U.S. Department of Agriculture eGovernment Program Integrated eGovernment Reporting May 2004.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative...
-
Upload
abner-cunningham -
Category
Documents
-
view
215 -
download
0
Transcript of U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative...
U.S. Department of Agriculture
eGovernment Program
July 15, 2003
eAuthentication Initiative Pre-Implementation Status
eGovernment Program
2
U.S. Department of Agriculture eGovernment Program
Agenda
eAuthentication Overview
USDA eAuthentication Solution Components
Agency Integration Responsibilities
eAuthentication Costs and Resources
Questions and Answers
3
U.S. Department of Agriculture eGovernment Program
Customer interactions with USDA, also called transactions, will be transformed to allow customer submission through electronic means
For many interactions, the identity of the person submitting the data needs to be known, either to enable an electronic signature of the form or data, or for informational purposes
eAuthentication encompasses the processes and technology that identify a person electronically and present that information to the application that is accepting the user’s data submission
eAuthentication in the current phase will only support interactions that are presented in a web format over the Internet
What is eAuthentication?
4
U.S. Department of Agriculture eGovernment Program
35 (61%) out of the 57 in-scope interactions require Level 2 Authentication.
Currently, USDA eAuthentication supports Level 1 and Level 2 authentication.
In Scope Interactions
2%
61%
18%
19%
Level 1
Level 2
Level 3
Level 4
Of the 736 interactions scheduled for GPEA compliance for October 2003, 639 require eAuthentication. 57 of these have been completed in the Online Impact Assessment Tool.
eAuthentication Needs
Authentication Levels define the credibility necessary to support a person’s identification. The higher authentication level, the more information is needed to validate a person is who they say they are…
5
U.S. Department of Agriculture eGovernment Program
eAuthentication Schedule
Continue eAuthentication communications in the form of postcards, presentations and integration documentation
Present the Costing Model to Agencies for eAuthentication by July 25, 2003
Distribute the Agency Guidebook by July 25, 2003
•Road map and details for integrating Agency Applications
Begin Implementation on July 28, 2003
•WebCAAF Expansion, Directory Services, Identity Management, User Registration
Initiate GSA Gateway Integration Proof-of-Concept in August 2003
Provide Integration Planning assistance beginning August 2003
Begin integration of applications in September 2003
GPEA Deadline is October 21, 2003
6
U.S. Department of Agriculture eGovernment Program
Agenda
eAuthentication Overview
USDA eAuthentication Solution Components
Agency Integration Responsibilities
eAuthentication Costs and Resources
Questions and Answers
7
U.S. Department of Agriculture eGovernment Program
USDA eAuthentication Solution Components
The USDA eAuthentication solution encompasses four main components…
USDA
eAuthentication
Solution
Technical SolutionTechnical Solution
Identity and
Access ManagementIdentity and
Access Management
Registration ProcessRegistration Process
Presidential Initiative
(GSA Gateway)Presidential Initiative
(GSA Gateway)
8
U.S. Department of Agriculture eGovernment Program
USDA eAuthentication Solution Components
Technical SolutionTechnical Solution
Internet
Router Switch
RouterSwitch
INTERNET
INTRANET
FIR
EW
AL
LID
S
AC
LN
AT
Enforcer
WEB FARMS
www.xyz.usda.gov
Enforcer
USDA Network
FIREWALL
ALTERNATIVE HOSTING
FACILITY
Policy Server
Policy Stores
User Stores
• “Enforcer” – web agent installed on the agency’s web server to perform authentication. Communicates with central authentication system in Web Farm
• “Web Farm” – secure, redundant hosting facility that hosts the USDA eAuthentication solution
• “Firewall Stack” – set of network and security devices that protects the USDA network from the Internet. The Web Farm Firewall Stack is part of the USDA eAuthentication C&A
• “User Stores” – central USDA user store. Maintains information about the user that is common across agencies. Agency-specific user stores maintain more detailed information if needed
