1 / 31

E-Authentication Overview & Technical Approach

Technical Track Session. E-Authentication Overview & Technical Approach. Scott Lowery. E-Authentication – Technical Approach. Agenda E-Authentication Overview Policy Framework Technical Approach Interoperability Lab. Policy Infrastructure:.

dane-porter
Download Presentation

E-Authentication Overview & Technical Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technical Track Session E-Authentication Overview & Technical Approach Scott Lowery

  2. E-Authentication – Technical Approach Agenda • E-Authentication Overview • Policy Framework • Technical Approach • Interoperability Lab

  3. Policy Infrastructure: 2. Establish standard methodology for e-Authentication risk assessment (ERA) 1. Establish e-Authentication risk and assurance levels for Governmentwide use (OMB M-04-04 Federal Policy Notice 12/16/03) 3. Establish technical assurance standards for e-credentials and credential providers (NIST Special Pub 800-63 Authentication Technical Guidance) 4. Establish methodology for evaluating credentials/providers on assurance criteria (Credential Assessment Framework) 6. Establish common business rules for use of trusted 3rd-party credentials 5. Establish trust list of trusted credential providers for govt-wide (and private sector) use

  4. OMB 04-04

  5. NIST SP 800-63

  6. E-Authentication – Technical Approach • Agenda • E-Authentication Overview • Technical Approach • Assertion Based Authentication • Certificate Based Authentication • Interoperability Lab

  7. E-Authentication – Technical Approach • Agenda • E-Authentication Overview • Technical Approach • Assertion Based Authentication • Overview • Management • SAML (Security Assertion Markup Language)as an Adopted Scheme • Certificate Based Authentication • Interoperability Lab

  8. AAs CSs Base Case

  9. Starting at the AA

  10. Step #3: After Selecting their AA the user is redirected back to the CS as usual CSP ID Startingat the CS

  11. Step #2: The user is Redirected to the portal With the CS and AA IDs Step #3: The user is cookied and redirected to the CS SpecializedPortals

  12. E-Authentication – Technical Approach • Agenda • E-Authentication Overview • Technical Approach • Assertion Based Authentication • Overview • Management • SAML as an Adopted Scheme • Certificate Based Authentication • Interoperability Lab

  13. Evaluate new Scheme against requirements Assess COTS Interoperability Start Scheme Adoption Lifecycle Migrate, Translate, or Both. Pilot Adopt EmergingTechnology

  14. Scheme Translator SchemeTranslator

  15. E-Authentication – Technical Approach • Agenda • E-Authentication Overview • Technical Approach • Assertion Based Authentication • Overview • Management • SAML as an Adopted Scheme • Certificate Based Authentication • Interoperability Lab

  16. SAML 1.0Artifact ProfileBase Case

  17. SAML 1.0Artifact Profile Single Sign-On

  18. SAML 1.0Artifact ProfileGovernance

  19. E-Authentication – Technical Approach • Agenda • E-Authentication Overview • Technical Approach • Assertion Based Authentication • Certificate Based Authentication • Interoperability Lab

  20. Step #1: User goes to Portal to select the AA and the CS ValidationService

  21. Step #1: User goes to Portal to select the AA and the CS LocalValidation

  22. CertificatesAt LowerAssuranceApplications Scheme Translator Step #4: The ST uses the validation service to validate the certificate

  23. E-Authentication – Technical Approach • Agenda • E-Authentication Overview • Technical Approach • Interoperability Lab • Product Testing • Technical Support • CS / AA Testing

  24. AAs CSs • COTS (Commercial Off The Shelf) Product Testing • Scheme compliance • Interoperability

  25. Evaluate new Scheme against requirements Assess COTS Interoperability Start Scheme Adoption Lifecycle Migrate, Translate, or Both. Pilot Adopt • Product Testing • See List of Approved Vendors

  26. COTS Product Testing • Certificate Validation

  27. E-Authentication Architecture Evolution • Architecture Working Group • Evaluating Evolving Standards • Scheme Translators

  28. E-Authentication Interoperability Lab • Technical Support • Interoperability Testing • SAML Conformance Testing • Acceptance Testing • Approved Product List • Cookbook / Recipes • Extensive Experience in All These Areas

  29. E-Authentication – Technical Approach • Agenda • E-Authentication Overview • Technical Approach • Interoperability Lab

  30. Resources • http://www.cio.gov/eauthentication interoplab@enspier.com • Additional Contacts Chris Louden - 703-299-3444 Chris.louden@enspier.com Andrew Chiu - 703-299-3444 Andrew.chiu@enspier.com Steve Lazerowich - 703-299-3444 Steve.lazerowich@enspier.com David Simonetti - 410-356-2260 David.simonetti@enspier.com

  31. Contact Information I appreciate your feedback and comments. I can be reached at: Scott Lowry scott@enspier.com 202-236-8221

More Related