E-Authentication:The Need for Open-Standards in

Implementing E-Government

October 6, 2004

The E-Authentication Initiative

2

The E-Authentication Initiative

Government to Citizen

Government to Government Internal Effectiveness & Efficiency

1. USA Service 2. IRS Free File 3. E-Loans 4. Recreation One Stop5. GovBenefits

1. E-Vital 2. Grants.gov3. Disaster Mgmt4. Geospatial One Stop 5. SAFECOM

1. E-Training 2. Recruitment One Stop3. Enterprise HR Integration4. E-Clearance 5. E-Travel 6. Integrated Acquisition7. E-Records Management8. Payroll/HR

E-Government Strategy: Improving Service for Citizens

Managing PartnerOPMOPMOPMOPMGSAGSANARAOPM

Managing PartnerSSAHHSFEMADOI

FEMA

Managing Partner

GSATreasDoEdDOIDOL

Government to Business1. Federal Asset Sales2. Online Rulemaking Mgmt3. Expanding Tax Products for Businesses4. Consolidated Health Informatics 5. Business Gateway6. International Trade Process Streamlining

Managing Partner GSAEPATreas

HHSSBADOC

E-Authentication

3

The E-Authentication Initiative

E-Authentication provides a blueprint for online identity validation that will enable the American public to access government services in a secure, trusted environment with credentials of their choosing

What is the E-Authentication Initiative?

E-Authentication Enables E-Government

4

The E-Authentication Initiative

What are the Goals of the Initiative?

Build and enable mutual trust needed to support wide-spread use of electronic interactions between the public and Government

Minimize the burden on the public when obtaining trusted electronic services from the Government

Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs

The Result: Businesses & individuals will be empowered to conduct business with Government at all levels using e-identity credentials provided by trusted institutions

5

The E-Authentication Initiative

The E-Authentication Service Concept

Credential Service Provider

Agency Application

Access Point

Application User

Step 3Step 2Step 1

Step 1:

At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider

Step 2:

•User is redirected to selected credential service provider

•If user already possesses credential, user authenticates

•If not, user acquires credential and then authenticates

Step 3:

Credential service hands off authenticated user to the agency application she selected at the access point

6

The E-Authentication Initiative

GovernmentsFederal

States/LocalInternational

Higher EducationUniversities

Higher EducationPKI Bridge

HealthcareAmerican Medical Association

Patient Safety Institute

Travel Industry AirlinesHotels

Car RentalTrusted Traveler Programs

Federated Identity: Confidence, Convenience & Choice for Citizens

E-Commerce Industry ISPs

Internet AccountsCredit Bureaus

eBay

IdentityTrust Network

Financial Services IndustryHome Banking

Credit/Debit Cards

The E-Authentication Initiative is leveraging federated identity, the reuse of credentials, and private sector solutions to improve service to citizens

7

The E-Authentication Initiative

Critical Elements of E-Authentication

POLICY•Governance•Certification•Liability•Business Model•Dispute resolution

APPLICATIONS•6500 G2B & G2C applications•Gov’t Paperwork Elimination Act•OMB mandates

TECHNOLOGY•Federated model•Standards based•COTS based•Flexible, scalable•Extensible

CREDENTIAL SERVICE PROVIDERSBanks:•Inherently trusted •Regulatory infrastructure•Know your customer philosophy

8

The E-Authentication Initiative

E-Authentication’s Architecture

Open Standards-based, federated identity management

Security Assertion Markup Language (SAML) 1.0 in place now, SAML 2.0 support planned, as soon as is practical

Liberty Alliance and WS-Federation support is also planned

Interoperability Lab in place to identify products, test products and credential services and track the evolution of the technology

9

The E-Authentication Initiative

Standards-based Interoperability Is Key

Agency Application

E-Auth PMO

Interoperability Lab

Approved Technology Provider List

Technology Vendors

Step 1: Vendor brings product to Lab

Step 2: If interoperable, product added to approved provider list

Step 3: Agency selects technology products from interoperable product list

Step 4: Agency purchases product from vendor and implements E-Authentication

10

The E-Authentication Initiative

Assess COTS Interoperability

Evaluate new Scheme against

requirements

Pilot

Migrate, Translate, or Both.

Adopt

Adoption Lifecycle

Start

11

The E-Authentication Initiative

Accomplishments to Date

Published E-Authentication Architecture We have driven interoperability within SAML 1.0 market List of seven approved, interoperable products

Trusted Credential Service Providers (CSPs) 12 CSPs currently on the E-Authentication Federal Trust List Actively pursuing reuse of financial institution credentials

Applications Multiple pilots in progress Additional pilots ready to roll out More than 100 applications are near-term targets

12

The E-Authentication Initiative

What OASIS Can Do for E-Authentication

Continue to aid development of open standards, like SAML 2.0

Build/Implement standards testing lab or service – we built it for SAML 1.0 because there wasn’t one we could use

Support our work in key areas: Developing business rules Policy Business models Cultivating CSPs Driving standards

13

The E-Authentication Initiative

For More Information

Phone E-mail

Steve Timchak 703-872-8604 stephen.timchak@gsa.govProgram Manager

Georgia Marsh 703-872-8614 georgiak.marsh@gsa.govDeputy Program Manager

Websiteshttp://cio.gov/eauthenticationhttp://www.eapartnership.org/

http://cio.gov/fpkipa