Identity Management Framework acknowledges hardware-based PKI as best candidate for consolidated logical and physical access mechanism for Feds and contractors;  Operational PKIs in defense and civilian agencies now; DOD and State Department PKIs are hardware-based  Federal Bridge is operational and linked to all currently operational Federal PKIs, State of Illinois PKI and prototype Higher Ed Bridge; links to Canada, Australia, UK and EU under way  Other Federal Agencies rolling out PKIs in near future, either self-managed or acquired from approved service providers

7 7 The E-Authentication Initiative E-Gov Program Management Office FBCA Certification Authority Two way Cross-certified (FBCA High & FBCA Medium) Agencies (Legacy Agency CA policy) States Foreign Entities Citizen & Commerce Class Common (C4) Certificate Policy -certified Wells FargoAOLPEPCO Private Sector FPKI Common Policy Framework (FCPF) Certificate Policy C4 Policy Certification Authority (Included in browser list ofCAs) FCPF Policy Certification Authority (Trust anchor for Common FPKI Policy hierarchical PKI subscribers) E-Governance Certification Authority (Mutual authentication of SAML/SSL Certificates only) Qualified Shared Service Provider USDA/NCF Verisign DST Two way Cross-certified One way Cross - certified Federal PKI Assurance Level 1 Assurance Level 2 E-Governance Certificate Policy Other BridgeCAs ACES New Agency Optionally Two Way Cross - certified Two Way Cross Federal PKI The Federal PKI FBCA & The E-Authentication Federated Approach T w o w a y C r o s s - c e r t i f i e d XKMS OCSP CAM SOAP Others ©p©p Step #1: User goes to Portal to select the AA and ECP Portal Step #3: The user authenticates to the AA directly using SSL or TLS. Figure : FPKI Validation Service AA CA 1 Community 1 CA 4 CA 4bCA 4a CA 2 Community 2 Bridge CA 3 Community 3 FPKI Step #4: The AA uses the validation service to validate the certificate Step #2: The user is passed directly to the AA eAuth Trust List FBCA Certificate Policy

8 8 The E-Authentication Initiative E-Gov Program Management Office How PKIs Link to the e-Authentication Architecture  Existing Federal Agencies cross-certify and interoperate through the Federal Bridge  New Federal Agencies use the Common Policy Framework and shared service providers (SSPs)  External PKIs (governments, corporations, colleges and universities, etc.) cross-certify and interoperate with the Federal Bridge  Other bridges cross-certify and interoperate with the Federal Bridge

9 9 The E-Authentication Initiative E-Gov Program Management Office More Information  peter.alterman@nih.gov peter.alterman@nih.gov  http://csrc.nist.gov/pki http://csrc.nist.gov/pki  http://www.cio.gov/eauthentication http://www.cio.gov/eauthentication  http://pki.od.nih.gov http://pki.od.nih.gov

Download ppt "PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2."

Similar presentations

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Program Managers Forum

Program Managers Forum
Federal PKI Architecture Update

Federal PKI Architecture Update
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Certificate Authority- Provider Authentication Recommendations.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Certificate Authority- Provider Authentication Recommendations.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.

Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority

Similar presentations

Ads by Google