u.s. environmental protection agency central data exchange epa e-authentication pilot nola network...
Post on 18-Dec-2015
220 views
TRANSCRIPT
U.S. Environmental Protection AgencyCentral Data Exchange
EPA E-Authentication Pilot
NOLA Network Node Workshop
February 28, 2005
January 19, 2005
2
E-Authentication Background - 1
• What is E-Authentication?– E-Authentication is the process of confirming the identity of
individuals who:
• want to access a computer system or network, or
• Create an electronic signature.
– E-Authentication involves issuing/managing credentials (PIN, password, digital certificate, etc.) and validating them when they are presented by an individual for sign-on or signature
January 19, 2005
3
E-Authentication Background - 2
• What is the Federal E-Authentication Initiative?– Vision: credential re-use across computer systems
– Goal: minimize need for multiple credentials, reducing burden on anyone who uses government systems –• federal employees
• businesses
• ordinary citizens
• state and local government officials
– Other Benefits:• Private/public sector interoperability
• Single sign-on
• Economies of scale – shared infrastructure for issuing, managing and validating credentials
January 19, 2005
4
E-Authentication Background - 3
• What is the Federal E-Authentication Architecture?– Design to allow computer systems to accept credentials that they
did not issue
– General Services Administration (GSA) lead
– Key components include:• E-Authentication Portal
• GSA Step-Down Translator
• Federal Bridge
• Accredited Certificate Authorities
– Two approaches• PKI – Federal Bridge for Certificate Authority (CA) interoperability
• PINs/Passwords – Security Assertion Mark-up Language (SAML) architecture to protect secrecy of PIN or password
January 19, 2005
5
E-Authentication Background - 4
• GSA’s Federal Bridge
– An “authority” that establishes that a CA’s certificates can be “trusted”
– A hardware / software system that helps users access CA information needed to validate a certificate
• GSA’s SAML Approach– Establishes “trust circles” between CA’s that issue PINs/Passwords (e.g.
financial institutions) and government agencies that can rely on them
– Provides architecture for E-Authentication based on SAML assertion from CA to relying government agency
– Architecture includes E-Authentication Portal and Step-Down Translator
January 19, 2005
6
Network E-Authentication Pilot Overview
• An EPA/GSA partnership to show how States can use the Network to participate in E-Authentication architecture.
• Approach involves:– Integrating the Network with the GSA architecture;
– Leveraging the Network’s E-Authentication interface to provide credential validation services to any State partner that can access the network;
– States using the Network services to accept either PKI certificates or SAML assertions – for either system access or signature.
• The Pilot is currently in the planning and design phase.
• Completion is scheduled for October, 2005
January 19, 2005
7
Goals
• Show that the Network can:
– Bring credential inter-operability to our State partners
– Provide credential validation services to States that don’t want to invest in their own PKI or SAML functionality
– Offer enormous economies of scale for E-Authentication
• Help States meet Cross-Media Electronic Reporting and Record-keeping Rule (CROMERRR) standards, by
– Providing access to credentials that satisfy identity-proofing requirements, that States don’t have to issue/manage
– Allowing use of digital signatures without States having to acquire their own PKI capabilities.
January 19, 2005
8
Requirements of States to Participate
• Ideally, participating States would have:
– A Web browser-based application that requires user authentication, and would benefit by upgrading to SAML- or interoperable PKI-based authentication
– 2 hours/week (Mar 05 – Oct 05) to invest in weekly work sessions
– Up to 40-80 hours to upgrade their systems to interface with E-Authentication components
• Participants start by filling in a questionnaire to determine how well their application would fit into the Pilot
• EPA’s Office of Environmental Information (OEI) will provide participating States with all the software, credentials, and technical support they need for the Pilot
January 19, 2005
9
Benefits to Pilot Participants
1. Experience using CDX/E-Authentication services, with GSA-subsidized technical support, including access to designers of the E-Authentication infrastructure.
2. The chance to help shape how EPA/GSA offer E-Authentication services to States -- so that they take account of any special participant needs.
3. Information to help make better long-term system investment decisions, with a better understanding of the available E-Authentication options.