national institutes of health interfederation initiatives peter alterman, ph.d. assistant cio for...
DESCRIPTION
3 NIH Interfederation Process 1.Identify need (internal and/or external process) 2.Engage Policy Mapping with Candidate Federations 3.Engage Technical Interoperability Testing with Candidate Federations 4.Draft and sign MOAs (yes, the lawyers) 5.Regular reviewsTRANSCRIPT
National Institutes of National Institutes of HealthHealth
Interfederation InitiativesInterfederation InitiativesPeter Alterman, Ph.D.
Assistant CIO for e-Authentication
2
NIH Interfederation NIH Interfederation GoalsGoals
• Trust credentials issued by business partners at known Levels of Assurance
• Lower costs to all• Simplify transactions for customers
3
NIH Interfederation ProcessNIH Interfederation Process
1. Identify need (internal and/or external process)
2. Engage Policy Mapping with Candidate Federations
3. Engage Technical Interoperability Testing with Candidate Federations
4. Draft and sign MOAs (yes, the lawyers)5. Regular reviews
4
NIH Service Provider ArchitectureNIH Service Provider Architecture
NIH SSO
Level 1 apps
Level 2 apps
Level 3 apps
Level 4 apps
NIH SSONIH SSO
CSP validation Fed PKI validation
LocalAuthZ
LocalAuthZ
LocalAuth
Z
LocalAuth
Z
Level 3 apps
5
Federated Credential Validation Federated Credential Validation ModelModel
NIH SSO
End user credential
Userid/passwords Validated @ issuer
Parse credential
Digital certificates validated directly
@ CA
Digital certificates validated via Federal PKI Architecture
Issuer known/trusted? Reject
no
SAML assertions Validated @ issuer
yes
6
Who Does NIH SSO Trust Now … Who Does NIH SSO Trust Now … and How Much?and How Much?
InCommonMember users:1 (2 pending)
U Tx Sys AdmPKI end users
2
All Feds And Contractors w/HSPD-12 creds
3 & 4
End Users withPKI creds from FPKI xcert CAs
3 & 4
End Users withGrants.gov Userid/pswd
2End Users with
eAuth creds1 & 2Users with
NIH AD Accounts
3
7
Federated Online Apps – Phase Federated Online Apps – Phase II
NCI Tumor Microenvironment Network TMEN
eRA Fed PKI Policy Authority Doc Mgt Sys
HSPD-12NIH Communication Officers Network
Firebird Departmental Systems (cross-Operating Divisions)
Departmental Systems (cross-Operating Divisions)
NIAID Training caBIG/caGridNIH Library NCRR Grant
Reporting System
NICHD Clinical reporting system
Level 1 apps Level 2 apps Level 3 apps Level 4 apps
8
Questions?Questions?
9
U.S. Federal Trust MappingU.S. Federal Trust Mapping
E-Auth Level 1
E-Auth Level 2
E-Auth Level 3
E-Auth Level 4
FPKI Rudimentary;C4
FPKI Medium/HW &Medium/HW-cbp
FPKI Basic
FPKI Medium & Medium-cbp
FPKI High (governments only)
HSPD-12-compatible
HSPD-12-compatible
FRAC, TWIC, ACIS