E-Authentication: A Federated Approach to Identity Management December 2004
-
Upload
cain-villarreal -
Category
Documents
-
view
25 -
download
1
description
Transcript of E-Authentication: A Federated Approach to Identity Management December 2004
1
The E-Authentication Initiative
E-Authentication:A Federated Approach to Identity
Management
December 2004
2
The E-Authentication Initiative
E-Authentication provides a blueprint for online identity validation that will enable the American public to access government services in a secure, trusted environment with credentials of their choosing
Government Services Must Be Available Online
E-Authentication Enables E-Government
3
The E-Authentication Initiative
What are the Goals of the Initiative?
Build and enable mutual trust needed to support wide-spread use of electronic interactions between the public and Government
Minimize the burden on the public when obtaining trusted electronic services from the Government
Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs
The Result: Businesses & individuals will be empowered to conduct business with Government at all levels using e-identity credentials provided by trusted institutions
4
The E-Authentication Initiative
The Concept of E-Authentication
Credential Service Provider
Agency ApplicationAccess
Point
Application User
Step 3Step 2Step 1
Step 1:
At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider
Step 2:
•User is redirected to selected credential service provider
•If user already possesses credential, user authenticates
•If not, user acquires credential and then authenticates
Step 3:
Credential service hands off authenticated user to the agency application selected at the access point
5
The E-Authentication Initiative
Critical Elements of E-Authentication
POLICY•Governance•Certification•Liability•Business Model•Dispute resolution
APPLICATIONS•6500 G2B & G2C applications•Gov’t Paperwork Elimination Act•OMB mandates
TECHNOLOGY•Federated model•Standards based•COTS based•Flexible, scalable•Extensible
CREDENTIAL SERVICE PROVIDERS•Federal agencies•Financial institutions •Health care providers•State governments
6
The E-Authentication Initiative
The OnLine Marketplace
Business and Government moving in the same direction
Services online to Increase accessibility to customer Streamline processes Reduce costs Improve customer satisfaction
Issue: How to Fulfill the Demand for Authentication Across the Federal Government Enterprise
Shopping Online
Transactions of Value to Consumers, Businesses and Government
Broadening to
7
The E-Authentication Initiative
Electronic Government is Evolving
Currently, in e-government transactions, the Federal government is the provider of the identity credential
As e-government evolves, the government intends to get out of the credential management business, and focus on the applications
Enabling industry to provide identity credentials: Eases the burden of doing business with consumers and business Takes government out of the credential issuance/management
business Allows government to leverage authentication work done by others
8
The E-Authentication Initiative
Why is E-Authentication Engaging Commercial Entities?
Because the Federal Government does not want to be in the credential management business, and certain commercial entities – like insurers and other financial institutions – are natural credential service providers (CSPs)
Look in your wallet – what 3 credentials are you most likely to find?
A credit card/bank card A health insurance card A State Government-issued driver’s license or photo ID
Consumer convenience and trust are key to selecting credential service providers
9
The E-Authentication Initiative
CSP
CSPCSP
CSP
CSP
CSP
CSP
CSPE-Authentication(Agency Apps)
E-Authentication Federated Identity Model
Consumers Businesses
10
The E-Authentication Initiative
GovernmentsFederal
States/LocalInternational
Higher EducationUniversities
Higher EducationPKI Bridge
HealthcareAmerican Medical Association
Patient Safetty Institute
Travel Industry AirlinesHotels
Car RentalTrusted Traveler Programs
Who Can Be in the Trust Network?
E-Commerce Industry ISPs
Internet AccountsCredit Bureaus
eBay
Trust Network
Financial Services IndustryHome Banking
Credit/Debit CardsInsurance
Absent a National ID and unique National Identifier, the E-Authentication initiative will approve trusted credentials/providers at determined assurance levels.
