The Federal EAuthentication Initiative David Temoshok Director, Identity Policy GSA Office of Govern - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

The Federal EAuthentication Initiative David Temoshok Director, Identity Policy GSA Office of Govern

Description:

Travel Industry. Airlines. Hotels. Car Rental. Trusted Traveler Programs ... Business relationship costs ... and administers common business rules for the ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 16
Provided by: linda484
Category:

less

Transcript and Presenter's Notes

Title: The Federal EAuthentication Initiative David Temoshok Director, Identity Policy GSA Office of Govern


1
The Federal E-Authentication Initiative David
Temoshok Director, Identity PolicyGSA Office of
Governmentwide Policy
The E-Authentication Initiative
February 12, 2004
2
The Starting Place Key Policy Points
  • No National ID.
  • No National unique identifier.
  • No central registry of personal information,
    attributes, or authorization privileges.
  • Different authentication assurance levels are
    needed for different types of transactions.

3
E-Authentication Goals
  • Build and enable mutual trust needed to support
    wide spread use of electronic interactions
    between the public and Government, and across
    Governments
  • Minimize the burden on public when obtaining
    trusted electronic services from the Government,
    and across the governments
  • Deliver common interoperable authentication
    solutions, appropriately matching the levels of
    risk and business needs

4
E-Authentication Key Building Blocks
Tech Specs
Adopted Federated Identity Schemes
Other
SAML
PKI
E-RA, PIA, and C A reviews
Accredited CSP Trust List
CAF
OMB-04-04 e-Authentication Guidance for Federal
Agencies
NIST Spec Pub 800-63 Recommendation for
Electronic Authentication
E-Authentication Mission
Strategic Business Finance Plans
5
Central Issue with Federated Identity Who do
you Trust?
Governments Federal States/Local International
Travel Industry Airlines Hotels Car
Rental Trusted Traveler Programs
Trust Network
Higher Education Universities Higher
Education PKI Bridge
E-Commerce Industry ISPs Internet
Accounts Credit Bureaus eBay
Healthcare American Medical Association Patient
Safetty Institute
Financial Services Industry Home
Banking Credit/Debit Cards
Absent a National ID and unique National
Identifier, the e-Authentication initiative will
establish trusted credentials/providers at
determined assurance levels.
6
The Need for Federated Identity Trust and
Business Models
  • Technical issues for sharing identities are being
    solved
  • Trust is critical issue for deployment of
    federated identity
  • Federated ID networks have strong need for trust
    assurance standards
  • How robust are the identity verification
    procedures?
  • How strong is this shared identity?
  • How secure is the infrastructure?
  • Common business rules are needed for federated
    identity to scale
  • N2 bi-lateral trust relationships is not a
    scalable business process
  • Common business rules are needed to define
  • Trust assurance and credential strength
  • Roles, responsibilities, of CSPs and relying
    parties
  • Liabilities
  • Business relationship costs
  • Federal e-Authentication Initiative will provide
    trust framework to integrate (policy, technology,
    business relationships) across disparate and
    independent identity systems

7
Authentication Assurance Levels
M-04-04E-Authentication Guidance for Federal
Agencies establishes 4 authentication assurance
levels
NIST SP800-63 Electronic Authentication NIST
technical guidance to match technology
implementation to a level
8
OMB Authentication Guidance
  • M-04-04 Signed by OMB Director on 12/16/2003
  • Supplements OMB Guidance on implementation of
    GPEA
  • Establishes 4 identity authentication assurance
    levels
  • Requires agencies to conduct e-authentication
    risk assessments

Result A more consistent application of
electronic authentication across the Federal
Government
9
NIST SP 800-63 Recommendation for Electronic
Authentication
  • Maps to OMB E-Authentication guidance
  • Covers conventional token based remote
    authentication
  • May be additional guidance on knowledge based
    authentication
  • Draft for comment at http//csrc.nist.gov/eauth
  • Comment period ends March 15

10
Part of a Larger Policy Framework
Policies Ongoing
11
e-Authentication Trust Model for Federated
Identity
2. Establish standard methodology for
e-Authentication risk assessment (ERA)
1. Establish e-Authentication risk and assurance
levels for Governmentwide use (OMB M-04-04
Federal Policy Notice 12/16/03)
3. Establish technical assurance standards for
e-credentials and credential providers (NIST
Special Pub 800-63 Authentication Technical
Guidance)
4. Establish methodology for evaluating
credentials/providers on assurance criteria
(Credential Assessment Framework)
6. Establish common business rules for use of
trusted 3rd-party credentials
5. Establish trust list of trusted credential
providers for govt-wide (and private sector) use
12
The CAF Suite for Assessing Credentials
PKI
Credential Assessment Profiles (CAPS
The CAPs establish the assessment criteria for
each type of credential technology (e.g., PIN,
password, PKI).
PASSWORDS
Credential Assessment Profiles (CAPS
Credential Assessment Profiles (CAPS
PINs
Credential Assessment Profiles (CAPS
Credential Assessment Guide (CAG)
The CAF provides structured procedures for
conducting the assessment of CSPs and
credentials.
Credential Assessment Framework (CAF)
Based on OMB policy and NIST Technical guidance,
the CAF establishes the structured means for
providing assurances to Federal agencies
regarding the veracity and dependability of
identity credentials and tokens.
13
e-Authentication Trust and Interoperability
Trust Broker
  • The e-Authentication Initiative acts as Trust
    Broker to provide Trust Assurance services for
    Fed Agencies
  • Manages relations among Agency Applications
    (relying parties) and Credential Service
    Providers (issuers)
  • Administers Authentication policy Framework
  • Establishes and administers common business rules
    for the relationships among the parties
  • Administers common interface specs
  • Performs credential assessments
  • Authorizes CSPs on trust list according to
    standardized assurance levels
  • Provides C A and regular audit ensures
    compliance

Common Interface Specs
Common Policies Business Rules
CSP
CSP
CSP
Policy, Technical, Business Interoperability
CSP
CSP
AA
AA
AA
AA
14
The Need for the Electronic Authentication
Partnership
Commercial Trust Assurance Services
Federal Government
  • Policy
  • Authentication
  • Assurance levels
  • Credential Profiles
  • Accreditation
  • Business Rules
  • Privacy Principles

CSP
CSP
CSP
State/Local Governments
Policy, Technical, Business Interoperability
  • Technology
  • Adopted schemes
  • Common specs
  • User Interfaces
  • APIs
  • Interoperable
  • COTS products
  • Authz support

RP
CSP
RP
RP
Industry
Common Business and Operating Rules
http//www.eapartnership.org/
15
For More Information
  • Phone E-mail
  • David Temoshok 202-208-7655 david.temoshok
    _at_gsa.gov

Websites http//cio.gov/eauthentication http//www
.eapartnership.org/ http//cio.gov/fpkipa
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Federal EAuthentication Initiative David Temoshok Director, Identity Policy GSA Office of Govern" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!