1 / 27

E  Authentication Federation The enabler of Electronic Government! presented to AIPC by Stephen A. Timchak June 12, 200

The E-Authentication Federation. E  Authentication Federation The enabler of Electronic Government! presented to AIPC by Stephen A. Timchak June 12, 2005. The Goal of E-Government.

hadar
Download Presentation

E  Authentication Federation The enabler of Electronic Government! presented to AIPC by Stephen A. Timchak June 12, 200

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The E-Authentication Federation EAuthenticationFederationThe enabler of Electronic Government!presented toAIPCbyStephen A. TimchakJune 12, 2005

  2. The Goal of E-Government Empower and enable citizens and businesses to manage their relationships with government on their terms in a secure online environment The Role of the E-Authentication Program Develop and implement an enterprise-wide E-Authentication strategy and solution that enables E-Government E-Authentication is a key component of the President’s Management Agenda

  3. President’s E-Gov Agenda Government to Citizen Government to Business Lead GSA Treasury DoED DOI Labor Lead GSA EPA Treasury HHS SBA DOC 1. Federal Asset Sales 2. Online Rulemaking Management 3. Simplified and Unified Tax and Wage Reporting 4. Consolidated Health Informatics (business case) 5. Business Gateway 6. Int’l Trade Process Streamlining 1. USA Service 2. EZ Tax Filing 3. Online Access for Loans 4. Recreation One Stop 5. Eligibility Assistance Online Cross-cutting Infrastructure:E-Authentication GSA Government to Govt. Internal Effectiveness and Efficiency Lead SSA HHS FEMA DOI FEMA OPM OPM OPM GSA OPM OPM GSA NARA 1. e-Training 2. Recruitment One Stop 3. Enterprise HR Integration 4. e-Travel 5. e-Clearance 6. e-Payroll 7. Integrated Acquisition 8. e-Records Management 1. e-Vital (business case) 2. Grants.gov 3. Disaster Assistance and Crisis Response 4. Geospatial Information One Stop 5. Wireless Networks

  4. The E-Authentication Initiative Strategy • Build the E-Authentication Federation • Government agencies rely on electronic identity credentials – such as PINS/user IDs/passwords/PKI certificates – issued and managed by other organizations within and outside the federal government • How do we do it? • Develop a federated identity authentication framework • Supporting secure online transactions • Reliant on existing trust relationships • COTS and standards-based with interoperable products, supporting multiple protocols

  5. Why Adopt a Federated Approach? • Migration of applications to the web has precipitated increasing need for secure authentication • Identity management now perceived as one of the major enterprise IT challenges • Industry best practices moving toward enterprise identity management solution (portal) and federated identity • Use of Federated Identity is Growing • According to Burton Group, more than 300 businesses deploying SAML-based federations this year

  6. An Example of Federation Maintenance Website

  7. Building the E-Authentication Federation Scheduled for Federation membership Q4 FY ’05 and beyond Agency Applications/ Identity Credential Issuers Business & Operating Rules Operational Infrastructure Complete Policy Technical Standards Complete FY 2004

  8. Approved E-Authentication Technology Providers Novell

  9. EAuthenticationFederation • The Federal Government agency application owners that have agreed to abide by a set of technical, policy, and business interoperability standards and agreements that serve to make identity portable across multiple domains • The private and public sector trusted Credential Service Providers that agree to abide by a set of technical, policy, and business interoperability standards and agreements that serve to make identity portable across multiple domains • Federation Management (E-Authentication PMO) that manages the technical, policy, and business rules that serve to make identity portable across domains

  10. Key Policy Considerations • For Governmentwide deployment: • No National ID • No National unique identifier • No central registry of personal information, attributes, or authorization privileges • Different authentication assurance levels are needed for different types of transactions • Authentication – not authorization • For E-Authentication technical approach: • No single proprietary solution • Deploy multiple COTS products –user’s choice • Products must interoperate together • Controls must protect privacy of personal information

  11. The Policy Foundation Is In Place • Policy infrastructure enables real business and trust– because it can be universally leveraged and accepted • Policy framework key to E-Authentication Federation context and cohesiveness • Policy framework necessary for: • Technical architecture and interoperability • Evaluation of identity credential issuers • Determination of assurance level requirements • Ease of contracting • Efficient, reusable business processes • Key policy/guidance documents & tools: • OMB M-04-04 • E-Authentication Risk and Requirements Assessment (E-RA) • NIST SP 800-63 • Credential Assessment Framework (CAF) Matching the right level of authentication to business risk

