Single Sign-On, Federated Authentication and Beyond

at NIH

Dr. Peter AltermanNational Institutes of Health

2

About NIH• National Institutes of Health (NIH)• Operating division of the U.S. Department

of Health & Human Services (HHS)• Primary Federal agency for conducting and supporting biomedical research

3

External Users

• NIH provides financial support to researchers around the world.

• NIH invests over $28 billion in medical research each year.

$23 Billion for Researchers Outside NIH

83% goes to almost 50,000 competitive grants that support over 325,000

researchers outside NIH.

$5 Billion for Researchers Inside NIH

4

Authentication Services at NIH

NIH iTrustMultifunction single sign-on (SSO) and federated

authentication service consisting of:

• NIH Login – links internal users at NIH to internal and departmental (HHS) applications and electronic resources

• NIH Federated Login – links external users to NIH and departmental (HHS) applications and resources

5

NIH Login

• In production since 2003

• Over 35,000 NIH users, 238 applications, 450 URLs

• Over 2.5 million transactions per day

• Single Sign-On (SSO), including use of Personal Identity Verification (PIV) Cards

• Authenticated web services

6

NIH Federated Login – In Production Since 2007

• Leverages existing credentials

• Expands support for up to 55,000 internal and 10 million external users:

− Grants and research activities (wikis, SharePoint, Grids)

− Library services

− Acquisition services

− Enterprise/departmental applications

− Cross-agency, government-wide collaborations

7

Federated Partners: Authentication at All Four Levels of Assurance

• Government Departments and Agencies • Any PKI cross-certified with the Federal PKI

Architecture, directly or indirectly (via Bridge CAs).• InCommon Federation – identity and access

management federation for the higher education and research communities; 25 major universities access NIH resources through InCommon.

• Open Identity Exchange (OpenID and Information Card Foundations) are working with industry leaders such as AOL, Equifax, Google, PayPal, VeriSign, and Yahoo

8

Federated View

9

Trust framework provider

General Services Administration

Private-sector identity

providers

U.S. Government

websites

Assessors& auditors

Disputeresolvers

User

Federated Authentication at NIH: OIX

10

Trust framework provider

General Services Administration

Universities

U.S. government websites

Assessors& auditors

Disputeresolvers

User

Federated Authentication at NIH: InCommon

InCommon Federation

Provider websites

11

Trust Framework Provider: Federal PKIArchitecture

Federal Agencies

Assessors& auditors

Disputeresolvers

User

Federated Authentication at NIH: PKI

US Government websites

CertiPathSAFE-BioPharma

HEBCA

Cross-certified CAsAnd PKI Bridges

12

Key Points

• Aligns with FICAM’s IdM reference segment architecture• Integrates with HHS Operating Divisions and other

departments and agencies• Promotes both interoperability and standards• Meets the needs of researchers and clinicians• Saves time and money• Offers quick implementation

For Further Information

Dr. Peter AltermanPeter.alterman@nih.gov

Debbie BucciDebbie.Bucci@nih.gov

NIH Integration Services CenterNIHISCSupport@mail.nih.gov

NIH Center for Information Technologywww.cit.nih.gov

13