CROMERR Made Easier - The Exchange Network · · 2015-09-28CROMERR Made Easier Eric Cleckler,...
38
CROMERR Made Easier Eric Cleckler, Alabama DEM Greg Mitchell, U.S. EPA 2015 Exchange Network National Meeting Supporting the Business of Environmental Protection September 29–October 1, 2015 Sheraton Philadelphia Society Hill Hotel Philadelphia, Pennsylvania http://www.exchangenetwork.net/en2015
Transcript of CROMERR Made Easier - The Exchange Network · · 2015-09-28CROMERR Made Easier Eric Cleckler,...
CROMERR Made Easier Eric Cleckler, Alabama DEM
Greg Mitchell, U.S. EPA
2015 Exchange Network National Meeting Supporting the Business of Environmental Protection
September 29–October 1, 2015 Sheraton Philadelphia Society Hill Hotel
Philadelphia, Pennsylvania
http://www.exchangenetwork.net/en2015
ABSTRACT
Shared CROMERR Services (SCS) is a group of web services aimed at making the implementation of CROMERR easier. EPA is working to address some of the pain points that early adopters have faced.
2
CROMERR Made Easier
• What is SCS?
• What does SCS look like?
• How does SCS make CROMERR easier?
• Lessons Learned
• Issues that still need to be worked out
3
What is SCS? • Shared CROMERR Services
• Group of web services
• Covers 4 things: – Registration and Account Management – Identity Proofing – Signature Device – Signature Ceremony and Copy of Record
4
Background
• 09/27/2012 - Shared CROMERR Charter (18 States)
• 10/18/2012 - Component Guidance and Recommendations
• 11/15/2012 - Exchange Network/Grant Applicant Outreach (e.g. vote)
• 03/14/2013 - Application Status and Outreach Results
• 03/30/2013 - Prototype SCS services and offer SCS Toolkit
• 2013 – 2015 – Integrated Project Teams for State Partners
Exchange Network Shared CROMERR Services Website http://www.exchangenetwork.net/shared-cromerr-services-ipt/
- In Production
TN
CT
ID
IL MI
MO
NM
PA
IN
RI
VT
NC
AZ
KY
IA
AL
Shared CROMERRServices
Shared CROMERR History
Shared CROMERR Toolkit
https://dev.epacdx.net/SharedCromerrServicesDemo http://www.exchangenetwork.net/shared-cromerr-services-ipt/
CROMERR Made Easier
• What is SCS?
• What does SCS look like?
• How does SCS make CROMERR easier?
• Lessons Learned
• Issues that still need to be worked out
7
What does SCS look like?
8
9
What does SCS look like?
10
11
12
13
What does SCS look like?
Whatever you want it to look like!
14
CROMERR Made Easier
• What is SCS?
• What does SCS look like?
• How does SCS make CROMERR easier?
• Lessons Learned
• Issues that still need to be worked out
15
How does SCS make CROMERR easier? • Lots of code that you don’t have to write
• Much easier CROMERR checklist
• Details of storage, backups, retention, etc. handled for you
• One account can span multiple applications by default
16
CROMERR Made Easier
• What is SCS?
• What does SCS look like?
• How does SCS make CROMERR easier?
• Lessons Learned
• Issues that still need to be worked out
17
Lessons Learned • From a programmer perspective, SCS is fairly
straight-forward.
• Submit your CROMERR application before you think you should.
• Username collisions
• Test often and in every environment.
18
CROMERR Made Easier
• What is SCS?
• What does SCS look like?
• How does SCS make CROMERR easier?
