Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.

Published byAlannah Simmons Modified over 8 years ago

Similar presentations

Presentation on theme: "E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session."— Presentation transcript:

1 E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session

2 2 E-Authentication – Technical Approach Agenda –E-Authentication Overview Policy Framework –Technical Approach –Interoperability Lab

3 3 3. Establish technical assurance standards for e-credentials and credential providers (NIST Special Pub 800-63 Authentication Technical Guidance) 1. Establish e-Authentication risk and assurance levels for Governmentwide use (OMB M-04-04 Federal Policy Notice 12/16/03) 4. Establish methodology for evaluating credentials/providers on assurance criteria (Credential Assessment Framework) 2. Establish standard methodology for e-Authentication risk assessment (ERA) 5. Establish trust list of trusted credential providers for govt-wide (and private sector) use 6. Establish common business rules for use of trusted 3rd-party credentials Policy Infrastructure:

4 4 OMB 04-04 Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors 1234 Inconvenience, distress or damage to standing or reputation LowMod High Financial loss or agency liabilityLowMod High Harm to agency programs or public interestsN/ALowModHigh Unauthorized release of sensitive informationN/ALowModHigh Personal SafetyN/A LowMod High Civil or criminal violationsN/ALowModHigh

5 5 Assurance Level Allowed Token Types1234 Hard crypto token  Soft crypto token  Zero knowledge password  One-time Password Device  Strong password  PIN  NIST SP 800-63

6 6 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication Certificate Based Authentication –Interoperability Lab

7 7 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication –Overview –Management –SAML (Security Assertion Markup Language)as an Adopted Scheme Certificate Based Authentication –Interoperability Lab

8 8 AAs CSs Base Case

9 9 Starting at the AA

10 10 CSP ID Step #3: After Selecting their AA the user is redirected back to the CS as usual Starting at the CS

11 11 Step #2: The user is Redirected to the portal With the CS and AA IDs Step #3: The user is cookied and redirected to the CS Specialized Portals

12 12 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication –Overview –Management –SAML as an Adopted Scheme Certificate Based Authentication –Interoperability Lab

13 13 Assess COTS Interoperability Evaluate new Scheme against requirements Pilot Migrate, Translate, or Both. Adopt Scheme Adoption Lifecycle Start Emerging Technology

14 14 Scheme Translator Scheme Translator

15 15 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication –Overview –Management –SAML as an Adopted Scheme Certificate Based Authentication –Interoperability Lab

16 16 SAML 1.0 Artifact Profile Base Case

17 17 SAML 1.0 Artifact Profile Single Sign-On

18 18 SAML 1.0 Artifact Profile Governance

19 19 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication Certificate Based Authentication –Interoperability Lab

20 20 Step #1: User goes to Portal to select the AA and the CS Validation Service

21 21 Step #1: User goes to Portal to select the AA and the CS Local Validation

22 22 Step #4: The ST uses the validation service to validate the certificate Scheme Translator Certificates At Lower Assurance Applications

23 23 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach –Interoperability Lab Product Testing Technical Support CS / AA Testing

24 24 AAs CSs COTS (Commercial Off The Shelf) Product Testing –Scheme compliance –Interoperability

25 25 Assess COTS Interoperability Evaluate new Scheme against requirements Pilot Migrate, Translate, or Both. Adopt Scheme Adoption Lifecycle Start Product Testing –See List of Approved Vendors

26 26 COTS Product Testing –Certificate Validation

27 27 E-Authentication Architecture Evolution Architecture Working Group Evaluating Evolving Standards Scheme Translators

28 28 E-Authentication Interoperability Lab Technical Support –Interoperability Testing –SAML Conformance Testing –Acceptance Testing –Approved Product List –Cookbook / Recipes Extensive Experience in All These Areas

29 29 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach –Interoperability Lab

30 30 Resources http://www.cio.gov/eauthentication interoplab@enspier.com Additional Contacts Chris Louden - 703-299-3444 Chris.louden@enspier.com Andrew Chiu - 703-299-3444 Andrew.chiu@enspier.com Steve Lazerowich - 703-299-3444 Steve.lazerowich@enspier.com David Simonetti - 410-356-2260 David.simonetti@enspier.com

31 31 Contact Information I appreciate your feedback and comments. I can be reached at: Scott Lowry scott@enspier.com 202-236-8221

Download ppt "E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session."

Similar presentations

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.

NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management

Federal Identity Management
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.

1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.

E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
Intra-ASEAN Secure Transactions Framework Project Progress Report

Intra-ASEAN Secure Transactions Framework Project Progress Report
NIST E-Authentication Guidance SP 800-63 Fed-Ed Meeting June 16, 2004 Bill Burr

NIST E-Authentication Guidance SP Fed-Ed Meeting June 16, 2004 Bill Burr
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Similar presentations

Ads by Google