• “Policy Server” and “Policy Store” – core components of the USDA authentication solution. Ties together enforcers and user stores through “policies”
www.abc.gov/form1
9
U.S. Department of Agriculture eGovernment Program
Password Services –
Enforcement of strong password standards and allow password maintenance such as password changes, password expiration, etc
Self Services –
Administration of user information without calling the USDA help desk. This is non-authentication information such as the user’s phone number and username, not information about the user’s relationship with the agency or his permission to access certain web applications
Delegated Administration –
Administration access to the central user store to establish users access to agency’s applications
Help Desk –
Assistance with authentication related issues such as password resets, directions to a registration center etc. The USDA Help Desk is not able to help with application-specific questions. Agencies must provide contact information for application-specific problems
USDA eAuthentication Solution Components
Identity and
Access ManagementIdentity and
Access Management
10
U.S. Department of Agriculture eGovernment Program
Self Service Registration for Level 1 Assurance
Registration for the most basic form of authentication, not a strong indicator of the user’s actual identity since it relies on information from the user, but is useful in some settings such as web site personalization
Identification Proofing for Higher Levels
Validation of identity by a Local Registration Authority. Currently this identity-proofing must be done in-person
• Service Center or other Local Registration Authorities
Agency-specific Authorization Profile Creation
Authorization of a which users may access their applications. Each agency may create a set of conditions based on the common user information that is collected or may create web pages to collect additional information.
USDA eAuthentication Solution Components
Registration ProcessRegistration Process
11
U.S. Department of Agriculture eGovernment Program
Agency Web
Servers
USDA Logon
Servers
Internet
GSA
Gateway
ECP ECP ECP
The GSA Gateway is the Presidential Initiative solution for eAuthentication. USDA’s integration approach is to create a single point of integration with the GSA Gateway, through the USDA eAuthentication solution.
The USDA eAuthentication solution and GSA Gateway integration will occur once the Gateway is complete
An integration proof-of-concept is planned for August, 2003
Applications will integrate with the USDA eAuthentication solution, which will connect to the GSA Gateway, so each agency application will not have to be integrated separately with the GSA Gateway
Upon completion, Agency applications will receive the benefits of the GSA Gateway
USDA eAuthentication Solution Components
Presidential Initiative
(GSA Gateway)Presidential Initiative
(GSA Gateway)
USDA
eAuthentication
12
U.S. Department of Agriculture eGovernment Program
eAuthentication Overview
USDA eAuthentication Solution Components
Agency Integration Responsibilities
eAuthentication Costs and Resources
Questions and Answers
Agenda
13
U.S. Department of Agriculture eGovernment Program
Oct 21
GPEA Deadline
Agency Integration Responsibilities
August OctoberSeptemberJuly
eForms/eAuth Design
Meetings
Build Coordination
Meetings
Test/Certification Meetings
Production Readiness
ID ’03 Funding
ID ’04 Funding
ID GPEA-Compliant
Interactions
Select Forms tool(s)
Complete Authentication Impact Profile Assessment
Confirm GPEA Functional
Team
Confirm GPEA Technical
Team
Design eAuth Registration Components
Design eAuth Identity & Access
Management Components
Design eForms System
Process OMB Approvals
Create Technical Design for
eAuth components
Build Technical eAuth components
Build eForms System
Develop On-Line Alternatives Communications plan
Implement eAuth Registration Components
Implement eAuth Identity & Access
Management Components
Publish Communications
eForms System
Test
Train LRAs
Train Agency Admins
Request eRecords
Disposition Authority
Certify LRA
process
eForms System Go-Live
14
U.S. Department of Agriculture eGovernment Program
Logon Server
Technical SolutionTechnical Solution
Agency Integration Responsibilities
FIR
EW
AL
LID
S
AC
LN
AT
Web Farm Hosting Environment
Policy Server
User Stores
Policy Server
Policy Stores
User Stores
Logon Server
Login Pages
Authentication Registration
Pages
