Federal PKI Architecture Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
NIH Interfederation Activities and Status: Federal PKI
description
Transcript of NIH Interfederation Activities and Status: Federal PKI
NIH Interfederation Activities NIH Interfederation Activities and Status: Federal PKIand Status: Federal PKI
Peter Alterman, Ph.D.Peter Alterman, Ph.D.Asst. CIO for E-Authentication, NIH and Asst. CIO for E-Authentication, NIH and
Chair, Federal PKI Policy AuthorityChair, Federal PKI Policy Authority
EDUCAUSE 2007 2
NIH E-Authentication Initiative GoalsNIH E-Authentication Initiative Goals
• Researchers use their institutional identity credentials to authenticate to NIH online applications and services
• Build a reliablereliable, securesecure, trustedtrusted IT infrastructure that supports e-authentication
EDUCAUSE 2007 3
NIH E-Authentication Initiative GoalsNIH E-Authentication Initiative Goals
• Researchers use their institutional identity credentials to authenticate to NIH online applications and services
• Build a reliablereliable, securesecure, trustedtrusted IT infrastructure that supports e-authentication
EDUCAUSE 2007 4
Current NIH InitiativesCurrent NIH Initiatives
• Interfederated with InCommon higher education Identity Management Federation at OMB LOA 1: low/no risk applications put online and consume identity credentials issued by universities that are members of InCommon;
• Extend interfederation agreement to OMB LOA 2 applications for universities that issue higher-assurance credentials under the InCommon Federation Silver program – for moderate risk applications (ETA 1/08);
• Direct trust relationship with University of Texas System Public Key Infrastructure
EDUCAUSE 2007 5
NIH Pilot LOA 1 ApplicationsNIH Pilot LOA 1 Applications
• NLM Proxy Redirector (initial application )
• Good Clinical Practice (GCP)
• Community for Advanced Graduate Training (CAGT)
• NIH Login/ADFS/MOSS integration (general collaboration)
• More to follow
EDUCAUSE 2007 6
NIH Pilot LOA 2 ApplicationsNIH Pilot LOA 2 Applications
• Electronic Research Administration (eRA)
• caBIG data (via Grid interoperability?)
• Firebird (FDA, SAFE, NIAID involvement)
• More to follow
EDUCAUSE 2007 7
End State for NIHEnd State for NIH
• All NIH outward-facing, online apps risk assessed and credential LOA requirements determined
• Credential validation infrastructure and/or linkages at production operational level
• All NIH outward-facing, online apps connected to NIH Login front end with validation service enabling infrastructure (e.g., Shibboleth, etc.)
• End State achieved… ???
EDUCAUSE 2007 8
Federal PKI Update
EDUCAUSE 2007 9
Fed PKI: View from 20,000 kmFed PKI: View from 20,000 km
FBCA
C4
eGCA (3)
Common Policy CA (HSPD-12)
CertiPath
SSPs
Industry PKIs
CertiPath SSP(HSPD-12-comparable)
SAFE
Industry PKIs
Serving all otherAgencies
EDUCAUSE 2007 10
Fed PKI: View from 20,000 kmFed PKI: View from 20,000 km
FBCA
C4
eGCA (3)
Common Policy CA (HSPD-12)
CertiPath
SSPs
Industry PKIs
CertiPath “SSP”
DOD DHSNASA CommerceUSPS USPTOHHS DOE IL DOJ State DOD/ECAGPO DOD/Interop TreasuryWells FargoMIT LLUTexasSxCommercial “SSP-like”
Serving all otherAgencies
BoeingRaytheonLockheed Martin
VeriSignCybertrustORCTreasuryGPOExostarEntrust/CygnacomIdenTrusT?
Total: 15 – 20Musers
EAF member CSPsTLS certs
SAFE
Industry PKIsJohnson & JohnsonMerckPfizerProcter & GambleSanofi-AventisTAP Pharmaceuticals
Abbott Labs AstraZenecaBristol-Myers SquibbGenzymeGlaxoSmithKlineINC Research
(HSPD-12-comparable)State of VA first responders
~ 500k users!
EDUCAUSE 2007 11
Interoperability InitiativesInteroperability Initiatives
• CertiPathCertiPath – Federal Bridge cross-certification complete
• SAFESAFE PKI Bridge and services – supporting digitally-signed electronic forms and document management
• inCommoninCommon –assertion-based technology, LOA 1 & 2 – demonstration projects with NSF – interfederation with NIH NOWNOW
EDUCAUSE 2007 12
ResourcesResources
• http://csrc.nist.gov/pki
• www.cio.gov/fpkipa
• www.cio.gov/ficc
• www.cio.gov/eauthentication
• www.smartcardalliance.org