Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Published byJulius Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of."— Presentation transcript:

1 1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy EDUCAUSE June 15, 2006

2 2 Federal Identity Management Initiatives Industry and EAI ID Federation/Authentication Alignment The Federal Government is seeking to align with industry in the following ways in order to meet the mandates for government- wide e-Authentication services:  Common trust framework for reciprocal trust  Common business & operating rules for business interoperability  Common technical infrastructure (i.e., architecture, protocols, data models, testing) for technical interoperability  Common business models for ID federation adoption/interoperability.

3 3 Federal Identity Management Initiatives Levels 1 & 2 CSPs Levels 3 & 4 CSPs FBCA X-Certification Levels 1 & 2 Online Apps & Services Levels 3 & 4 Online Apps & Services SDT A VERY Simplified View of the Federal EAI Architecture EAI SAML Trust List EAI SAML Trust List Banks Financial Inst. Universities Agency Apps Commercial CSPs CAF FBCA PKI Trust List FBCA PKI Trust List Digital Certificates SAML Assertions Federal Agency PKIs Other Gov PKIs Commercial PKIs PKI Bridges (HSPD-12) One-Time Passwords Multi-Factor Authentication PIN, Passwords User ID

4 4 Federal Identity Management Initiatives EAI/EAP Common Trust Framework 1. Establish & define authentication risk and assurance levels EAI: OMB M-04-04 - Established and defined 4 authentication assurance levels as Governmentwide policy EAP: Adopted OMB M-04-04 authentication assurance levels 2. Establish technical standards & requirements for e-Authentication systems at each assurance level EAI: NIST Special Pub 800-63 Authentication Technical Guidance – Established authentication technical standards at 4 established assurance levels EAP: Adopted NIST SP 800-63 standards 3. Establish methodology for evaluating authentication systems at each assurance level EAI: Credential Assessment Framework – Standard methodology for assessing authentication systems of credential service providers EAP: Service Assessment Criteria – Standard methodology for assessing authentication systems of credential service providers 5. Perform assessments and maintain trust list of trusted CSPs EAP: Trusted CSP List EAI: Trusted CSP List (pending) 6. Establish common business rules for approved CSPs EAI: EAI Federation Business Rules and Service Agreements EAP: EAP Business Rules and Agreements

5 5 Federal Identity Management Initiatives EAI/EAP Alignment EAI EAP Common Assurance Levels Common Authentication Standards Reciprocal CSP Trust Certifications Common Designated Assessors Common Business Rules Common Architecture Common Protocols Common Data Models 2004 2005 2006 2007 Joint Pilots And Projects CSP Assessments CSP Trust Lists 2008 Common Business Model EAI Projects EAP Projects

6 6 Federal Identity Management Initiatives Components of EAP Trust Framework in FiXs Pilot 1. Establish & define authentication risk and assurance levels EAP/FiXs: Adopted OMB M-04-04 authentication assurance levels 2. Establish technical standards & requirements for e-Authentication systems at each assurance level EAP: Adopted NIST SP 800-63 standards FiXs: Adopted NIST FIPS 201 standards 3. Establish methodology for evaluating authentication systems at each assurance level EAP: Service Assessment Criteria – Standard methodology for assessing authentication systems of credential service providers FiXs: Certification standards and security requirements 5. Perform assessments and maintain trust list of trusted CSPs EAP/FiXs: Trusted CSP Lists 6. Establish common business rules for approved CSPs EAP: EAP Business Rules and Agreements FiXs: FiXs Business and Operating Rules

7 7 Federal Identity Management Initiatives Core FiXs Pilot Objectives - EAP EAP ComponentFiXs Pilot ObjectiveTest Outcomes Business RulesDevelop FiXs Operating Rules for electronic authentication that satisfy terms and conditions of EAP Business Rules.  Adoption of EAP Business Rules by FiXs Federation through FiXs Operating Rules  Signed Agreements to follow Operating Rules by FiXs pilot participants Service Assessment Criteria Develop FiXs CSP (“Issuer”) Certification Procedures and Security Requirements that satisfy EAP SAC requirements.  Determination that FiXs Certification Procedures and Security Requirements satisfy EAP SAC requirements at assurance level 4.  Determination that FiXs Certification Procedures and Security Requirements satisfy EAI CAF requirements at assurance level 4. CSP Trust ListMake FiXs CSP (“Issuer”) certifications that satisfy EAP SAC requirements.  Determination that FiXs CSP “Issuer” certifications satisfy EAP SAC requirements at assurance level 4.  Establish EAP CSP Trust List to include certified FiXs Issuers  Determination that FiXs CSP “Issuer” certifications satisfy EAI CAF requirements at assurance level 4.  Inter-Federation acceptance of FiXS Issuer certifications by EAP and EAI.

