1 / 13

Drivers for Identity Federation in Government

IBM Federated Identity Management Strategy for National (Federal) and Local Government (change title for appropriate audience). Drivers for Identity Federation in Government. Complex Trust Relationships in Multiple Contexts – Within Governmental Agencies (G2E)

Download Presentation

Drivers for Identity Federation in Government

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IBM Federated Identity Management Strategyfor National (Federal) and Local Government(change title for appropriate audience)

  2. Drivers for Identity Federation in Government • Complex Trust Relationships in Multiple Contexts– • Within Governmental Agencies (G2E) • Between Federal, State and Local Agencies (G2G) • Between Governmental Agencies and Citizens (G2C) • Managing Trust Relationships with Individual Users Problematic in G2G and G2E • Lack physical access to users • Users forced to manage multiple identities and credentials • User administration costly and ineffective • Statutory, Regulatory and Privacy Concerns demanding better access control to sensitive data while demanding increased electronic access

  3. Legal Drivers for Identity Federation in Government • E-Government Act of 2002–Delegates authority to OMB (Office of Management & Budget) to issue guidance on how agencies are to move from paper to electronic transactions. • General Services Administration (GSA) E-Authentication Initiative –One of 25 presidential e-Gov initiatives designed to improve interfaces between citizens, businesses, and all levels of government. E-Auth focuses on federation technology and reuse of approved credentials. • Government Paperwork Elimination Act- Agencies must provide, E-forms as alternatives to paper, E-signatures to authenticate sender, E-receipts to and acknowledge successful submission. • Homeland Security Presidential Directive 12 (HSPD12) –Directs that standardized forms of identification be used when accessing federal facilities and information systems. • Federal Information Processing Standard (FIPS) 201 –NIST Standard entitled Personal Identity and Verification (PIV) of Federal Employees and Contractors sets the standard for HPSD12

  4. Federation Drivers Other third parties Departments Commercial entities Outsourced employee Providers Agencies • No standard mechanism to “trust” identities from other agencies, external entities etc. • Lack of trust means replication of account information, multiple IDs and passwords • Costly/Inefficient Account Management that has difficulty scaling to large numbers • Costly Identity Integration with Applications & Services across organizations • Security Audit Exposure, compliance, accountability and privacy issues

  5. Cross-Enterprise, Web-Services Security Enterprise Provisioning and User Management Federated Identity Management Disclosure Control over Private Data Identity Manager Privacy Manager Access Manager Directory Server Directory Integrator Scalable, High-Performing LDAP Directory Data Synchronization The IBM Identity Management Blueprint Authentication, Authorization and Web SSO

  6. Identity & Security Challenges Identity/Service Provider Identity/Service Provider AgencyPortal AgencyPortal • Security Pains Authentication / Single Sign On Provisioning/Account Mgmt User Self-Service Session Management Authorization Audit Management • Security Integration Challenges Unifying “identity” between various domains Unifying “security” between various domains Consolidation or Federation • Integrating Identity & Security with Applications Direct user access to sites Direct application access to services Proxied user access to services (i.e., a site calls a service on your behalf) Consolidation or Federation Users Identity Repository Identity Repository Local Identities Local Identities Identity/Service Provider Identity/Service Provider AgencyPortal AgencyPortal Users Local Identities Local Identities Identity Repository Identity Repository

  7. A solution that enables government organizations to integrate their disparate Identity Management infrastructure so that employees, suppliers and services can collaborate seamlessly. Provides the capabilities for complete user lifecycle management Enable users to SSO / Single Sign Off to various portals using open standards Enable secure Portal integration with Data & applications using Web Services Provision users and access rights between Identity domains Partner Enrollment in a federation User Enrollment / Registration to various third-party Portals What do mean by “Federated Identity Management?” Agency A Agency B Domain Platform B Domain Platform A

  8. Federated User Experience Identity Assertion How to securely authenticate and map identities between trusted agencies? External Agency Your agencyIdentity • Standard authentication assertions provides identity mapping capability • User can drive federation of identities or federation can be pre-determined • Single sign-off closes sessions across federations

  9. Each organization manages their own identities Federation technology maps users via standard ‘tokens’ User experience is improved Users can navigate easily between Web sites while maintaining a single login identity Enhances collaboration & data sharing Cost containment/reduction - Avoids duplication - Identity provider centralizes account management, password resets etc. Agency B Citizen Citizen Federated User Experience Third-Party Access Agency A Agency C Direct Access eGovernment Portal Company A Commercial Entity

  10. State of Oregon Federated Identity Project – Objectives • Enable the State of Oregon to securely conduct business with other agencies and business entities.  • Leverage the U.S General Services Administration’s eAuthentication initiative to integrate with the standard Government Federated Identity Model. • Provide easy integration with agencies across the State of Oregon.

  11. Business Innovation & Optimization Services Facilitates better decision-making with real-time business information Interaction Services Process Services Information Services IT ServiceManagement DevelopmentServices Enables collaboration between people, process & information Orchestrate and automate business processes Facilitates communication between services ESB Integrated environment for design and creation of solution assets Monitor, manage and secure services, applications & resources Partner Services Business App Services Access Services Connect with trading partners Build on a robust, scaleable, and secure services environment Facilitates interactions with existing information and application assets Apps & Info Assets Infrastructure Services Optimizes throughput, availability and performance SOA Reference ArchitectureProviding the technical underpinnings for Business Centric SOA Manages diverse data and content in a unified manner

  12. Why IBM Tivoli Federated Identity Management? • Enhances cross-domain collaboration • Improves User Experience • Simplifies Integration with Suppliers/Partners • Reduces Identity Management costs • Improves Compliance & Governance • Support for all major standards (Liberty, SAML, WS-Federation, WS-Security, WS-Trust, WS-Provisioning) • Provides Security foundation for future SOA based applications

  13. IBM Proposition for Federated Identity Management • WW Installed Base • Market Leading Solution - Gartner MQ Quadrant, Meta Group Spectrum, Frost & Sullivan • 7 year Product Leadership • Experience in build out of world’s largest Federation project • Technology and Standards Leadership • Industry Leadership on Web Services standards

More Related