Presentation is loading. Please wait.

Presentation is loading. Please wait.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

Published byDoris Bethanie Perkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011."— Presentation transcript:

1 Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011

2 Other GFIPM Activity Threads NCSC/GBI XACML Sample Implementation Privacy Policy Framework Implementer Guide GFIPM/BAE Interoperability Pilot SAML Holder-of-Key Profile Implementation CONNECT Consortium Update (Rob Kribs)

3 NCSC/GBI XACML Sample Implementation Status Update

4 NCSC/GBI XACML Sample Implementation Funded via BJA grant to NCSC – Period of Performance: Mid 2010 to EOY 2011 Goal: Demonstrate the use of an externalized access control mechanism with an existing law enforcement info sharing system – Integrate XACML with GBI JIMnet test instance – Implement info sharing policies from GBI Directive 7-6 Work Products: – GBI rules expressed in XACML – Identification of potential new GFIPM attributes – “XACML-enablement” prototype of GBI JIMnet Also conformant to GFIPM web services spec

5 JIMnet Architecture

6 Prototype Architecture with XACML and GFIPM Web Services

7 NCSC/GBI Project Final Report Draft submitted to NCSC on 11/1 Final draft to be complete by EOY 2011

8 Privacy Policy Framework Implementer Guide Status Update

9 Privacy Policy Framework Implementer Guide Funded via BJA grant to NCSC – Period of Performance: Late 2011 to Mid 2012 – Follow-on to GBI XACML implementation work Goal: Develop an implementer guide/tutorial for implementing a XACML-based authorization/privacy framework – Will include implementation exercises, sample code/solutions, etc. Currently in early phase

10 Privacy Policy Framework Implementer Guide TOC

11 GFIPM/BAE Interoperability Pilot Status Update

12 HSPD-12 Back-End Attribute Exchange Supports operation of PIV and PIV-I cards Supports operation of PIV and PIV-I cards Personal ID card with embedded crypto token Personal ID card with embedded crypto token Delivers additional attributes not on cards Delivers additional attributes not on cards Protocol spec and system implementation Protocol spec and system implementation Uses SAML 2.0 Attribute Query Profile Uses SAML 2.0 Attribute Query Profile Technical support provided by JHUAPL Technical support provided by JHUAPL BAE defines ~35 data attributes about users BAE defines ~35 data attributes about users Already reconciled with GFIPM Metadata 2.0 Already reconciled with GFIPM Metadata 2.0

13 GFIPM/BAE Interoperability Pilot Pilot project initiated in mid-2010 Pilot project initiated in mid-2010 Use Case: BAE user accesses GFIPM resource Use Case: BAE user accesses GFIPM resource 1.BAE user authenticates to GFIPM IDP (TIB) 2.GFIPM IDP collects BAE user attributes This is the primary GFIPM/BAE integration point This is the primary GFIPM/BAE integration point 3.GFIPM IDP translates BAE attrs to GFIPM attrs Mapping from BAE to GFIPM attrs already exists Mapping from BAE to GFIPM attrs already exists 4.GFIPM IDP sends SAML assertion to GFIPM SP 5.BAE user accesses GFIPM resource

14 Proposed GFIPM/BAE Use Case GFIPM Relying Party GFIPM Relying Party Trusted Identity Broker Authoritative Attribute Source 1 Authoritative Attribute Source 2 Authoritative Attribute Source 3 Virtual/Met a Directory State & Local Agency Attribute Service XML Security Gateway (BAE) User with PIV or PIV-I Card

15 GFIPM/BAE Pilot Status Held initial technical discussions with JHUAPL Held initial technical discussions with JHUAPL GTRI is prototyping the GFIPM components GTRI is prototyping the GFIPM components Will connect to existing BAE test-bed Will connect to existing BAE test-bed BAE client-side software does not exist BAE client-side software does not exist Must perform SAML attr query over web svcs Must perform SAML attr query over web svcs GTRI will develop it using GFIPM WS sample code GTRI will develop it using GFIPM WS sample code Timeline is TBD Timeline is TBD Gated in 2011 due to GFIPM WS development Gated in 2011 due to GFIPM WS development Sought funding in 2010 – not a high priority then Sought funding in 2010 – not a high priority then

16 SAML Holder-of-Key (HoK) Profile Implementation Status Update

17 SAML Holder-of-Key (HoK) Profile Extension to the core SAML spec – OASIS Committee Specification (not ratified yet) – No implementations available yet Enables NIST level of assurance 4 (LOA-4) – LOA-4 requires direct authentication with RP – Traditional SAML provides assertion only – SAML HoK provides hybrid direct authn/assertion Plan: Seek funding to extend Shibboleth w/ HoK – Most groups using SAML don’t need LOA-4 authentication – Justice community requires it for some data exchanges Current Status: on hold pending demand/funding

Download ppt "Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011."

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.

Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.

A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
1 1 GFIPM Enabling Federated Identity and Single Sign-on John Ruegg LA County Information Systems Advisory Body June 11, 2014.

1 1 GFIPM Enabling Federated Identity and Single Sign-on John Ruegg LA County Information Systems Advisory Body June 11, 2014.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Componentization of FICAM TFS into Trustmarks Sample FICAM Trustmark Definition Overview of Trustmark Issuance and Binding Agenda.

Componentization of FICAM TFS into Trustmarks Sample FICAM Trustmark Definition Overview of Trustmark Issuance and Binding Agenda.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
GFIPM Web Services Implementation Status Update GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Implementation Status Update GFIPM Delivery Team Meeting November 2011.
GFIPM Deliverables Overview GFIPM Delivery Team Meeting November 2011.

GFIPM Deliverables Overview GFIPM Delivery Team Meeting November 2011.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
This presentation was prepared by Georgia Tech Research Institute using Federal funds under award 70NANB13H189 from National Institute of Standards and.

This presentation was prepared by Georgia Tech Research Institute using Federal funds under award 70NANB13H189 from National Institute of Standards and.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.

1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.
Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google