• Lessons Learned
• Issues that still need to be worked out
19
Issues that still need to be worked out
• LexisNexis via popup often fails
• Documentation needs to be updated and in some cases created
20
Partner Registration
User Identity/Credentials
Applications/Services/RolesExistingUser
MyProfile
NewUser
Register
Prepare/Sign Reports
Shared CROMERR Services
Partners Build System Tools Using Existing Standard CROMERR Services
Partner Receiving System
QA Fr oms
P r epar e For ms
(Data Ent r y)
Cer i fy For ms
K B Q/
20-5-1
I d/
P asswor dE-Si gn
At testat i on
Partner Admin Tools (Help Desk)
Account
M anagmentR epudi at i on
I nci dent
M anagement
Partner System Tools Comprised of CROMERR System Functions Necessary For
CROMERR Checklist Compliance • Registration Tool
– Account Registration and Profile Management – Electronic & Paper Identity Proofing – Signature Device Registration – Electronic Signature Agreement (ESA) / Signature Ceremony – Organization / Organization Types / Role Affiliation bound to ESA
• Help Desk Tool – Account Management/Administration – Signature Device Management – Application / Role Based Access Management – Record Repudiation Administration Tool – Electronic Signature Agreement Management – Organization / Facility Management
• Record Receiving System – Out-of-Band Receipt and Incident Messaging – Human Readable Copy of Record Transaction History
Each State/Tribe or Local Government Partner may have multiple Systems
Each System may involve building duplicate functions to delegate to
separate organizations, Information Owners, Contractors, and/or Industry.
Original Services Conclusions:
- A lot of System Functions must be built
- A lot of potentially non-standard system functions for enforcement
- A lot of CROMERR Checklist Review Time
Information Owner Administration & Reporting Tools
Account
Cr eat i on
P r e-R egDi st r i but i on
Exi st i ng
User
M ai nt .
P endi ng
User
M ai nt .
Admi n.
Act i vi ty
R epor t i ng
News &
Aler ts
Schedul i ng
Sur vey
M gmt.
Help Desk Administration, Incident Mgmt, Enforcement & Reporting Tools
P endi ng
User
Admi n.
Admi n.
Act i vi ty
R epor t i ng
News &
Aler ts
Schedul i ng
Sur vey
M gmt.
SSN
I nstant I d
L exi sNexi s
Usage
R epor ts
SSN
I nstant I d
L exi sNexi s
Use &
I nvoi ce
R epor ts
P asswor d
Admi nCR OM ER R
20-5-1/ K B Q
Admi n
CR OM ER R
Copy of
R ecor d
R epudi at i on
Dataf l ow
P r ovi si on
Status
Or gani zat i on
Admi n
L i m i ted
(Delegated)
Admi n
for
R egi st r at i on
Faci l i t y
Admi n i st r at i on
P r e-
R egi st r at i on
P r ogr am
Speci f i c
Tool sSubmi ssi on
Stat i st i cs
Secur i ty
Audi t
Tool s
P r ogr am
Speci f i c
Tool s
P r ogr am/
Appl i cat i on
Speci f i c
Tool s
Exi st i ng
User
M ai nt .
Account
Cr eat i on
P r e-R egDi st r i but i on
Organization Tools
R egi st r at i on
R ole-B ased
Sponsor
R equests
Sponsor
Admi ni st r at i on
Tool
Secur e Gr oup
M ai l box
Ser vi ces
Shar ed
R ecor d
Encr ypt i on
(passwor ds)
Or gani zat i on
Tr ansact i on
H i stor y
Individual User Tools
R egi st r at i onP r of i l e
M anagement
Secur e
M ai l box
Ser vi ces
Tr ansact i on
H i stor y
Or gani zat i on
Tr ansact i on
H i stor y
Each System Builds Dozens of System Functions
New Pilot Services for Compliance Monitoring Data Portal
CMD Portal New Shared CROMERR System Functions
What is New? • Enhanced Web Menu-based Shared CROMERR Services
– Shared CROMERR Registration Tool – Shared CROMERR Partner Help Desk Tool – Shared CROMERR Dataflow Help Desk Tool – Shared CROMERR Company Administration Tool
• New Web Services – Single (or Reduced) Sign On Authentication/Authorization Services – Organization Management Web Services
• Custom Partner/Dataflow Provisioning – Customize Privacy Notices by Provider/Partner/Program/Role – Administrative tools to Delegate Role/Functions by Partner, and/or Role – Custom Home Pages and Help Services by Partner – Customize Electronic Signature Agreements (ESA’s) & Attestations – Customize Identity Proofing and Metadata Collection Requirements – Customize Users Control over ability to Revise/Manage their own Profiles
Completely Optional and Integrate with Existing Services
Mock Demo
Shared CROMERR Registration
• Master Home Page
• Local Home Page
• By Partner
• By Program
• By Program & Role
• Local Home Bypass w/ parameters
Register
• By Partner • By Program
• By Program & Role
• Local Home Bypass w/ parameters
Register
• By Partner
• By Program • By Program &
Role • Local Home Bypass w/
parameters
• Local Home Page Skips Here
Register
• Account Profile
• Organizations • Email
Verification • Identity
Proofing • Signature
Agreements
Many more features • Id Proofing by Partner, Dataflow, Role • Organization Web Services allow
Partners to own and manage their Organization tables (or share)
• Both Roles and Organizations Optionally Managed by Type so only certain roles see certain Organizations or certain organizations for a specific partner.