  12. The Technical/Architectural Framework Is In Place • Based on industry best practices • Open standards-based, federated identity management • Supported by interoperable products, providing choice and market-driven pricing • Supports the coexistence of multiple federated identity schemes • Provides for the management of transitive trust • Accommodates both low and high level credentials using SAML and PKI • Supports the introduction of other authentication techniques over time Interoperability among trusted identity credential issuers

  13. EAuth Portal EAuth Step-down Translator EAuth Validation Service EAuth Protocol Translator Federation Operations Starting Point Starting Point ICI Web Site Agency Application Web Site First Gov EAuth Apps First Gov Portal Starting Point

  14. Standing Up Federation Operations • Implementing a world-class operations capability, available 24x7x365 • Federation Contact Center (Help Desk) • Operations and maintenance of the portal, step-down translator(s), validation service and scheme translators • Client and production services Agency customers agreed that a well run operations capability was critical to the Federation’s success

  15. Governance: E-Authentication OversightMoving From Initiative to Federation E-Authentication Initiative Executive Steering Committee • 24 Cabinet Level Federal agency CIOs Venture capitalist perspective .. Proposed Uber Structure • Federation Board of Directors • User Groups • Vendor Council E-Authentication Federation

  16. Federation Membership RequirementsFor Identity Credential Issuers and Relying Parties (Agencies) Business & Operating Rules • Technology standards integrated with common business rules • Developing business agreements that govern membership in the E-Authentication Federation How we bind the trust that drives interoperability

  17. Identity Credential Issuers • The Federal Government does not want to be in the credential management business • Various commercial entities – insurers and other financial institutions – are natural trusted credential service issuers (CSIs) • WHO PROVIDES AUTHENTICATION TODAY? Look in your wallet – what credentials are you most likely to find? • A bank card • A health insurance card • School ID • A State Government-issued driver’s license or photo ID Citizen/business convenience and trust are key to selecting identity credential issuers

  18. Targeting Financial Institutions First • Authentication lies at the core of existing financial services products • Know-your-customer (KYC) required by law • Financial institutions own 3 powerful assets: • Trust • 90+% of the US population has banking relationship & 53M have bank-issued credentials (Pew) • Strongly authenticated identities • Law requires more than KYC – it requires that customers’ identities be protected

  19. Financial Institutions as Authenticators Chart Courtesy of Glenbrook Partners Trusted Identity: Hidden Value From Customer Appreciation

  20. The Credential Assessment Framework • Potential ICIs must participate in a credential assessment using the methodology defined in the Credential Assessment Framework • On site inspection • Credentialing procedures • Network and systems security • Overall risk management profile • Upon successful assessment, ICIs can be added to E- Authentication’s Trusted Identity Credential Issuer Listand to the E-Auth architecture (enabling acceptance of the credential by the Portal)

  21. Agencies Are CommittedMoving E-Gov’t Services Online For Business

  22. Agencies Are CommittedMoving E-Gov’t Services Online For Citizens

  23. Federation Acquisition Marketplace • Providing a “one-stop shop” for E-Authentication Federation products and services • Creating an “E-Authentication Federation Suite of Contracts” on Federal Supply Service (FSS) IT Schedule 70 • Available to states as well as Federal agencies • Will include: • Technology products • Architectural components • Credential services • Accredited providers of Smartcard/HSPD-12/FICC-mandated credentials and tokens

  24. E-Authentication Validated by Independent Report Burton Group, a respected IT research and advisory services firm, reports that E-Authentication: • Aligns with industry best practices • Provides flexible and pragmatic common approach to authentication • Efforts should continue and expand, with fine tuning “The E-Authentication Initiative’s goals are achievable. The anticipated benefits are real and far-reaching, and extend to end-users, governmental organizations, and commercial businesses alike. The E-Authentication Initiative is well-defined, flexible, technically sound, and employs industry best practices.” Burton Group Report on the Federal E-Authentication Initiative, 8/30/04

  25. Lessons Learned IT’S HARD!

  26. SUCCESS IS IN SIGHT!

  27. For More Information Phone E-mail Stephen A. Timchak Office: 703-872-8604 stephen.timchak@gsa.gov Project Executive E-Authentication Federation U.S. General Services Administration 2011 Crystal Drive, Suite 911 Crystal Park One Arlington, Virginia 22202 Website http://cio.gov/eauthentication

More Related