1 / 15

NIH iTrust

NIH iTrust. Peter Alterman/Debbie Bucci National Institutes of Health October 2010. Federal Agency Business Needs. Implement SSO across an entire agency or department Implement federated SSO across multiple organizations Reduce IT expenses associated with custom solutions

makani
Download Presentation

NIH iTrust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010

  2. Federal Agency Business Needs Implement SSO across an entire agency or department Implement federated SSO across multiple organizations Reduce IT expenses associated with custom solutions Meet federal mandates regarding PIV/CAC Promote both interoperability and standards Align with FICAM’s IdM reference segment architecture Implement a turnkey solution in a timely manner

  3. Federal Mandates Mandates for Federated Authentication and Personal Identity Verification (PIV) Card and Common Access Card (CAC) across the Federal Government: HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors” FIPS 201-1 “Personal Identity Verification of Federal Employees and Contractors” NIST SP-800-63 “Electronic Authentication Guideline” OMB M-04-04 “E-Authentication Guidance for Federal Agencies” OMB M-06-16 “Protection of Sensitive Agency Information”

  4. NIH iTrust • Enterprise web single sign-on (SSO) and federation services • In production since 2003 (as NIH Login) • Over 35,000 NIH users, 238 applications, 588 URLs • Over 2.4 million transactions per day • Supports Personal Identity Verification (PIV) Cards

  5. Federated View

  6. Federated Authentication at NIH General Services Administration Trust framework provider Private-sector identity providers Assessors& auditors Disputeresolvers U.S. Government websites User

  7. Federated Authentication at NIH General Services Administration Trust framework provider Universities Assessors& auditors Disputeresolvers U.S. Government websites User

  8. Federated Authentication at NIH Trust Framework Provider: Federal PKI Architecture U.S. Government websites Federal Agencies Assessors& auditors Disputeresolvers InCommon Federation Provider websites User

  9. Current Integration Projects NIH eVIP (electronic Vendor Invoicing Program) NIH eRA (electronic Research Administration) National Library of Medicine PubMed Database HHS Healthcare Reform Implementation Tracking Tool (HRITT) National Interagency Confederation for Biological Research (NICBR)

  10. NIH iTrust Technology • CA SiteMinder web access management system • User authentication and secure Internet SSO • Policy-driven authorization and federation of identities • Complete auditing of all access to the application • Configuration to support SAML 1.1 and 2.0, OpenID 2.0, and X.509 (PIV and PKI) credentials • Cross-certified with the Federal PKI architecture • NIH iTrust has 99.95% availability 24 x 7 x 365 • Windows and Unix servers in the highly secure NIH Data Center in Bethesda, MD • Dedicated production servers and off-site failover capabilities

  11. Internet NIH iTrust Agency Application (without 3rd party agent) Select IDP Link HTTP Headers NIH Reverse Proxy Link Cache AuthZ SOAP Federation Links Identity Provider Listing Service SAML OpenID User Credential Identity Provider NIH Assertion/Token Consumer

  12. Collaborative SharePoint Relying Party (RP) WS-Trust User/Browser Identity Provider (IdP) NIH SAML Internet rp1.consortium.gov/site1 (IIS) PIV Cert SAML A/D Idp1.nih.gov Other IdP NTLM WS-Trust rp-sts.consortium.gov (ADFS 2.0) PIV Cert WS-Trust idp2.theirdomain.com rp2.consortium.gov/site2 (SharePoint 2010)

  13. Vendor Invoicing Identity Provider (IdP)(OIX Certified) Relying Party (RP) • User attempts to access LOA 3 Invoice1 resource. • 2-4. The user authenticates to Invoice1 using their PayPal information card • Invoice1 verifies the user is a trusted role using the CCR SOA service CCR SOA SVC Internet 5 Equifax Invoice1 4 3 1 PayPal RSTR WS-Trust SAML SAML 2 WS –TrustRST HTML Object Tag InformationCard WS-SecurityPolicy User/Browser/Card Selector

  14. NIH iTrust Demo • Clinical and Translational Science Awards (CTSA) Wiki • http://www.ctsaweb.org/federatedhome.html • My NCBI (PubMed/Medline access) • http://www.ncbi.nlm.nih.gov/sites/myncbi/

  15. For Further Information Debbie Bucci Manager, Integration Services Center Division of Enterprise and Custom Applications Center for Information Technology National Institutes of Health Debbie.Bucci@nih.gov NIH Integration Services Center NIHISCSupport@mail.nih.gov

More Related