E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004

1. The E-Authentication Initiative E-Authentication:The Need for Open-Standards in Implementing E-GovernmentOctober 6, 2004

2. E-Government Strategy: Improving Service for Citizens Government to Business Managing Partner GSA EPA Treas HHS SBA DOC Government to Citizen Managing Partner GSA Treas DoEd DOI DOL 1. Federal Asset Sales 2. Online Rulemaking Mgmt 3. Expanding Tax Products for Businesses 4. Consolidated Health Informatics 5. Business Gateway 6. International Trade Process Streamlining 1. USA Service 2. IRS Free File 3. E-Loans 4. Recreation One Stop 5. GovBenefits E-Authentication Internal Effectiveness & Efficiency Government to Government Managing Partner OPM OPM OPM OPM GSA GSA NARA OPM Managing Partner SSA HHS FEMA DOI FEMA 1. E-Training 2. Recruitment One Stop 3. Enterprise HR Integration 4. E-Clearance 5. E-Travel 6. Integrated Acquisition 7. E-Records Management 8. Payroll/HR 1. E-Vital 2. Grants.gov 3. Disaster Mgmt 4. Geospatial One Stop 5. SAFECOM

3. What is the E-Authentication Initiative? • E-Authentication provides a blueprint for online identity validation that will enable the American public to access government services in a secure, trusted environment with credentials of their choosing E-Authentication Enables E-Government

4. What are the Goals of the Initiative? • Build and enable mutual trust needed to support wide-spread use of electronic interactions between the public and Government • Minimize the burden on the public when obtaining trusted electronic services from the Government • Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs The Result: Businesses & individuals will be empowered to conduct business with Government at all levels using e-identity credentials provided by trusted institutions

5. The E-Authentication Service Concept Step 1 Step 2 Step 3 Application User Agency Application Credential Service Provider Access Point • Step 2: • User is redirected to selected credential service provider • If user already possesses credential, user authenticates • If not, user acquires credential and then authenticates Step 1: At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider Step 3: Credential service hands off authenticated user to the agency application she selected at the access point

6. Federated Identity: Confidence, Convenience & Choice for Citizens Governments Federal States/Local International Travel Industry Airlines Hotels Car Rental Trusted Traveler Programs Identity Trust Network Higher Education Universities Higher Education PKI Bridge E-Commerce Industry ISPs Internet Accounts Credit Bureaus eBay Financial Services Industry Home Banking Credit/Debit Cards Healthcare American Medical Association Patient Safety Institute The E-Authentication Initiative is leveraging federated identity, the reuse of credentials, and private sector solutions to improve service to citizens

7. Critical Elements of E-Authentication • POLICY • Governance • Certification • Liability • Business Model • Dispute resolution • APPLICATIONS • 6500 G2B & G2C applications • Gov’t Paperwork Elimination Act • OMB mandates • TECHNOLOGY • Federated model • Standards based • COTS based • Flexible, scalable • Extensible • CREDENTIAL SERVICE PROVIDERS • Banks: • Inherently trusted • Regulatory infrastructure • Know your customer philosophy

8. E-Authentication’s Architecture • Open Standards-based, federated identity management • Security Assertion Markup Language (SAML) 1.0 in place now, SAML 2.0 support planned, as soon as is practical • Liberty Alliance and WS-Federation support is also planned • Interoperability Lab in place to identify products, test products and credential services and track the evolution of the technology

9. Standards-based Interoperability IsKey Agency Application E-Auth PMO Step 3: Agency selects technology products from interoperable product list Approved Technology Provider List Step 4: Agency purchases product from vendor and implements E-Authentication Step 2: If interoperable, product added to approved provider list Step 1: Vendor brings product to Lab Interoperability Lab Technology Vendors

11. Accomplishments to Date • Published E-Authentication Architecture • We have driven interoperability within SAML 1.0 market • List of seven approved, interoperable products • Trusted Credential Service Providers (CSPs) • 12 CSPs currently on the E-Authentication Federal Trust List • Actively pursuing reuse of financial institution credentials • Applications • Multiple pilots in progress • Additional pilots ready to roll out • More than 100 applications are near-term targets

12. What OASIS Can Do for E-Authentication • Continue to aid development of open standards, like SAML 2.0 • Build/Implement standards testing lab or service – we built it for SAML 1.0 because there wasn’t one we could use • Support our work in key areas: • Developing business rules • Policy • Business models • Cultivating CSPs • Driving standards

13. For More Information Phone E-mail Steve Timchak 703-872-8604 stephen.timchak@gsa.gov Program Manager Georgia Marsh 703-872-8614 georgiak.marsh@gsa.gov Deputy Program Manager Websites http://cio.gov/eauthentication http://www.eapartnership.org/ http://cio.gov/fpkipa