E-Authentication: A Federated Approach to Identity Management December 2004

1

The E-Authentication Initiative

E-Authentication:A Federated Approach to Identity

Management

December 2004

2


E-Authentication provides a blueprint for online identity validation that will enable the American public to access government services in a secure, trusted environment with credentials of their choosing

Government Services Must Be Available Online

E-Authentication Enables E-Government

3


What are the Goals of the Initiative?

Build and enable mutual trust needed to support wide-spread use of electronic interactions between the public and Government

Minimize the burden on the public when obtaining trusted electronic services from the Government

Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs

The Result: Businesses & individuals will be empowered to conduct business with Government at all levels using e-identity credentials provided by trusted institutions

4


The Concept of E-Authentication

Credential Service Provider

Agency ApplicationAccess

Point

Application User

Step 3Step 2Step 1

Step 1:

At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider

Step 2:

•User is redirected to selected credential service provider

•If user already possesses credential, user authenticates

•If not, user acquires credential and then authenticates

Step 3:

Credential service hands off authenticated user to the agency application selected at the access point

5


Critical Elements of E-Authentication

POLICY•Governance•Certification•Liability•Business Model•Dispute resolution

APPLICATIONS•6500 G2B & G2C applications•Gov’t Paperwork Elimination Act•OMB mandates

TECHNOLOGY•Federated model•Standards based•COTS based•Flexible, scalable•Extensible

CREDENTIAL SERVICE PROVIDERS•Federal agencies•Financial institutions •Health care providers•State governments

6


The OnLine Marketplace

Business and Government moving in the same direction

Services online to Increase accessibility to customer Streamline processes Reduce costs Improve customer satisfaction

Issue: How to Fulfill the Demand for Authentication Across the Federal Government Enterprise

Shopping Online

Transactions of Value to Consumers, Businesses and Government

Broadening to

7


Electronic Government is Evolving

Currently, in e-government transactions, the Federal government is the provider of the identity credential

As e-government evolves, the government intends to get out of the credential management business, and focus on the applications

Enabling industry to provide identity credentials: Eases the burden of doing business with consumers and business Takes government out of the credential issuance/management

business Allows government to leverage authentication work done by others

8


Why is E-Authentication Engaging Commercial Entities?

Because the Federal Government does not want to be in the credential management business, and certain commercial entities – like insurers and other financial institutions – are natural credential service providers (CSPs)

Look in your wallet – what 3 credentials are you most likely to find?

A credit card/bank card A health insurance card A State Government-issued driver’s license or photo ID

Consumer convenience and trust are key to selecting credential service providers

9


CSP

CSPCSP

CSP

CSP

CSP

CSP

CSPE-Authentication(Agency Apps)

E-Authentication Federated Identity Model

Consumers Businesses

10


GovernmentsFederal

States/LocalInternational

Higher EducationUniversities

Higher EducationPKI Bridge

HealthcareAmerican Medical Association

Patient Safetty Institute

Travel Industry AirlinesHotels

Car RentalTrusted Traveler Programs

Who Can Be in the Trust Network?

E-Commerce Industry ISPs

Internet AccountsCredit Bureaus

eBay

Trust Network

Financial Services IndustryHome Banking

Credit/Debit CardsInsurance

Absent a National ID and unique National Identifier, the E-Authentication initiative will approve trusted credentials/providers at determined assurance levels.

11


Business-Focused ApplicationsType of Transaction Sample Application Potential Users

Registration Employer Identification Number 22.9M small businesses

Taxes 80 forms 22.9M small businesses

Licensing/Permits/ Accreditation

Nat’l Park Service Research Permits

3500 researchers, 10,000 permits requested each year

Compliance EPA Central Data Exchange 15,000 industries and laboratories

Grants/Loans/ Subsidies

FHA Connection 90,000 mortgage lenders – 1.4M loans approved in FY04

Gov’t Contracting E-Offer 8,000 primary business contracts; 100,000 projected business users

Business Support NASA Integrated Information 50,000 contractors, industry participants (350M transaction per year)

Int’l Trade Export.gov 3 million businesses

12


Citizen-Focused Applications

Type of Transaction Sample Application Potential Users

Taxes IRS: 87 forms 118M returns in 2003 – 52M e-filed, 42M direct deposit

Healthcare Health & Human Services’ Transplant Donor

35M potential donors

Social Security Statement on Line 47M citizens receiving benefits

Assistance USA Jobs Over 15,000 job postings

Recreation Recreation One Stop 5.7M campers in 2003

Loans Health & Human Services’ National Student Loan

35M student users

Public Safety Dept. of Justice’s Victim Internet System

13M victims and their attorneys

Benefits Veterans Affairs Medical and Education Benefits

70M veterans, family members or survivors

13


Developing a Service

FSTC Working with 5 of the top 10 banks and investment institutions Jointly developing the business model for identity verification services

Shibboleth Analyzing the policy and technical gaps Credential Assessments scheduled with three universities Pilot opportunities with National Park Service

State Governments Aligning with the E-Authentication model Adopting the E-Authentication framework Serving as a credential service provider Becoming a relying party

14


The Electronic Authentication Partnership

State/Local Governments

Industry

Policy• Authentication

• Assurance levels

• Credential Profiles

• Accreditation

• Business Rules

• Privacy Principles

Technology• Adopted schemes

• Common specs

• User Interfaces

• APIs

• Interoperable

COTS products

• Authz support

Federal Government Commercial Trust Assurance Services

Policy, Technical, & Business Interoperability

Common Business and Operating Rules

IDP

IDP

IDP

IDP

RP RP

RP

http://www.eapartnership.org/

Interoperability for:

15


E-Authentication Validated by Independent Report

Burton Group, a respected IT research and advisory services firm, reports that E-Authentication:

Aligns with industry best practices

Provides flexible and pragmatic common approach to authentication

Efforts should continue and expand, with fine tuning

“The E-Authentication Initiative’s goals are achievable. The anticipated benefits are real and far-reaching, and extend to end-users, governmental organizations, and commercial businesses alike. The E-Authentication Initiative is well-defined, flexible, technically sound, and employs industry best practices.”

Burton Group Report on the Federal E-Authentication Initiative, 8/30/04

16


For More Information

Phone E-mail

Sharon Terango 703-872-8619 [email protected] Assessment Mgr.

Websiteshttp://cio.gov/eauthenticationhttp://www.eapartnership.org/

http://cio.gov/fpkipa

17


18


Progress to Date Interoperable Products

9 Approved products currently include Entegrity, Entrust, Hewlett-Packard, IBM, Netegrity, Oblix, RSA, Sun and Trustgenix

Multiple other products are in test in the Initiative’s Interoperability Lab

Credential Service Providers 16 CSPs currently on the E-Authentication Federal Trust List

• 8 Level 3 CSPs and 3 Level 4 CSPs (PKI)

• 2 Level 2 CSPs and 3 Level 1 CSPs (Password)

• Upgraded OPM Employee Express to Level 2 - 1.2 million Federal Employees soon able to use on eTravel

Applications All E-GOV Presidential Initiatives have completed Risk Assessments Production with Integrated Acquisition Environment - eOffer and FedTEDS tools Completed pilot with Grants.gov and finalizing production plans Demonstrated progress on six additional agency pilots

E-Authentication: A Federated Approach to Identity Management December 2004

Documents

Transcript of E-Authentication: A Federated Approach to Identity Management December 2004