8 8 Federal Identity Management Initiatives Pilot ComponentFiXs Pilot ObjectiveTest Outcomes Interoperable Technical Architecture Develop FiXs Technical Architecture that will interoperate with DoD and EAI technical architectures for e- Authentication.  Demonstrated interoperability of all aspects of e-Authentication transactions with FiXs pilot participants.  Demonstrated interoperability of all aspects of e-Authentication transactions with DoD and EAI.  Model technical architecture available for EAP use/adoption. Technical Interface Specifications Develop FiXs Technical Interface Specifications that permit interoperability in electronic authentication transactions and transaction data exchange with DoD and EAI.  Common FiXs technical specifications for FiXs global roll-out.  Demonstrated interoperability of all aspects of e-Authentication transactions and transaction data exchanges with DoD and EAI.  Model technical interface specifications available for EAP use/adoption. Operating Rules Develop FiXs Operating Rules that define the operational and transaction requirements for FiXs e-Authentication transactions.  Common FiXs operating Rules for FiXs global roll-out.  Signed Agreements to follow Operating Rules by FiXs pilot participants.  Model ID Federation Operating Rules available for EAP use/adoption. Registration, Enrollment and ID Verification procedures. Develop FiXs registration, enrollment and ID verification requirements/procedures that meet FIPS 201/HSPD-12 standards and requirements.  Registration, enrollment, ID verification, and cross-credentialing requirements & procedures for non-Federal identity verification that can be accepted as meeting FIPS 201/HSPD-12 standards.. FiXs Pilot Objectives - Expanded

9 9 Federal Identity Management Initiatives Cross-Federation Trust Certifications  FiXs trust certifications will be made at assurance level 4+, as FiXs will be certifying against FIPS 201/HSPD-12 standards/requirements.  EAP may determine to accept FiXs certifications as meeting EAP SAC level 4 authentication assurance  Federal EAI may determine to accept FiXs and/or EAP certifications as meeting EAI CAF level 4 authentication assurance FiXs Trust Certifications EAP Trust Certifications EAI Trust Certifications

10 10 Federal Identity Management Initiatives Federal Interoperability Lab  Tests interoperability of products for participation in e- Authentication architecture. Conformance testing to Fed e-Authentication Interface Specification Interoperability testing among all approved products  Currently 11 SAML 1.0 products on Approved Product List. See URL: http://cio.gov/eauthentication  Multiple protocol interoperability testing will be very complex  4 Products approved for PKI certificate path discovery & validation  GSA intends to continue to test architecture components for interoperability and capability to meet governmentwide use requirements

11 11 Federal Identity Management Initiatives And then there’s HSPD-12 … Homeland Security Presidential Directive 12 (HSPD-12): “Policy for a Common Identification Standard for Federal Employees and Contractors” Dated: August 27, 2004

12 12 Federal Identity Management Initiatives IDM Policy and Acquisition Landscape Key governmentwide initiatives have established program, policy, and technical requirements for authentication and identity management. GSA Is establishing “approved products/services” for each authentication service line based on compliance with established requirements. Consolidate multiple offerings of Identity Management products & services from GSA acquisition schedules and GWACs onto IT Schedule 70, SIN 132-60, Authentication Products and Services Authentication service lines on SIN 132-60 include: ACES PKI Shared Service Providers (HSPD-12) PIV Service Components (HSPD-12) PIV Integrators (HSPD-12) Approved FIPS-201 Products and Services (HSPD-12) E-Authentication Architecture Components. All require active program management to ensure compliance with program requirements and keep pace with marketplace changes.

13 13 Federal Identity Management Initiatives OMB Guidance – Key Points OMB Guidance for HSPD-12 - M-05-24: To ensure government-wide interoperability, agencies must acquire only products and services that are on the approved products list Agencies must include language implementing the FIPS 201 Standard in applicable new contracts GSA is designated the “executive agent for Government-wide acquisitions of information technology" for the products and services required by HSPD-12 GSA will make approved products and services available through blanket purchase agreements under IT Schedule 70 GSA will ensure all approved BPA suppliers provide products and services that meet all applicable federal standards and requirements http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf

14 14 Federal Identity Management Initiatives GSA’s Role Establish interoperability and common performance testing to meet NIST standards Compliance for GSA contractors (e.g., cleaning, maintenance, etc.) Award SIN 132-62 listings as approved products and services become available Establish Approved Products Lists for product categories requiring FIPS 201 compliance Provide full-range of qualified products and services to meet Agency implementation needs

15 15 Federal Identity Management Initiatives HSPD-12 Service Components Enrollment Service Provider Systems Infrastructure Provider Production Service Provider Finalization Service Provider Agency PACS Enrollment Data IDMS CMS Card Printing Inventory, Distribution Card Data Cards issued and Activated Enrollment/registration Stations & managed service Services inside dotted rings may be provided as shared infrastructure. FPKI SSP FPKI SSP & FBCA Cross-certified PKI Agency LACS Card Management Services

16 16 Federal Identity Management Initiatives For More Information ● Visit our Websites: http://www.idmanagement.gov http://www.cio.gov/eauthenticationwww.cio.gov/eauthentication http://www.cio.gov/ficcwww.cio.gov/ficc http://www.cio.gov/fbcawww.cio.gov/fbca http://www.cio.gov/fpkipawww.cio.gov/fpkipa http://www.cio.gov/fpkiscwww.cio.gov/fpkisc http://www.smart.gov/www.smart.gov/ ● Or contact: David Temoshok Director, Identity Policy and Management 202-208-7655 david.temoshok@gsa.gov

Download ppt "1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of."

Similar presentations

Single Sign-On and Federated Authentication at NIH and Beyond

Single Sign-On and Federated Authentication at NIH and Beyond
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management

Federal Identity Management
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
FICAM Testing Program For more information, please contact GSA-FICAM- The FIPS 201 Evaluation Program is now the FICAM Testing.

FICAM Testing Program For more information, please contact GSA-FICAM- The FIPS 201 Evaluation Program is now the FICAM Testing.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Similar presentations

Ads by Google