Customer Advisory Board Single Sign on

1
Customer Advisory BoardSingle Sign on

• April 26, 2007

2
Agenda

• Scope of Single Sign on
• Single Sign on Where we were
• Single Sign on Today
• Single Sign on Where Were going
• Single Sign on Challenges
• SiteMinder
• Portal

3
Single Sign On (Scope)

• Integrate all FMS applications so users only need
  to authenticate with one identity.
• Provide the capability for users to seamlessly
  navigate between FMS applications at the same
  assurance level.
• Provide the capability for users to possess
  different levels of authentication credentials
  based on the assurance levels of the applications
  they access.
• Position FMS to be able to integrate with the
  eAuthentication initiative in the future.

4
Single Sign On - Vision

• One set of credentials FMS account and
  authentication factors (password, PKI
  certificate, biometric).
• Enable authentication independent of application
  technology.
• Self-registration for an FMS account.
• Standard FMS application access request
  processes.
• Standardizing and centralizing common security
  controls such as user account management,
  password management, audit logging, etc.
• Compliance with the Presidents Management Agenda
  and the eAuth Initiative.
• Support of PIV / HSPD 12 initiative.

5
Single Sign On Where We Were

• Multiple IDs and passwords multiple logons.
• Various methods of requesting application access
  often manual.
• Application-controlled user account management,
  password management, access approval,
  recertification, etc.
• Separate authentication mechanisms.

6
Single Sign On - Today

• Standard FMS User ID.
• Standard authentication scheme for web-based
  applications.
• Developing standard password management.
• FMS Internet Web Architecture (FIWA) at HROC
  (production) and KROC (pre-production).
• Integrated Directory Services (LDAP) in pre-prod
  and Production environments between TWAI, BPD and
  KROC.
• Integration of the SiteMinder authentication
  components.

7
Single Sign On Where Were Going

• User self-registration via the Internet.
• Standard PKI authentication via SiteMinder.
• Federated eAuth transactions.
• Automated processes for delegated application
  access approval and delegated user
  recertification.
• Migration of existing web application users from
  old Directory architecture to the new Directory
  architecture.

8
Single Sign On Major Challenges

• Changing the FMS approach to identity management,
  authentication and access control
• From inconsistent and dispersed
  application-centered architecture and processes.
• To common, enterprise-wide, shared services.
• Implementing functionality that is mutually
  supportive of the various user communities
• FMS users
• Federal Agency users
• Large organization users (financial institutions,
  state govts., etc.)
• Private sector users
• Public citizens

9
Single Sign On Major Challenges

• IT policies and standards that are struggling to
  keep pace with web-based technology and services.
• Deployment and integration of leading edge
  technical components across multiple platforms
  and environments.
• Integrated and dispersed project teams requiring
  the coordination of numerous individuals at
  various organizations.
• Balancing the benefits of doing business on the
  web (ease of use, ease of access) with security
  risks (internet hacking, identity theft).

10
SiteMinder Integration - Today

• SiteMinder has been successfully integrated in
  the TWAI QA and HROC Pre-Prod environments
• Accomplishments
• SiteMinder versions 6.0 SP4
• Connectivity from FMS and the TWAI for policy
  store replication
• Integrated Key Stores
• Integrated Policy Stores
• SiteMinder policy standards documents
• Implemented New naming standards
• Eliminated duplicate object class
• Modified SiteMinder policies for integrated LDAP
  directory
• Multiple applications are currently running in
  the integrated environment

11
SiteMinder Integration Where Were Going

• Integrated SiteMinder in TWAI (EROC and Dallas),
  FMS (HROC and KROC) Production and will Integrate
  BPD at the end of this Quarter.
• Action Plan
• Upgrade SiteMinder versions to 6.0 SP5 in all
  Production Environments
• Implement New naming standards
• Deploy common look and feel screens
• Implement SSL between the SiteMinder Servers and
  the LDAP
• Implementing Monitoring to be proactive in
  reporting outages
• Activity Reporting
• Roll-out SiteMinder Federated Web Services

12
FMS Portal

• The FMS Portal will serve as the entry point for
  all FMS applications.

Trusted Agency Users
FMS Application 1
FMS Application 2
FMS SSO
FMS Employees
FMS Application 3
External Users
13
FMS Portal

• Status
• Research in progress to determine portal platform
  and software.
• Oracle, BEA, IBM, PlumTree, and Sun presented
  demos of their products.
• In progress of evaluating Portal Software in the
  lab.

14
FMS Portal

• Next Steps
• Continue evaluating software in the lab.
• Identify user community representatives to
  determine requirements for the Portal look and
  feel.
• Hold meeting to discuss findings from Portal
  research and demonstrations, and provide a
  recommendation.
• Present recommendation for Portal Software.