1 / 18

E-Authentication: A Federated Approach to Identity Management December 2004

E-Authentication: A Federated Approach to Identity Management December 2004. Government Services Must Be Available Online.

Download Presentation

E-Authentication: A Federated Approach to Identity Management December 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. E-Authentication:A Federated Approach to Identity ManagementDecember 2004

  2. Government Services Must Be Available Online • E-Authentication provides a blueprint for online identity validation that will enable the American public to access government services in a secure, trusted environment with credentials of their choosing E-Authentication Enables E-Government

  3. What are the Goals of the Initiative? • Build and enable mutual trust needed to support wide-spread use of electronic interactions between the public and Government • Minimize the burden on the public when obtaining trusted electronic services from the Government • Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs The Result: Businesses & individuals will be empowered to conduct business with Government at all levels using e-identity credentials provided by trusted institutions

  4. The Concept of E-Authentication Step 1 Step 2 Step 3 Application User Agency Application Credential Service Provider Access Point • Step 2: • User is redirected to selected credential service provider • If user already possesses credential, user authenticates • If not, user acquires credential and then authenticates Step 1: At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider Step 3: Credential service hands off authenticated user to the agency application selected at the access point

  5. Critical Elements of E-Authentication • POLICY • Governance • Certification • Liability • Business Model • Dispute resolution • APPLICATIONS • 6500 G2B & G2C applications • Gov’t Paperwork Elimination Act • OMB mandates • TECHNOLOGY • Federated model • Standards based • COTS based • Flexible, scalable • Extensible • CREDENTIAL SERVICE PROVIDERS • Federal agencies • Financial institutions • Health care providers • State governments

  6. Issue:How to Fulfill the Demand for Authentication Across the Federal Government Enterprise The OnLine Marketplace • Business and Government moving in the same direction • Services online to • Increase accessibility to customer • Streamline processes • Reduce costs • Improve customer satisfaction Broadening to Transactions of Value to Consumers, Businesses and Government Shopping Online

  7. Electronic Government is Evolving • Currently, in e-government transactions, the Federal government is the provider of the identity credential • As e-government evolves, the government intends to get out of the credential management business, and focus on the applications • Enabling industry to provide identity credentials: • Eases the burden of doing business with consumers and business • Takes government out of the credential issuance/management business • Allows government to leverage authentication work done by others

  8. Why is E-Authentication Engaging Commercial Entities? • Because the Federal Government does not want to be in the credential management business, and certain commercial entities – like insurers and other financial institutions – are natural credential service providers (CSPs) • Look in your wallet – what 3 credentials are you most likely to find? • A credit card/bank card • A health insurance card • A State Government-issued driver’s license or photo ID Consumer convenience and trust are key to selecting credential service providers

  9. CSP CSP CSP CSP CSP CSP CSP CSP E-Authentication Federated Identity Model E-Authentication (Agency Apps) Consumers Businesses

  10. Who Can Be in the Trust Network? Governments Federal States/Local International Travel Industry Airlines Hotels Car Rental Trusted Traveler Programs Trust Network Higher Education Universities Higher Education PKI Bridge E-Commerce Industry ISPs Internet Accounts Credit Bureaus eBay Financial Services Industry Home Banking Credit/Debit Cards Insurance Healthcare American Medical Association Patient Safetty Institute Absent a National ID and unique National Identifier, the E-Authentication initiative will approve trusted credentials/providers at determined assurance levels.

  11. Business-Focused Applications

  12. Citizen-Focused Applications

  13. Developing a Service • FSTC • Working with 5 of the top 10 banks and investment institutions • Jointly developing the business model for identity verification services • Shibboleth • Analyzing the policy and technical gaps • Credential Assessments scheduled with three universities • Pilot opportunities with National Park Service • State Governments • Aligning with the E-Authentication model • Adopting the E-Authentication framework • Serving as a credential service provider • Becoming a relying party

  14. The Electronic Authentication Partnership Interoperability for: Commercial Trust Assurance Services Federal Government • Policy • Authentication • Assurance levels • Credential Profiles • Accreditation • Business Rules • Privacy Principles IDP IDP IDP State/Local Governments Policy, Technical, & Business Interoperability • Technology • Adopted schemes • Common specs • User Interfaces • APIs • Interoperable • COTS products • Authz support RP IDP RP RP Industry Common Business and Operating Rules http://www.eapartnership.org/

  15. E-Authentication Validated by Independent Report • Burton Group, a respected IT research and advisory services firm, reports that E-Authentication: • Aligns with industry best practices • Provides flexible and pragmatic common approach to authentication • Efforts should continue and expand, with fine tuning “The E-Authentication Initiative’s goals are achievable. The anticipated benefits are real and far-reaching, and extend to end-users, governmental organizations, and commercial businesses alike. The E-Authentication Initiative is well-defined, flexible, technically sound, and employs industry best practices.” Burton Group Report on the Federal E-Authentication Initiative, 8/30/04

  16. For More Information Phone E-mail Sharon Terango 703-872-8619 Sharon.Terango@gsa.gov Credential Assessment Mgr. Websites http://cio.gov/eauthentication http://www.eapartnership.org/ http://cio.gov/fpkipa

  17. Progress to Date • Interoperable Products • 9 Approved products currently include Entegrity,Entrust,Hewlett-Packard, IBM,Netegrity, Oblix, RSA, Sun and Trustgenix • Multiple other products are in test in the Initiative’s Interoperability Lab • Credential Service Providers • 16 CSPs currently on the E-Authentication Federal Trust List • 8 Level 3 CSPs and 3 Level 4 CSPs (PKI) • 2 Level 2 CSPs and 3 Level 1 CSPs (Password) • Upgraded OPM Employee Express to Level 2 - 1.2 million Federal Employees soon able to use on eTravel • Applications • All E-GOV Presidential Initiatives have completed Risk Assessments • Production with Integrated Acquisition Environment - eOffer and FedTEDS tools • Completed pilot with Grants.gov and finalizing production plans • Demonstrated progress on six additional agency pilots

More Related