Interagency Advisory Board Meeting Agenda, May 27, 2010



Similar documents
Interagency Advisory Board Meeting Agenda, July 28, 2010

Interagency Advisory Board Meeting Agenda, March 5, 2009

Identity, Credential, and Access Management

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010

Interagency Advisory Board Meeting Agenda, September 27, 2010

Identity, Credential, and Access Management. Open Solutions for Open Government

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

Identity, Credential, and Access Management at NASA, from Zachman to Attributes

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

Identity Management for Interoperable Health Information Exchanges

GFIPM & NIEF Single Sign-on Supporting all Levels of Government

Interagency Advisory Board Meeting Agenda, Wednesday, February 22, 2012

Federal Identity, Credential, and Access Management Trust Framework Solutions. Relying Party Guidance For Accepting Externally-Issued Credentials

Interagency Advisory Board Meeting Agenda, August 25, 2009

Federal Identity, Credentialing, and Access Management. Identity Scheme Adoption Process

U.S. Department of Energy Washington, D.C.

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on

INCIDENT SCENE AUTHORIZED ACCESS USING A MOBILE DEVICE

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

U.S. Office of Personnel Management Human Resources Line of Business. Federal Human Resources Process Model

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, DC

Federal Identity, Credential, and Access Management Trust Framework Solutions. Overview

DOE Joint ICAM Program - Unclass & Secret Fabrics

Federal Identity, Credentialing, and Access Management. Personal Identity Verification Interoperable (PIV-I) Test Plan. Version 1.1.

Federated Identity Management

STATEMENT OF WORK. For

DEPARTMENTAL REGULATION

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

Department of Defense PKI Use Case/Experiences

Federal PKI. Trust Infrastructure. Overview V1.0. September 21, 2015 FINAL

Commonwealth of Virginia Personal Identity Verification-Interoperable (PIV-I) First Responder Authentication Credential (FRAC) Program

E-Authentication Federation Adopted Schemes

Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements

Canadian Access Federation: Trust Assertion Document (TAD)

Developing a Federal Vision for Identity Management

Federal e-government Agenda: Authentication and Identity Management

Standard Government-Wide Senior Executive Service (SES) Performance Appraisal System

INFORMATION SHARING ENVIRONMENT GUIDANCE (ISE-G) IDENTITY AND ACCESS MANAGEMENT FRAMEWORK FOR THE ISE VERSION 1.0

An Operational Architecture for Federated Identity Management

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards

The Implementation of Homeland Security Presidential Directive 12

U.S. Department of Agriculture HSPD 12 Program. USDA HSPD-12 Implementing PIV USDA

National Capital Region. Electronic Designation and Validation of Federal/Emergency Response Officials (F/EROs) in support of National Preparedness

Information Technology Policy

Memorandum of Understanding Between the Department of Energy Managing Partner Financial Management Line of Business And Nuclear Regulatory Commission

Practical Challenges in Adopting PIV/PIV-I

State Identity, Credential, and Access Management (SICAM) Roadmap and Implementation Guidance Version 2.0 October 14, 2013

Federal Public Key Infrastructure Technical Working Group Meeting Minutes

GFIPM Trusted Identity Broker Onboarding Guide Draft Version 1.0 June 2012 Table of Contents

Derived credentials. NIST SP ( 5.3.5) provides for long term derived credentials

Shared Services Canada (SSC)

Life After PIV. Authentication In Federated Spaces. Presented to. Card Tech/Secure Tech. May By Lynne Prince Defense Manpower Data Center

For Official Use Only (FOUO)

The Government-wide Implementation of Biometrics for HSPD-12

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Canadian Access Federation: Trust Assertion Document (TAD)

Integration of Access Security with Cloud- Based Credentialing Services

Information Systems Security Line of Business (ISS LoB)

Identity and Access Management Initiatives in the United States Government

State Identity Credential and Access Management (SICAM) Guidance and Roadmap

NSTIC National Program Office Discussion Draft STANDARDS CATALOG

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Data Governance Strategy

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Federated Identity Management

ABAC Workshop Minutes

Biometric Single Sign-on using SAML

SAML:The Cross-Domain SSO Use Case

Federal Identity, Credential, and Access Management Trust Framework Solutions

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

OFFICE OF THE CHIEF INFORMATION OFFICER IDENTITY, CREDENTIAL, & ACCESS MANAGEMENT PROGRAM. Logging In with my LincPass

FCCX Briefing. Information Security and Privacy Advisory Board. June 13, 2014

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

A Smart Card Alliance Physical Access Council and Identity Council White Paper. Publication Date: January 2011 Publication Number: PAC-11001

1 DOCUMENT PURPOSE... 2 RECOMMENDED PRINCIPLES...

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Canadian Access Federation: Trust Assertion Document (TAD)

Fiscal Year 2011 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002

ITTF POLICY STATEMENT 2010 (6)

President s Management Advisory Board Meeting. March 27, 2015

MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES

The Global Unique ID (GUID)

FICC Shared Service Provider (SSP) Industry Day, 3/11. Questions and Answers

Fiscal Year 2009 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002

FY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0

Can We Reconstruct How Identity is Managed on the Internet?