11
The E-Authentication Initiative
Business-Focused ApplicationsType of Transaction Sample Application Potential Users
Registration Employer Identification Number 22.9M small businesses
Taxes 80 forms 22.9M small businesses
Licensing/Permits/ Accreditation
Nat’l Park Service Research Permits
3500 researchers, 10,000 permits requested each year
Compliance EPA Central Data Exchange 15,000 industries and laboratories
Grants/Loans/ Subsidies
FHA Connection 90,000 mortgage lenders – 1.4M loans approved in FY04
Gov’t Contracting E-Offer 8,000 primary business contracts; 100,000 projected business users
Business Support NASA Integrated Information 50,000 contractors, industry participants (350M transaction per year)
Int’l Trade Export.gov 3 million businesses
12
The E-Authentication Initiative
Citizen-Focused Applications
Type of Transaction Sample Application Potential Users
Taxes IRS: 87 forms 118M returns in 2003 – 52M e-filed, 42M direct deposit
Healthcare Health & Human Services’ Transplant Donor
35M potential donors
Social Security Statement on Line 47M citizens receiving benefits
Assistance USA Jobs Over 15,000 job postings
Recreation Recreation One Stop 5.7M campers in 2003
Loans Health & Human Services’ National Student Loan
35M student users
Public Safety Dept. of Justice’s Victim Internet System
13M victims and their attorneys
Benefits Veterans Affairs Medical and Education Benefits
70M veterans, family members or survivors
13
The E-Authentication Initiative
Developing a Service
FSTC Working with 5 of the top 10 banks and investment institutions Jointly developing the business model for identity verification services
Shibboleth Analyzing the policy and technical gaps Credential Assessments scheduled with three universities Pilot opportunities with National Park Service
State Governments Aligning with the E-Authentication model Adopting the E-Authentication framework Serving as a credential service provider Becoming a relying party
14
The E-Authentication Initiative
The Electronic Authentication Partnership
State/Local Governments
Industry
Policy• Authentication
• Assurance levels
• Credential Profiles
• Accreditation
• Business Rules
• Privacy Principles
Technology• Adopted schemes
• Common specs
• User Interfaces
• APIs
• Interoperable
COTS products
• Authz support
Federal Government Commercial Trust Assurance Services
Policy, Technical, & Business Interoperability
Common Business and Operating Rules
IDP
IDP
IDP
IDP
RP RP
RP
http://www.eapartnership.org/
Interoperability for:
15
The E-Authentication Initiative
E-Authentication Validated by Independent Report
Burton Group, a respected IT research and advisory services firm, reports that E-Authentication:
Aligns with industry best practices
Provides flexible and pragmatic common approach to authentication
Efforts should continue and expand, with fine tuning
“The E-Authentication Initiative’s goals are achievable. The anticipated benefits are real and far-reaching, and extend to end-users, governmental organizations, and commercial businesses alike. The E-Authentication Initiative is well-defined, flexible, technically sound, and employs industry best practices.”
Burton Group Report on the Federal E-Authentication Initiative, 8/30/04
16
The E-Authentication Initiative
For More Information
Phone E-mail
Sharon Terango 703-872-8619 [email protected] Assessment Mgr.
Websiteshttp://cio.gov/eauthenticationhttp://www.eapartnership.org/
http://cio.gov/fpkipa
18
The E-Authentication Initiative
Progress to Date Interoperable Products
9 Approved products currently include Entegrity, Entrust, Hewlett-Packard, IBM, Netegrity, Oblix, RSA, Sun and Trustgenix
Multiple other products are in test in the Initiative’s Interoperability Lab
Credential Service Providers 16 CSPs currently on the E-Authentication Federal Trust List
• 8 Level 3 CSPs and 3 Level 4 CSPs (PKI)
• 2 Level 2 CSPs and 3 Level 1 CSPs (Password)
• Upgraded OPM Employee Express to Level 2 - 1.2 million Federal Employees soon able to use on eTravel
Applications All E-GOV Presidential Initiatives have completed Risk Assessments Production with Integrated Acquisition Environment - eOffer and FedTEDS tools Completed pilot with Grants.gov and finalizing production plans Demonstrated progress on six additional agency pilots