NIH Interfederation Activities NIH Interfederation Activities and Status: Federal PKIand Status: Federal PKI

Peter Alterman, Ph.D.Peter Alterman, Ph.D.Asst. CIO for E-Authentication, NIH and Asst. CIO for E-Authentication, NIH and

Chair, Federal PKI Policy AuthorityChair, Federal PKI Policy Authority

EDUCAUSE 2007 2

NIH E-Authentication Initiative GoalsNIH E-Authentication Initiative Goals

• Researchers use their institutional identity credentials to authenticate to NIH online applications and services

• Build a reliablereliable, securesecure, trustedtrusted IT infrastructure that supports e-authentication

EDUCAUSE 2007 3

NIH E-Authentication Initiative GoalsNIH E-Authentication Initiative Goals

• Researchers use their institutional identity credentials to authenticate to NIH online applications and services

• Build a reliablereliable, securesecure, trustedtrusted IT infrastructure that supports e-authentication

EDUCAUSE 2007 4

Current NIH InitiativesCurrent NIH Initiatives

• Interfederated with InCommon higher education Identity Management Federation at OMB LOA 1: low/no risk applications put online and consume identity credentials issued by universities that are members of InCommon;

• Extend interfederation agreement to OMB LOA 2 applications for universities that issue higher-assurance credentials under the InCommon Federation Silver program – for moderate risk applications (ETA 1/08);

• Direct trust relationship with University of Texas System Public Key Infrastructure

EDUCAUSE 2007 5

NIH Pilot LOA 1 ApplicationsNIH Pilot LOA 1 Applications

• NLM Proxy Redirector (initial application )

• Good Clinical Practice (GCP)

• Community for Advanced Graduate Training (CAGT)

• NIH Login/ADFS/MOSS integration (general collaboration)

• More to follow

EDUCAUSE 2007 6

NIH Pilot LOA 2 ApplicationsNIH Pilot LOA 2 Applications

• Electronic Research Administration (eRA)

• caBIG data (via Grid interoperability?)

• Firebird (FDA, SAFE, NIAID involvement)

• More to follow

EDUCAUSE 2007 7

End State for NIHEnd State for NIH

• All NIH outward-facing, online apps risk assessed and credential LOA requirements determined

• Credential validation infrastructure and/or linkages at production operational level

• All NIH outward-facing, online apps connected to NIH Login front end with validation service enabling infrastructure (e.g., Shibboleth, etc.)

• End State achieved… ???

EDUCAUSE 2007 8

Federal PKI Update

EDUCAUSE 2007 9

Fed PKI: View from 20,000 kmFed PKI: View from 20,000 km

FBCA

C4

eGCA (3)

Common Policy CA (HSPD-12)

CertiPath

SSPs

Industry PKIs

CertiPath SSP(HSPD-12-comparable)

SAFE

Industry PKIs

Serving all otherAgencies

EDUCAUSE 2007 10

Fed PKI: View from 20,000 kmFed PKI: View from 20,000 km

FBCA

C4

eGCA (3)

Common Policy CA (HSPD-12)

CertiPath

SSPs

Industry PKIs

CertiPath “SSP”

DOD DHSNASA CommerceUSPS USPTOHHS DOE IL DOJ State DOD/ECAGPO DOD/Interop TreasuryWells FargoMIT LLUTexasSxCommercial “SSP-like”

Serving all otherAgencies

BoeingRaytheonLockheed Martin

VeriSignCybertrustORCTreasuryGPOExostarEntrust/CygnacomIdenTrusT?

Total: 15 – 20Musers

EAF member CSPsTLS certs

SAFE

Industry PKIsJohnson & JohnsonMerckPfizerProcter & GambleSanofi-AventisTAP Pharmaceuticals

Abbott Labs AstraZenecaBristol-Myers SquibbGenzymeGlaxoSmithKlineINC Research

(HSPD-12-comparable)State of VA first responders

~ 500k users!

EDUCAUSE 2007 11

Interoperability InitiativesInteroperability Initiatives

• CertiPathCertiPath – Federal Bridge cross-certification complete

• SAFESAFE PKI Bridge and services – supporting digitally-signed electronic forms and document management

• inCommoninCommon –assertion-based technology, LOA 1 & 2 – demonstration projects with NSF – interfederation with NIH NOWNOW

EDUCAUSE 2007 12

ResourcesResources

• altermap@mail.nih.gov

• http://csrc.nist.gov/pki

• www.cio.gov/fpkipa

• www.cio.gov/ficc

• www.cio.gov/eauthentication

• www.smartcardalliance.org