Post on 26-Dec-2015
E-Authentication:The Need for Open-Standards in
Implementing E-Government
October 6, 2004
The E-Authentication Initiative
2
The E-Authentication Initiative
Government to Citizen
Government to Government Internal Effectiveness & Efficiency
1. USA Service 2. IRS Free File 3. E-Loans 4. Recreation One Stop5. GovBenefits
1. E-Vital 2. Grants.gov3. Disaster Mgmt4. Geospatial One Stop 5. SAFECOM
1. E-Training 2. Recruitment One Stop3. Enterprise HR Integration4. E-Clearance 5. E-Travel 6. Integrated Acquisition7. E-Records Management8. Payroll/HR
E-Government Strategy: Improving Service for Citizens
Managing PartnerOPMOPMOPMOPMGSAGSANARAOPM
Managing PartnerSSAHHSFEMADOI
FEMA
Managing Partner
GSATreasDoEdDOIDOL
Government to Business1. Federal Asset Sales2. Online Rulemaking Mgmt3. Expanding Tax Products for Businesses4. Consolidated Health Informatics 5. Business Gateway6. International Trade Process Streamlining
Managing Partner GSAEPATreas
HHSSBADOC
E-Authentication
3
The E-Authentication Initiative
E-Authentication provides a blueprint for online identity validation that will enable the American public to access government services in a secure, trusted environment with credentials of their choosing
What is the E-Authentication Initiative?
E-Authentication Enables E-Government
4
The E-Authentication Initiative
What are the Goals of the Initiative?
Build and enable mutual trust needed to support wide-spread use of electronic interactions between the public and Government
Minimize the burden on the public when obtaining trusted electronic services from the Government
Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs
The Result: Businesses & individuals will be empowered to conduct business with Government at all levels using e-identity credentials provided by trusted institutions
5
The E-Authentication Initiative
The E-Authentication Service Concept
Credential Service Provider
Agency Application
Access Point
Application User
Step 3Step 2Step 1
Step 1:
At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider
Step 2:
•User is redirected to selected credential service provider
•If user already possesses credential, user authenticates
•If not, user acquires credential and then authenticates
Step 3:
Credential service hands off authenticated user to the agency application she selected at the access point
6
The E-Authentication Initiative
GovernmentsFederal
States/LocalInternational
Higher EducationUniversities
Higher EducationPKI Bridge
HealthcareAmerican Medical Association
Patient Safety Institute
Travel Industry AirlinesHotels
Car RentalTrusted Traveler Programs
Federated Identity: Confidence, Convenience & Choice for Citizens
E-Commerce Industry ISPs
Internet AccountsCredit Bureaus
eBay
IdentityTrust Network
Financial Services IndustryHome Banking
Credit/Debit Cards
The E-Authentication Initiative is leveraging federated identity, the reuse of credentials, and private sector solutions to improve service to citizens
7
The E-Authentication Initiative
Critical Elements of E-Authentication
POLICY•Governance•Certification•Liability•Business Model•Dispute resolution
APPLICATIONS•6500 G2B & G2C applications•Gov’t Paperwork Elimination Act•OMB mandates
TECHNOLOGY•Federated model•Standards based•COTS based•Flexible, scalable•Extensible
CREDENTIAL SERVICE PROVIDERSBanks:•Inherently trusted •Regulatory infrastructure•Know your customer philosophy
8
The E-Authentication Initiative
E-Authentication’s Architecture
Open Standards-based, federated identity management
Security Assertion Markup Language (SAML) 1.0 in place now, SAML 2.0 support planned, as soon as is practical
Liberty Alliance and WS-Federation support is also planned
Interoperability Lab in place to identify products, test products and credential services and track the evolution of the technology
9
The E-Authentication Initiative
Standards-based Interoperability Is Key
Agency Application
E-Auth PMO
Interoperability Lab
Approved Technology Provider List
Technology Vendors
Step 1: Vendor brings product to Lab
Step 2: If interoperable, product added to approved provider list
Step 3: Agency selects technology products from interoperable product list
Step 4: Agency purchases product from vendor and implements E-Authentication
10
The E-Authentication Initiative
Assess COTS Interoperability
Evaluate new Scheme against
requirements
Pilot
Migrate, Translate, or Both.
Adopt
Adoption Lifecycle
Start
11
The E-Authentication Initiative
Accomplishments to Date
Published E-Authentication Architecture We have driven interoperability within SAML 1.0 market List of seven approved, interoperable products
Trusted Credential Service Providers (CSPs) 12 CSPs currently on the E-Authentication Federal Trust List Actively pursuing reuse of financial institution credentials
Applications Multiple pilots in progress Additional pilots ready to roll out More than 100 applications are near-term targets
12
The E-Authentication Initiative
What OASIS Can Do for E-Authentication
Continue to aid development of open standards, like SAML 2.0
Build/Implement standards testing lab or service – we built it for SAML 1.0 because there wasn’t one we could use
Support our work in key areas: Developing business rules Policy Business models Cultivating CSPs Driving standards