CROMERR Made Easier Eric Cleckler, Alabama DEM Greg Mitchell, U.S. EPA 2015 Exchange Network National Meeting Supporting the Business of Environmental Protection September 29 October 1, 2015 Sheraton Philadelphia Society Hill Hotel Philadelphia, Pennsylvania http://www.exchangenetwork.net/en2015
ABSTRACT Shared CROMERR Services (SCS) is a group of web services aimed at making the implementation of CROMERR easier. EPA is working to address some of the pain points that early adopters have faced. 2
CROMERR Made Easier What is SCS? What does SCS look like? How does SCS make CROMERR easier? Lessons Learned Issues that still need to be worked out 3
What is SCS? Shared CROMERR Services Group of web services Covers 4 things: Registration and Account Management Identity Proofing Signature Device Signature Ceremony and Copy of Record 4
Background Shared CROMERR History 09/27/2012 - Shared CROMERR Charter (18 States) 10/18/2012 - Component Guidance and Recommendations 11/15/2012 - Exchange Network/Grant Applicant Outreach (e.g. vote) 03/14/2013 - Application Status and Outreach Results 03/30/2013 - Prototype SCS services and offer SCS Toolkit 2013 2015 Integrated Project Teams for State Partners Exchange Network Shared CROMERR Services Website http://www.exchangenetwork.net/shared-cromerr-services-ipt/ VT RI CT ID TN IN PA Shared CROMERR Services NM MO AL IA NC - In Production IL AZ MI KY
Shared CROMERR Toolkit http://www.exchangenetwork.net/shared-cromerr-services-ipt/ https://dev.epacdx.net/sharedcromerrservicesdemo
CROMERR Made Easier What is SCS? What does SCS look like? How does SCS make CROMERR easier? Lessons Learned Issues that still need to be worked out 7
What does SCS look like? 8
9
What does SCS look like? 10
11
12
13
What does SCS look like? Whatever you want it to look like! 14
CROMERR Made Easier What is SCS? What does SCS look like? How does SCS make CROMERR easier? Lessons Learned Issues that still need to be worked out 15
How does SCS make CROMERR easier? Lots of code that you don t have to write Much easier CROMERR checklist Details of storage, backups, retention, etc. handled for you One account can span multiple applications by default 16
CROMERR Made Easier What is SCS? What does SCS look like? How does SCS make CROMERR easier? Lessons Learned Issues that still need to be worked out 17
Lessons Learned From a programmer perspective, SCS is fairly straight-forward. Submit your CROMERR application before you think you should. Username collisions Test often and in every environment. 18
CROMERR Made Easier What is SCS? What does SCS look like? How does SCS make CROMERR easier? Lessons Learned Issues that still need to be worked out 19
Issues that still need to be worked out LexisNexis via popup often fails Documentation needs to be updated and in some cases created 20
Partners Build System Tools Using Existing Standard CROMERR Services New User Register Existing User MyProfile Applications/Services/Roles Partner Registration User Identity/ Credentials Prepare/Sign Reports Partner Admin Tools (Help Desk) Account M anagm ent I nci dent M anagem ent R epudi ati on Shared CROMERR Services Partner Receiving System P r epar e For m s (Data Entr y) QA Fr om s Cer i fy For m s Attestati on I d/ Passwor d K B Q/ 20-5-1 E-Si gn
Partner System Tools Comprised of CROMERR System Functions Necessary For CROMERR Checklist Compliance Registration Tool Account Registration and Profile Management Electronic & Paper Identity Proofing Signature Device Registration Electronic Signature Agreement (ESA) / Signature Ceremony Organization / Organization Types / Role Affiliation bound to ESA Help Desk Tool Account Management/Administration Signature Device Management Application / Role Based Access Management Record Repudiation Administration Tool Electronic Signature Agreement Management Organization / Facility Management Record Receiving System Out-of-Band Receipt and Incident Messaging Human Readable Copy of Record Transaction History
Each System Builds Dozens of System Functions Help Desk Administration, Incident Mgmt, Enforcement & Reporting Tools Each State/Tribe or Local Government Partner may have multiple Systems Each System may involve building duplicate functions to delegate to separate organizations, Information Owners, Contractors, and/or Industry. Original Services Conclusions: - A lot of System Functions must be built - A lot of potentially non-standard system functions for enforcement - A lot of CROMERR Checklist Review Time Account P endi ng Exi sti ng News & Adm i n. Cr eati on User User Al er ts Sur vey Acti vi ty P r e-r eg Adm i n. M ai nt. Schedul i ng M gm t. R epor ti ng D i str i buti on SSN CROM ERR D atafl ow CROM ERR P asswor d I nstanti d Copy of P r ovi si on 20-5-1/ K B Q Adm i n Or gani zati on L exi snexi s R ecor d Status Adm i n Adm i n Use & I nvoi ce R epudi ati on R epor ts L i m i ted P (D el egated) P r e- Pr Pogr r rogr ogr am am am / Faci l i ty Speci c Secur i ty Appl Adm i n R egi str ati on Speci i cati fion c Subm i ssi on Adm i ni str ati on Tool s Audi t Speci for Tool fisc Stati sti cs Tool s Tool s R egi str ati on Information Owner Administration & Reporting Tools Account Exi sti ng P endi ng News & Sur vey SSN Adm i n. Cr eati on I nstanti d User User Al er ts M gm t. Acti vi ty P r e-r eg L exi snexi s M ai nt. M ai nt. Schedul i ng R epor ti ng D i str i buti on Usage R epor ts Organization Tools R egi str ati on Shar ed Sponsor Secur e Gr oup Or gani zati on R ol e-b ased R ecor d Adm i ni str ati on M ai l box Tr ansacti on Sponsor Encr ypti on Tool Ser vi ces H i stor y R equests (passwor ds) Individual User Tools R egi str ati on P r ofi l e M anagem ent Secur e M ai l box Ser vi ces Tr ansacti on H i stor y Or gani zati on Tr ansacti on H i stor y
