U S Environmental Protection Agency Central Data Exchange

  • Slides: 10
Download presentation
U. S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node

U. S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005

E-Authentication Background - 1 • What is E-Authentication? – E-Authentication is the process of

E-Authentication Background - 1 • What is E-Authentication? – E-Authentication is the process of confirming the identity of individuals who: • want to access a computer system or network, or • Create an electronic signature. – E-Authentication involves issuing/managing credentials (PIN, password, digital certificate, etc. ) and validating them when they are presented by an individual for sign-on or signature January 19, 2005 2

E-Authentication Background - 2 • What is the Federal E-Authentication Initiative? – Vision: credential

E-Authentication Background - 2 • What is the Federal E-Authentication Initiative? – Vision: credential re-use across computer systems – Goal: minimize need for multiple credentials, reducing burden on anyone who uses government systems – • • federal employees businesses ordinary citizens state and local government officials – Other Benefits: • Private/public sector interoperability • Single sign-on • Economies of scale – shared infrastructure for issuing, managing and validating credentials January 19, 2005 3

E-Authentication Background - 3 • What is the Federal E-Authentication Architecture? – Design to

E-Authentication Background - 3 • What is the Federal E-Authentication Architecture? – Design to allow computer systems to accept credentials that they did not issue – General Services Administration (GSA) lead – Key components include: • • E-Authentication Portal GSA Step-Down Translator Federal Bridge Accredited Certificate Authorities – Two approaches • PKI – Federal Bridge for Certificate Authority (CA) interoperability • PINs/Passwords – Security Assertion Mark-up Language (SAML) architecture to protect secrecy of PIN or password January 19, 2005 4

E-Authentication Background - 4 • GSA’s Federal Bridge – An “authority” that establishes that

E-Authentication Background - 4 • GSA’s Federal Bridge – An “authority” that establishes that a CA’s certificates can be “trusted” – A hardware / software system that helps users access CA information needed to validate a certificate • GSA’s SAML Approach – Establishes “trust circles” between CA’s that issue PINs/Passwords (e. g. financial institutions) and government agencies that can rely on them – Provides architecture for E-Authentication based on SAML assertion from CA to relying government agency – Architecture includes E-Authentication Portal and Step-Down Translator January 19, 2005 5

Network E-Authentication Pilot Overview • An EPA/GSA partnership to show States can use the

Network E-Authentication Pilot Overview • An EPA/GSA partnership to show States can use the Network to participate in E-Authentication architecture. • Approach involves: – Integrating the Network with the GSA architecture; – Leveraging the Network’s E-Authentication interface to provide credential validation services to any State partner that can access the network; – States using the Network services to accept either PKI certificates or SAML assertions – for either system access or signature. • The Pilot is currently in the planning and design phase. • Completion is scheduled for October, 2005 January 19, 2005 6

Goals • Show that the Network can: – Bring credential inter-operability to our State

Goals • Show that the Network can: – Bring credential inter-operability to our State partners – Provide credential validation services to States that don’t want to invest in their own PKI or SAML functionality – Offer enormous economies of scale for E-Authentication • Help States meet Cross-Media Electronic Reporting and Record-keeping Rule (CROMERRR) standards, by – Providing access to credentials that satisfy identity-proofing requirements, that States don’t have to issue/manage – Allowing use of digital signatures without States having to acquire their own PKI capabilities. January 19, 2005 7

Requirements of States to Participate • Ideally, participating States would have: – A Web

Requirements of States to Participate • Ideally, participating States would have: – A Web browser-based application that requires user authentication, and would benefit by upgrading to SAML- or interoperable PKI-based authentication – 2 hours/week (Mar 05 – Oct 05) to invest in weekly work sessions – Up to 40 -80 hours to upgrade their systems to interface with EAuthentication components • Participants start by filling in a questionnaire to determine how well their application would fit into the Pilot • EPA’s Office of Environmental Information (OEI) will provide participating States with all the software, credentials, and technical support they need for the Pilot January 19, 2005 8

Benefits to Pilot Participants 1. Experience using CDX/E-Authentication services, with GSA-subsidized technical support, including

Benefits to Pilot Participants 1. Experience using CDX/E-Authentication services, with GSA-subsidized technical support, including access to designers of the E-Authentication infrastructure. 2. The chance to help shape how EPA/GSA offer E-Authentication services to States -- so that they take account of any special participant needs. 3. Information to help make better long-term system investment decisions, with a better understanding of the available E-Authentication options. January 19, 2005 9

For more information, contact: David Schwarz 202 -566 -1704 Schwarz. david@epa. gov January 19,

For more information, contact: David Schwarz 202 -566 -1704 Schwarz. david@epa. gov January 19, 2005 10