Summary • New Services and Functions
• Standard Web Services AND Standard Functions
• Reduced CROMERR Checklist Review
References and Documentation:
http://www.exchangenetwork.net/shared-cromerr-services-ipt/ SCS Documentation: SCS Demo Tool: MILESTONES SCS State Registration: SCS Owner Administration SCS Organization Administration (e.g. Sponsorship) SCS Reduced Sign On
https://dev.epacdx.net/SharedCromerrServicesDemo
In Development Oct. 1, 2015 Production Goal Jan. 2016
Shared CROMERR Appendix
Flexible Registration
Ability to Customize Registration, Skip (or hide) menus
* * * * * *
* Implemented
* **
*
**
SCS Updates and Improvements • Over 19 States have tested
or are now using Shared CROMERR Services
• Two systems are managed in Production
• Major New Services are becoming available that drastically reduce effort
• Compliance Monitoring Data (CMD) Portal Pilot
- In Production
TN
CT
ID
IL MI
MO
NM
PA
IN
RI
VT
NC
AZ
KY
IA
AL
Shared CROMERRServices
Flexible Registration
Policy Based Services
Base Registration
SSN
I nstant I d
L exi s
Nexi s
Exter nal
R ole
Sponsor s
eSi gnatur e
Devi ce
20-5-1
Shar ed
Assur ances
ExistingUser EditMyProfile
(option) (option)
Elect r oni c
Si gnatur e
Agr eement
(ESA)
(option)
Email Confirmation
FR S I d
M gmt
B usi ness
I nstant I d
L exi s
Nexi s
(option) (option) (option)
(option)
Or gani zat i on
Contact I n for mat i onP r ogr am
Categor yFlow
User I dent i ty/
Cr edent i al
Ent i ty/
Obj ectsR ole
(option)(option)
NewUser
Register H old
P endi ng
Sponsor
L et terAgr eement
(option)
I dent i ty
Assur ance
B usi ness
Assur ance
(option)(option)
Id ProofingLevel 2 / CROMERRAssurance
Business Proofing Level 2 or above Assurance
CROMERR compliant Knowledge Based e-Signature Device
Sign/e-SignCROMERR compliant ElectronicSignatureAgreements
DelegateOrganizationAffiliation &Role approval toOrganizations
Sign/e-SignCROMERR compliantSponsor Letters
Custom
Company I d(option)
Custom
I nput
1
1P revious ESA and P roofing meets Assurance Levels
ComplementaryWeb Services
eSi gnatur e
Devi ce
B ank car d
P ayment
Log bank card and payment transaction to bind to ESA and Forms
Control Assurance of Identity proofing beyond Level 1 email(Paper/Elec.)
Control Business Proofing Assurance searched and/or used(Paper/Elec.)
Eliminate CDXRedundant id & business proofing, and/or ESAs from participating Programs
FR S I d
M gmt
Control Definition, Affiliation, Source, Confidence Levels for Entities/Objects
Org I d
M gmt
(option)
Object I d
M gmt
(option) (option)(option)
P ar tner
P r ovi der /
Domai n
Skip
Skip (or hide) menus (context variables)
Design Path to support additional shared services as they are constructed and integrated into Shared CROMERR Registration