Production Environment
Identity Management
Services Pages
EnforcerEnforcer
Web Server
www.xyz.com
Authorization Pages
Logon Server
Login Pages
Authentication Registration
Pages
Identity Management
Services Pages
Policy Server
Policy Stores
User Stores
Test Environments
Create web application on supported web server
Assist in installation of web “enforcer”
Decide what user information your agency applications need to receive from the central user store in the form of header variables
Give eAuthentication team information to integrate new “enforcer” into eAuthentication system
Build web pages to collect any additional user information for authorization
15
U.S. Department of Agriculture eGovernment Program
Authorization Pages
User StoresIdentity
Management Services PagesHelp Desk
User Stores
Users
Password Services
User Self-Administration
Delegated Administration
Agency Integration Responsibilities
Identity and
Access ManagementIdentity and
Access Management
Authorization Processes and Role
Definition
Build a process to decide whether a user should be allowed to access your agency’s applications
If that process requires any user information that is not collected by the central registration procedure, build “authorization registration” web pages to collect this information (including company representation)
Designate and train agency administrators to “authorize” users in the eAuthentication system for agency applications
Maintain a list of customer/company representative relationships
Map USDA Customer IDs to Agency Customer IDs
16
U.S. Department of Agriculture eGovernment Program
User StoresAuthentication
Registration Pages
UsersAgency-Specific
LRAs
Level 1 Self-Registration
Email Verification
Level 2 LRA Registration
Level 1 Self Registration
Level 2 In-Person Registration
Identity Proofing
Procedure
Agency-Specific
LRAs
Identity Proofing
Procedure
Agency Integration Responsibilities
Registration ProcessRegistration Process
Determine if Service Centers will provide “Local Registration Authority” (LRA) services for your user population
If not, create identity proofing processes and training for your LRAs following USDA standards
Communicate registration processes and requirements to your users
17
U.S. Department of Agriculture eGovernment Program
Presidential Initiative
(GSA Gateway)Presidential Initiative
(GSA Gateway)
Integrate with USDA eAuthentication solution
Alert USDA eAuthentication team of any applications/interactions that require higher levels of credentials than the eAuthentication passwords (through the online tool)
Work with eAuthentication team to identify sources of credentials from GSA Gateway providers
Agency Integration Responsibilities
Agency Web
Servers
USDA Logon
Servers
Internet
GSA
Gateway
ECP ECP ECP
USDA
eAuthentication
18
U.S. Department of Agriculture eGovernment Program
eAuthentication Overview
USDA eAuthentication Solution Components
Agency Integration Responsibilities
eAuthentication Costs and Resources
Questions and Answers
Agenda
19
U.S. Department of Agriculture eGovernment Program
The fixed and variable costs for the eAuthentication initiative are broken out as follows…
Cost distribution calculations/algorithms need to be created quickly, any suggestions on how the cost should be allocated?
eAuthentication Costs
FY 2003 Total Costs $1,550,000
FY 2004 Total Costs $5,700,000
FY 2004 Variable Costs $1,525,000
FY 2004 Fixed Costs $4,175,000
20
U.S. Department of Agriculture eGovernment Program
eAuthentication Resource Needs
USDA eAuthentication Solution Team Technical Services Team
Integration Team
Agency Solution Team Integration Team
• Business process and user communities expertise
Technical Team • Developers representing the Agency application
21
U.S. Department of Agriculture eGovernment Program
eAuthentication Overview
USDA eAuthentication Solution Components
Agency Integration Responsibilities
eAuthentication Costs and Resources
Questions and Answers
Agenda
22
U.S. Department of Agriculture eGovernment Program
Questions and Answers
23
U.S. Department of Agriculture eGovernment Program
For More Information
For more information on the eAuthentication Initiative, please review the eAuthentication Frequently Asked Questions on the eGovernment site:
http://www.egov.usda.gov/resources/teamspace/team_resources.html
Please contact the eGovernment team for username and password.