1 / 10

Global Federated Identity & Privilege Management GFIPM

Understand the concept of federated identity management and how it allows organizations to trust, authenticate, and authorize users from other trusted identity providers. Explore the benefits and adoption of open standards in the global federated identity and privilege management.

newland
Download Presentation

Global Federated Identity & Privilege Management GFIPM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. United States Department of Justice Global Federated Identity &Privilege ManagementGFIPM John Ruegg, Director LA County ISAB

  2. What is Federated Identity Management? You trust another organization to Identify their users and Authenticate them before they can connect to your System. A Trusted Identity Provider (IDP) Your System relies on the Identity Information provided from the IDP to make access and authorization decisions. (relying Service Provider (SP) IDP’s and SP’s have mutual technical and policy obligations to meet for participation in the Federation.

  3. FBI CJIS Systems - A Federated Identity Management Model FBI trusts your organization to Identify your users and Authenticate them before they can connect to the CJIS Systems. The Trusted Identity Provider (IDP) is {CJIS Control Terminal Officer CTO} FBI {CJIS Systems} relies on the Identity Information provided from your {CTO} IDP to make access and authorization decisions. (relying Service Provider (SP) IDP’s and SP’s have mutual technical and policy obligations in the Federation. {CJIS Policy}

  4. Justice XML NIEM Inside Inside

  5. Benefits of Federated Identity Management Local Organization provides Identity Management System (IDP) using local authentication methods Many Commercial products have adopted Federated Identity open standards which GFIPM is utilizing Identity information is communicated over the network via a standard GFIPM justice identity credential

  6. Benefits of Federated Identity Management Eliminate multiple userid/passwords and security tokens Only grant access to your system for users who authenticate first to a trusted Identity Provider (IDP) GFIPM enabled systems always get current identity information via the GFIPM justice identity credential – no requirement to manually register/maintain users Changes in user status (job role, retire, etc) only needs to be updated once at the local IDP system

  7. RISS GFIPM Federation (Single Sign-on SSO) HSIN One DOJ Internet Fusion Center A 7

  8. Response message Content metadata Request message GFIPM credentials PEP PDP Audit trail Obligations Electronic policy statements (dynamic, federated) Written policy Environmental conditions Security & Privacy Policy Enforcement Actions: release, modify, access, delete, … PEP: Policy Enforcement Point PDP: Policy Decision Point 8

  9. Early Adopters of GFIPM Live in Production RISSnet – Intelligence Pennsylvania JNET- criminal justice information CisaNet – Southwestern States Intelligence Under Development LA County – local Criminal History San Diego County – ARJIS criminal justice information Southern Shield – 14 States Fusion Centers Connect Project – 8 States portals and federated query services OneDOJ – Access to Federal Information Resources OneDHS – Access to DHS resources

  10. Benefit of Open Standards Adoption • RSA Conference, April 6, 2008 – 7 Vendors Products Interoperability Demonstration • "We're pleased to work with OASIS on addressing the very sensitive issues related to the access of patient information," said John (Mike) Davis, standards architect with the VHA Office of Information in the Department of Veterans Affairs, and a member of the HITSP Security, Privacy and Infrastructure Technical Committee. "XACML helps ensure that patients, physicians, hospitals, public health agencies and other authorized users share critical information appropriately and securely."

More Related