National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for...
-
Upload
buddy-jennings -
Category
Documents
-
view
213 -
download
0
description
Transcript of National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for...
National Institutes of National Institutes of HealthHealth
Interfederation InitiativesInterfederation InitiativesPeter Alterman, Ph.D.
Assistant CIO for e-Authentication
2
NIH Interfederation NIH Interfederation GoalsGoals
• Trust credentials issued by business partners at known Levels of Assurance
• Lower costs to all• Simplify transactions for customers
3
NIH Interfederation ProcessNIH Interfederation Process
1. Identify need (internal and/or external process)
2. Engage Policy Mapping with Candidate Federations
3. Engage Technical Interoperability Testing with Candidate Federations
4. Draft and sign MOAs (yes, the lawyers)5. Regular reviews
4
NIH Service Provider ArchitectureNIH Service Provider Architecture
NIH SSO
Level 1 apps
Level 2 apps
Level 3 apps
Level 4 apps
NIH SSONIH SSO
CSP validation Fed PKI validation
LocalAuthZ
LocalAuthZ
LocalAuth
Z
LocalAuth
Z
Level 3 apps
5
Federated Credential Validation Federated Credential Validation ModelModel
NIH SSO
End user credential
Userid/passwords Validated @ issuer
Parse credential
Digital certificates validated directly
@ CA
Digital certificates validated via Federal PKI Architecture
Issuer known/trusted? Reject
no
SAML assertions Validated @ issuer
yes
6
Who Does NIH SSO Trust Now … Who Does NIH SSO Trust Now … and How Much?and How Much?
InCommonMember users:1 (2 pending)
U Tx Sys AdmPKI end users
2
All Feds And Contractors w/HSPD-12 creds
3 & 4
End Users withPKI creds from FPKI xcert CAs
3 & 4
End Users withGrants.gov Userid/pswd
2End Users with
eAuth creds1 & 2Users with
NIH AD Accounts
3
7
Federated Online Apps – Phase Federated Online Apps – Phase II
NCI Tumor Microenvironment Network TMEN
eRA Fed PKI Policy Authority Doc Mgt Sys
HSPD-12NIH Communication Officers Network
Firebird Departmental Systems (cross-Operating Divisions)
Departmental Systems (cross-Operating Divisions)
NIAID Training caBIG/caGridNIH Library NCRR Grant
Reporting System
NICHD Clinical reporting system
Level 1 apps Level 2 apps Level 3 apps Level 4 apps
8
Questions?Questions?
9
U.S. Federal Trust MappingU.S. Federal Trust Mapping
E-Auth Level 1
E-Auth Level 2
E-Auth Level 3
E-Auth Level 4
FPKI Rudimentary;C4
FPKI Medium/HW &Medium/HW-cbp
FPKI Basic
FPKI Medium & Medium-cbp
FPKI High (governments only)
HSPD-12-compatible
HSPD-12-compatible
FRAC, TWIC, ACIS