190 likes | 303 Views
E-Authentication: A Federated Approach to Identity Management December 2004. Government Services Must Be Available Online.
E N D
E-Authentication:A Federated Approach to Identity ManagementDecember 2004
Government Services Must Be Available Online • E-Authentication provides a blueprint for online identity validation that will enable the American public to access government services in a secure, trusted environment with credentials of their choosing E-Authentication Enables E-Government
What are the Goals of the Initiative? • Build and enable mutual trust needed to support wide-spread use of electronic interactions between the public and Government • Minimize the burden on the public when obtaining trusted electronic services from the Government • Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs The Result: Businesses & individuals will be empowered to conduct business with Government at all levels using e-identity credentials provided by trusted institutions
The Concept of E-Authentication Step 1 Step 2 Step 3 Application User Agency Application Credential Service Provider Access Point • Step 2: • User is redirected to selected credential service provider • If user already possesses credential, user authenticates • If not, user acquires credential and then authenticates Step 1: At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider Step 3: Credential service hands off authenticated user to the agency application selected at the access point
Critical Elements of E-Authentication • POLICY • Governance • Certification • Liability • Business Model • Dispute resolution • APPLICATIONS • 6500 G2B & G2C applications • Gov’t Paperwork Elimination Act • OMB mandates • TECHNOLOGY • Federated model • Standards based • COTS based • Flexible, scalable • Extensible • CREDENTIAL SERVICE PROVIDERS • Federal agencies • Financial institutions • Health care providers • State governments
Issue:How to Fulfill the Demand for Authentication Across the Federal Government Enterprise The OnLine Marketplace • Business and Government moving in the same direction • Services online to • Increase accessibility to customer • Streamline processes • Reduce costs • Improve customer satisfaction Broadening to Transactions of Value to Consumers, Businesses and Government Shopping Online
Electronic Government is Evolving • Currently, in e-government transactions, the Federal government is the provider of the identity credential • As e-government evolves, the government intends to get out of the credential management business, and focus on the applications • Enabling industry to provide identity credentials: • Eases the burden of doing business with consumers and business • Takes government out of the credential issuance/management business • Allows government to leverage authentication work done by others
Why is E-Authentication Engaging Commercial Entities? • Because the Federal Government does not want to be in the credential management business, and certain commercial entities – like insurers and other financial institutions – are natural credential service providers (CSPs) • Look in your wallet – what 3 credentials are you most likely to find? • A credit card/bank card • A health insurance card • A State Government-issued driver’s license or photo ID Consumer convenience and trust are key to selecting credential service providers
CSP CSP CSP CSP CSP CSP CSP CSP E-Authentication Federated Identity Model E-Authentication (Agency Apps) Consumers Businesses
Who Can Be in the Trust Network? Governments Federal States/Local International Travel Industry Airlines Hotels Car Rental Trusted Traveler Programs Trust Network Higher Education Universities Higher Education PKI Bridge E-Commerce Industry ISPs Internet Accounts Credit Bureaus eBay Financial Services Industry Home Banking Credit/Debit Cards Insurance Healthcare American Medical Association Patient Safetty Institute Absent a National ID and unique National Identifier, the E-Authentication initiative will approve trusted credentials/providers at determined assurance levels.
Developing a Service • FSTC • Working with 5 of the top 10 banks and investment institutions • Jointly developing the business model for identity verification services • Shibboleth • Analyzing the policy and technical gaps • Credential Assessments scheduled with three universities • Pilot opportunities with National Park Service • State Governments • Aligning with the E-Authentication model • Adopting the E-Authentication framework • Serving as a credential service provider • Becoming a relying party
The Electronic Authentication Partnership Interoperability for: Commercial Trust Assurance Services Federal Government • Policy • Authentication • Assurance levels • Credential Profiles • Accreditation • Business Rules • Privacy Principles IDP IDP IDP State/Local Governments Policy, Technical, & Business Interoperability • Technology • Adopted schemes • Common specs • User Interfaces • APIs • Interoperable • COTS products • Authz support RP IDP RP RP Industry Common Business and Operating Rules http://www.eapartnership.org/
E-Authentication Validated by Independent Report • Burton Group, a respected IT research and advisory services firm, reports that E-Authentication: • Aligns with industry best practices • Provides flexible and pragmatic common approach to authentication • Efforts should continue and expand, with fine tuning “The E-Authentication Initiative’s goals are achievable. The anticipated benefits are real and far-reaching, and extend to end-users, governmental organizations, and commercial businesses alike. The E-Authentication Initiative is well-defined, flexible, technically sound, and employs industry best practices.” Burton Group Report on the Federal E-Authentication Initiative, 8/30/04
For More Information Phone E-mail Sharon Terango 703-872-8619 Sharon.Terango@gsa.gov Credential Assessment Mgr. Websites http://cio.gov/eauthentication http://www.eapartnership.org/ http://cio.gov/fpkipa
Progress to Date • Interoperable Products • 9 Approved products currently include Entegrity,Entrust,Hewlett-Packard, IBM,Netegrity, Oblix, RSA, Sun and Trustgenix • Multiple other products are in test in the Initiative’s Interoperability Lab • Credential Service Providers • 16 CSPs currently on the E-Authentication Federal Trust List • 8 Level 3 CSPs and 3 Level 4 CSPs (PKI) • 2 Level 2 CSPs and 3 Level 1 CSPs (Password) • Upgraded OPM Employee Express to Level 2 - 1.2 million Federal Employees soon able to use on eTravel • Applications • All E-GOV Presidential Initiatives have completed Risk Assessments • Production with Integrated Acquisition Environment - eOffer and FedTEDS tools • Completed pilot with Grants.gov and finalizing production plans • Demonstrated progress on six additional agency pilots