120 likes | 140 Views
Enhancing mutual trust for electronic interactions, minimizing burdens on public, and delivering common authentication solutions. Authentication gateway simplifies interoperability with trusted credentials. The U.S. e-Authentication Gateway - a provider of validation services for e-Gov initiatives. Research shows evolving industry trends towards open standards and multi-enterprise solutions. Gateway prototype operational in test environment. Collaboration with higher education for grant applications. Contact Dr. Peter Alterman for more information.
E N D
U.S. Federal e-Authentication Initiative Peter Alterman, Ph.D. Senior Advisor to the Chair, US Federal PKI Steering Committee TERENA 2003
U.S. e-Authentication InitiativeGoals: • Tobuild and enable mutualtrust needed to support wide spread use of electronic interactions between the public and Government, and across Governments • Tominimize the burden on the public when obtaining trusted electronic services from Government agencies • To deliver common interoperable authentication solutions, ensuring they are appropriate matches for the levels of risk and business needs of each e-Government initiative TERENA 2003
The Challenge to Interoperability Authentication interoperability becomes much more complex as the number of credential providers and relying parties increases. TERENA 2003
The Need for the Authentication Gateway Credential Providers Authentication Gateway Relying Parties • The Authentication Gateway simplifies interoperability: • Common way to determine and validate “Trusted” credentials • “Common Rules” for Agreements among Gateway, Agencies and Credential Providers. TERENA 2003
Defining the Need Signature Required Identity Verification Required High Risk e-Gov Initiatives Low Risk Identity Verification Not Required Personal Information Change Request Benefits Application General Information Proprietary Information Privilege Management
A Vision for the Future Business Agent Citizen Direct Access Capability Preserved State or Federal Government Academia Health Care Credential Providers Identity Verification Not Required Identity Verification Required Credential Validation Process eAuthentication Gateway Federal Agency Relying Parties TERENA 2003
The U.S. e-Authentication Gateway • Is not: • An issuer of ID credentials • A collector of personal information • A repository of information • The Federal Bridge Certification Authority • e-Security • Is: • A provider of validation services for multiple forms of ID credentials • A source of risk/assurance levels for multiple forms of ID credentials • Available for all e-Gov initiatives TERENA 2003
Status of U.S. e-Authentication Program • R&D has shown that the E-Auth industry is currently: • Enterprise-based rather than inter-enterprise • Centrally managed rather than distributed • Proprietary solutions rather than open • Priced for the enterprise rather than multi-enterprise • The RFI responses and other research has shown that the E-Auth industry is: • Adopting federated solutions • Evolving to distributed management • Utilizing open standards • Adapting pricing to multi-enterprise solutions • Agency E-Gov systems are becoming ready to utilize a common open, standards-based e-Auth infrastructure TERENA 2003
U.S. e-AuthenticationMessage to Government: • Prototype Gateway is operational in a test environment as of 9/30/02 • It will undergo a delta certification and accreditation (C&A) for live transactions by 01/06/03 • Gateway will provide authentication and verification services to the 24 e-Gov initiatives • Gateway will provide authentication services across Government lines of business TERENA 2003
U.S. e-Authentication and Higher Education: • E-Grants project will create standard XML objects to assemble various grant application “forms” • Universities will fill out forms locally and upload them to the e-Grants site • Extended NIH-EDUCAUSE PKI Interoperability Pilot Project will: • Use e-Grants XML forms • Incorporate the e-Authentication Gateway into the certificate validation path • Demonstrate alternate signing and authZ approaches TERENA 2003
U N V E R S T Y HEBCA CA - Research Institution E-Authentication Gateway Digitally Signed Grant App. FBCA I B M Audit Log (NARA) Simplified Concept of Operations Validate certs Receipt and Authorization Server Agency Back End Processing TERENA 2003
Contact Information • Dr. Peter Alterman, Assistant Chief Information Officer for Electronic Authentication, NIH • Peter.alterman@nih.gov • Deborah Blanchard, Project Manager, Digital Signature Trust / Identrus • dblanchard@trustdst.com TERENA 2003