from collaboration to integration... page: 1 november 2, 2006 welcome and introduction james dyche...
TRANSCRIPT
...From Collaboration to Integration...
Page: 1November 2, 2006
Welcome and Introduction
James DycheSystems Manager5 Technology ParkHarrisburg, PA 17110
Achieving security interoperability through common federated identity and privilege management across disparate agencies and agency systems
...From Collaboration to Integration...
Page: 2November 2, 2006
1. JNET user tries to link to RISS.
2. RISS asks user to identify their home agency.
3. JNET (the home agency) prompts the user for authentication credentials.
4. RISS accepts the authentication and privileges presented by JNET.
How it WorksHow it Works – User Perspective
...From Collaboration to Integration...
Page: 3November 2, 2006
JNET Users Participating
~130 participating JNET users, include:County - Adult Probation
• Adult Probation Supervisors• Probation Officers
State - Adult Probation Local – Law Enforcement
• Chiefs of Police• Detectives• Lieutenants• Police Officers• Sergeants
D.A. Office Staff MembersDomestic Relations Enforcement OfficersEmergency Management ChiefsTAC Officers
JNET GFIPM Users
Local - Law Enforcement Community Service Officer
Emergency Management County - Adult Probation
TAC Officer County - District Attorney
Domestic Relations Enforcement Officer
...From Collaboration to Integration...
Page: 4November 2, 2006
PA JNET Content
JNET services available to GFIPM users: PA Probation "Fail to Report" Photos and Cases PA Child Support Warrant Search/Results PA Amber Alert Lessons Learned White pages of PA Justice Staff (Proxy Issue) PA State Prisoner Locator (Proxy Problems) Courts Warrants Secured Court Docket Sheets
Potential Next 90 days: PA Driver's License Photo Database PA Dept of Corrections Intake/Exit Photos
Pending
Approved
Pending
Approved
Approved
Approved
Approved
Approved
Approved
Approved
...From Collaboration to Integration...
Page: 5November 2, 2006
Pennsylvania’s Status
GFIPM Status in PA Infrastructure Installed and Operational
•Identity Provider•Service Provider Content Available
JNET Steering Committee Presentation•Agencies still processing approvals for content
Commonwealth IPAM Presentation Development for Demonstration Tested out our sites Testing to make sure users only get to
content they are supposed to (This week) Demonstration (Nov. 1) Security Penetration Testing (Nov. 7-Nov.
8)
...From Collaboration to Integration...
Page: 6November 2, 2006
Value to Pennsylvania
Value Consist of Tangible and Intangible JNET pilot-users access to CISA, RISS with their
JNET credentials. Showcasing JNET content to CISA, RISS, future
partners Proof of Identity provider/Service provider
architecture. Eliminate duplication of registration for JNET and
home agency registrars and scores of registrations for each federation user.
Absolute authentication of current user status and privileges for federation users.
Access to JNET GFIPM Site via the Internet w/ FIPS 140-2 and NCIC blessings.
Proof that VPNs, intranets, and private networks are unnecessary for FIPS-140-2 and CJIS security.
VPN Cost Savings – TLS provides a cost effective, conformant encryption solution
...From Collaboration to Integration...
Page: 7November 2, 2006
Key Success Factors
Federation Users Simplifies User Sign-On (Single Sign-on Goal) Significantly Reduces End-User Deployment time No additional end user software to access federated data
(browser Based) Eliminates the hassle of site registration
Federation Providers Are in control of users that access their data. Are still in control of their user base (registration and
vetting) Control access what data they will share Have minimal cost impact to make content available Have moderate cost impact to for provider to configure
rules based upon identity attributes Federation Providers decide user assertions and rules
necessary to access their data from across the nation. Security Solution must respect providers autonomy
...From Collaboration to Integration...
Page: 9November 2, 2006
Need GAC’s Continued Support of this Project
Need to continue refining NIEM User Assertion Security package.
Need to keep adding content to the pilots
Consider adding more federations partners focused on expanding the pilot efforts
Continue learning from technical challenges – especially in Identity Mapping and Account Linkage
Need to Understand how Commercial Vendors support Federation using GFIPM’s meta-data base upon SAML
Recommended Next Steps