national institutes of health interfederation initiatives peter alterman, ph.d. assistant cio for...
DESCRIPTION
3 NIH Interfederation Process 1.Identify need (internal and/or external process) 2.Engage Policy Mapping with Candidate Federations 3.Engage Technical Interoperability Testing with Candidate Federations 4.Draft and sign MOAs (yes, the lawyers) 5.Regular reviewsTRANSCRIPT
![Page 1: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/1.jpg)
National Institutes of National Institutes of HealthHealth
Interfederation InitiativesInterfederation InitiativesPeter Alterman, Ph.D.
Assistant CIO for e-Authentication
![Page 2: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/2.jpg)
2
NIH Interfederation NIH Interfederation GoalsGoals
• Trust credentials issued by business partners at known Levels of Assurance
• Lower costs to all• Simplify transactions for customers
![Page 3: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/3.jpg)
3
NIH Interfederation ProcessNIH Interfederation Process
1. Identify need (internal and/or external process)
2. Engage Policy Mapping with Candidate Federations
3. Engage Technical Interoperability Testing with Candidate Federations
4. Draft and sign MOAs (yes, the lawyers)5. Regular reviews
![Page 4: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/4.jpg)
4
NIH Service Provider ArchitectureNIH Service Provider Architecture
NIH SSO
Level 1 apps
Level 2 apps
Level 3 apps
Level 4 apps
NIH SSONIH SSO
CSP validation Fed PKI validation
LocalAuthZ
LocalAuthZ
LocalAuth
Z
LocalAuth
Z
Level 3 apps
![Page 5: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/5.jpg)
5
Federated Credential Validation Federated Credential Validation ModelModel
NIH SSO
End user credential
Userid/passwords Validated @ issuer
Parse credential
Digital certificates validated directly
@ CA
Digital certificates validated via Federal PKI Architecture
Issuer known/trusted? Reject
no
SAML assertions Validated @ issuer
yes
![Page 6: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/6.jpg)
6
Who Does NIH SSO Trust Now … Who Does NIH SSO Trust Now … and How Much?and How Much?
InCommonMember users:1 (2 pending)
U Tx Sys AdmPKI end users
2
All Feds And Contractors w/HSPD-12 creds
3 & 4
End Users withPKI creds from FPKI xcert CAs
3 & 4
End Users withGrants.gov Userid/pswd
2End Users with
eAuth creds1 & 2Users with
NIH AD Accounts
3
![Page 7: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/7.jpg)
7
Federated Online Apps – Phase Federated Online Apps – Phase II
NCI Tumor Microenvironment Network TMEN
eRA Fed PKI Policy Authority Doc Mgt Sys
HSPD-12NIH Communication Officers Network
Firebird Departmental Systems (cross-Operating Divisions)
Departmental Systems (cross-Operating Divisions)
NIAID Training caBIG/caGridNIH Library NCRR Grant
Reporting System
NICHD Clinical reporting system
Level 1 apps Level 2 apps Level 3 apps Level 4 apps
![Page 8: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/8.jpg)
8
Questions?Questions?
![Page 9: National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication](https://reader036.vdocuments.mx/reader036/viewer/2022082910/5a4d1b887f8b9ab0599bd655/html5/thumbnails/9.jpg)
9
U.S. Federal Trust MappingU.S. Federal Trust Mapping
E-Auth Level 1
E-Auth Level 2
E-Auth Level 3
E-Auth Level 4
FPKI Rudimentary;C4
FPKI Medium/HW &Medium/HW-cbp
FPKI Basic
FPKI Medium & Medium-cbp
FPKI High (governments only)
HSPD-12-compatible
HSPD-12-compatible
FRAC, TWIC, ACIS