120 likes | 308 Views
NIH Interfederation Activities and Status: Federal PKI. Peter Alterman, Ph.D. Asst. CIO for E-Authentication, NIH and Chair, Federal PKI Policy Authority. NIH E-Authentication Initiative Goals.
E N D
NIH Interfederation Activities and Status: Federal PKI Peter Alterman, Ph.D. Asst. CIO for E-Authentication, NIH and Chair, Federal PKI Policy Authority
NIH E-Authentication Initiative Goals • Researchers use their institutional identity credentials to authenticate to NIH online applications and services • Build a reliable, secure, trusted IT infrastructure that supports e-authentication EDUCAUSE 2007
NIH E-Authentication Initiative Goals • Researchers use their institutional identity credentials to authenticate to NIH online applications and services • Build a reliable, secure, trusted IT infrastructure that supports e-authentication EDUCAUSE 2007
Current NIH Initiatives • Interfederated with InCommon higher education Identity Management Federation at OMB LOA 1: low/no risk applications put online and consume identity credentials issued by universities that are members of InCommon; • Extend interfederation agreement to OMB LOA 2 applications for universities that issue higher-assurance credentials under the InCommon Federation Silver program – for moderate risk applications (ETA 1/08); • Direct trust relationship with University of Texas System Public Key Infrastructure EDUCAUSE 2007
NIH Pilot LOA 1 Applications • NLM Proxy Redirector (initial application ) • Good Clinical Practice (GCP) • Community for Advanced Graduate Training (CAGT) • NIH Login/ADFS/MOSS integration (general collaboration) • More to follow EDUCAUSE 2007
NIH Pilot LOA 2 Applications • Electronic Research Administration (eRA) • caBIG data (via Grid interoperability?) • Firebird (FDA, SAFE, NIAID involvement) • More to follow EDUCAUSE 2007
End State for NIH • All NIH outward-facing, online apps risk assessed and credential LOA requirements determined • Credential validation infrastructure and/or linkages at production operational level • All NIH outward-facing, online apps connected to NIH Login front end with validation service enabling infrastructure (e.g., Shibboleth, etc.) • End State achieved… ??? EDUCAUSE 2007
Federal PKI Update EDUCAUSE 2007
SAFE Industry PKIs Fed PKI: View from 20,000 km Common Policy CA (HSPD-12) SSPs Serving all other Agencies CertiPathSSP (HSPD-12- comparable) FBCA CertiPath C4 Industry PKIs eGCA (3) EDUCAUSE 2007
SAFE Industry PKIs Fed PKI: View from 20,000 km DOD DHS NASA Commerce USPS USPTO HHS DOE IL DOJ State DOD/ECA GPO DOD/Interop Treasury Wells Fargo MIT LL UTexasSx Commercial “SSP-like” Common Policy CA (HSPD-12) Total: 15 – 20M users SSPs VeriSign Cybertrust ORC Treasury GPO Exostar Entrust/Cygnacom IdenTrusT? Serving all other Agencies FBCA CertiPath “SSP” (HSPD-12- comparable) State of VA first responders CertiPath C4 Industry PKIs Abbott Labs AstraZeneca Bristol-Myers Squibb Genzyme GlaxoSmithKline INC Research Johnson & Johnson Merck Pfizer Procter & Gamble Sanofi-Aventis TAP Pharmaceuticals Boeing Raytheon Lockheed Martin eGCA (3) ~ 500k users! EAF member CSPs TLS certs EDUCAUSE 2007
Interoperability Initiatives • CertiPath – Federal Bridge cross-certification complete • SAFE PKI Bridge and services – supporting digitally-signed electronic forms and document management • inCommon –assertion-based technology, LOA 1 & 2 – demonstration projects with NSF – interfederation with NIH NOW EDUCAUSE 2007
Resources • altermap@mail.nih.gov • http://csrc.nist.gov/pki • www.cio.gov/fpkipa • www.cio.gov/ficc • www.cio.gov/eauthentication • www.smartcardalliance.org EDUCAUSE 2007