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Biometric Single Sign-on using SAML Architecture & Design Strategies

Canadian Access Federation: Trust Assertion Document (TAD)

Date: Wednesday March 12, 2014 Time: 10:00 am to 2:45 pm ET Location: Virtual Hearing

ANNUAL REPORT TO CONGRESS: FEDERAL INFORMATION SECURITY MANAGEMENT ACT

ANNUAL REPORT TO CONGRESS: FEDERAL INFORMATION SECURITY MANAGEMENT ACT

NEIS HELP DESK FAQS. HSPD-12 Policy/Business Process. General HSPD-12 FAQs can be found online at:

IQS Identity and Access Management

How To Write A Unified Approach To Identity And Authentication

Concept Proposal. A standards based SOA Framework for Interoperable Enterprise Content Management

GAO ELECTRONIC GOVERNMENT ACT. Agencies Have Implemented Most Provisions, but Key Areas of Attention Remain

Transcription:

Interagency Advisory Board Meeting Agenda, May 27, 2010 1. Opening Remarks 2. PIV-I Status (Judy Spencer, GSA) 3. PIV Test Requirements (Dave Temoshok, GSA) 4. ICAM Progress at USDA (Owen Unangst, USDA)) 5. PIV-I Discussion Panel (Jim Hatcher, Mike Mestrovich, Chris Louden, Rebecca Nielson) 6. FIWG Status Update (Corinne Irwin, NASA) 7. LAWG Status Update (Bill Erwin, GSA) 8. Closing Remarks

Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management Federation Interoperability Working Group (FIWG) May 2010

Agenda What is the FIWG? Federal Identity Profile BAE Federal agreements Encryption/signing certs EGCA Physical Access Challenges 2 5/27/2010

ICAM Mission Fostering effective government-wide identity and access management Enabling trust in online transactions through common identity and access management policies and approaches Aligning federal agencies around common identity and access management practices Reducing the identity and access management burden for individual agencies by fostering common interoperable approaches Ensuring alignment across all identity and access management activities that cross individual agency boundaries Collaborating with external identity management activities through inter-federation to enhance interoperability 3 Co-Chairs: Paul D. Grant, DOD & Judith Spencer, GSA

All Assurance Levels 4 Identity, Credential, and Access Management Applicability

FIWG Purpose Promote federation pilots Intra-Federal External parties Levels of Assurance 2 4 Identify roadblocks to federation Address roadblocks 5 5/27/2010

Roadblocks Identified Identifiers/Linkage PIV Enablement Trusted Certificate Authorities Federation Agreements 6 5/27/2010

Identifiers/Linkage How do you uniquely identify federated users? How do you link identity data you have with your federated partner? Partnered with HR LOB to define: Common identity profile for use in Fed-to-Fed space Identifier(s) that can be relied upon to uniquely identify a person Identifier(s) that can be used to link existing identities in two systems to enable PIV and SAML authentication 7 5/27/2010

PIV Enablement Two basic methods Registration User is invited to remotely present PIV card Linkage is made between Identity/account and PIV card Backend Attribute Exchange Federation partners exchange data to enable linkage For existing applications that already exchange identity information, adding key PIV attributes to the existing exchange is simple to implement 8

PIV Enablement and SAML/Single Sign-on Is it acceptable to use a SAML assertion of PIV authentication? Yes, depending on your risk assessment OASIS standard developed for asserting PIV SAML assertions still must be signed and encrypted See Trusted Certificate Authorities 9

Trusted Certificate Authorities Need a Trust Anchor, similar to FBCA, to allow for SAML exchanges Signed, encrypted assertions for BAE and authentication exchange egov Certificate Authority (egca) can meet this need Re-vamping egov eauth documents to allow issuance of egca certs for BAE and federated authentication Federal Agencies will be able to self-certify to receive certs Other partners will certify through the Trust Provider Framework 10 5/27/2010

Federation Agreements Developing a standard federation agreement that can be used multi-laterally Owner of the agreement establishes the parameters for federation Other parties sign on In general, the use of bi-lateral agreements should be avoided Difficult to maintain agreement standards Doesn t support attribute aggregation 11 5/27/2010

Attribute Aggregation Collect multiple attributes from different sources in order to make authorization decisions Example: NASA asserts that I am a NASA employee DHS asserts that I am authorized to access a disaster site Anne Arundel County asserts that I am a certified Emergency Medical Technician Bank of America asserts that I am the owner of the smartcard credential they issued Goal is to collect attributes from the authoritative source The certifier/issuer is the authoritative source 12

Presenter Corinne Irwin Project Executive, Authentication & Authorization National Aeronautics and Space Administration (NASA) Corinne.S.Irwin@nasa.gov 202-358-0653 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information