New Pilot Services for Compliance Monitoring Data Portal New Shared CROMERR System Functions CMD Portal
What is New? Enhanced Web Menu-based Shared CROMERR Services Shared CROMERR Registration Tool Shared CROMERR Partner Help Desk Tool Shared CROMERR Dataflow Help Desk Tool Shared CROMERR Company Administration Tool New Web Services Single (or Reduced) Sign On Authentication/Authorization Services Organization Management Web Services Custom Partner/Dataflow Provisioning Customize Privacy Notices by Provider/Partner/Program/Role Administrative tools to Delegate Role/Functions by Partner, and/or Role Custom Home Pages and Help Services by Partner Customize Electronic Signature Agreements (ESA s) & Attestations Customize Identity Proofing and Metadata Collection Requirements Customize Users Control over ability to Revise/Manage their own Profiles Completely Optional and Integrate with Existing Services
Mock Demo Shared CROMERR Registration
Master Home Page Local Home Page
Register By Partner By Program By Program & Role Local Home Bypass w/ parameters
Register By Partner By Program By Program & Role Local Home Bypass w/ parameters
Register By Partner By Program By Program & Role Local Home Bypass w/ parameters Local Home Page Skips Here
Account Profile Organizations Email Verification Identity Proofing Signature Agreements
Many more features Id Proofing by Partner, Dataflow, Role Organization Web Services allow Partners to own and manage their Organization tables (or share) Both Roles and Organizations Optionally Managed by Type so only certain roles see certain Organizations or certain organizations for a specific partner.
Summary New Services and Functions Standard Web Services AND Standard Functions Reduced CROMERR Checklist Review
References and Documentation: SCS Documentation: SCS Demo Tool: http://www.exchangenetwork.net/shared-cromerr-services-ipt/ https://dev.epacdx.net/sharedcromerrservicesdemo MILESTONES SCS State Registration: SCS Owner Administration SCS Organization Administration (e.g. Sponsorship) In Development Oct. 1, 2015 Production Goal Jan. 2016 SCS Reduced Sign On
Shared CROMERR Appendix
Flexible Registration * ** * * * * * * * * Implemented ** Ability to Customize Registration, Skip (or hide) menus
SCS Updates and Improvements Over 19 States have tested or are now using Shared CROMERR Services Two systems are managed in Production Major New Services are becoming available that drastically reduce effort Compliance Monitoring Data (CMD) Portal Pilot VT RI CT ID TN IN PA Shared CROMERR Services NM MO AL IA NC - In Production IL MI AZ KY
Flexible Registration Skip (or hide) menus (context variables) New User Register Existing User Edit MyProfile P ar tner Skip P r ogr am Categor y (option) Fl ow R ol e (option) Base Registration Enti ty/ Obj ects FR S I d M gm t User I denti ty/ Cr edenti al P r ovi der / D om ai n Email Confirmation 1 Or gani zati on Contact I nformation Custom Company I d (option) Custom I nput H ol d P endi ng (option) 1 P r evious ESA and P r oofing meets Assur ance Levels Policy Based Services I denti ty Assur ance Control Assurance of Identity proofing beyond Level 1 email (Paper/Elec.) Shar ed Assur ances (option) Eliminate CDX Redundant id & business proofing, and/ or ESAs from participating Programs B usi ness Assur ance (option) Control Business Proofing Assurance searched and/or used (Paper/Elec.) SSN I nstanti d L exi s Nexi s (option) Id Proofing Level 2 / CROMERR Assurance B usi ness I nstanti d L exi s Nexi s esi gnatur e D evi ce 20-5-1 El ectr oni c Si gnatur e Agr eem ent (ESA) Exter nal R ol e Sponsor s (option) (option) (option) (option) (option) Business Proofing Level 2 or above Assurance CROMERR compliant Knowledge Based e- Signature Device esi gnatur e D evi ce B ank car d P aym ent Log bank card and payment transaction to bind to ESA and Forms Sign/e-Sign CROMERR compliant Electronic Signature Agreements Delegate Organization Affiliation & Role approval to Organizations Sponsor L etter Agr eem ent (option) Sign/e-Sign CROMERR compliant Sponsor Letters Or g I d M gmt (option) (option) FR S I d M gmt (option) Control Definition, Affiliation, Source, Confidence Levels for Entities/Objects Object I d M gmt (option) Complementary Web Services Design Path to support additional shared services as they are constructed and integrated into Shared CROMERR Registration