Upload
kathryn-murphy
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Federated Authentication at NIH: Federated Authentication at NIH: Trusting External Credentials at Trusting External Credentials at
Known Levels of AssuranceKnown Levels of Assurance
Debbie Bucci and Peter AltermanNovember, 2009
Page 2
Context
• Background and History
• InCommon (Shibboleth-SAML)
• OpenID
• PKI and PIV
• Future Plans
integration Services Center (ISC)Contact: [email protected]
Page 3
About NIHAbout NIH
integration Services Center (ISC)Contact: [email protected]
• National Institutes of Health (NIH)• Part of the U.S. Dept. of Health & Human Services• Primary Federal
agency for conducting
and supporting
biomedical research
Page 4
NIH LoginNIH Login
integration Services Center (ISC)Contact: [email protected]
NIH Login is the first Federated Identity
Management service initiated at NIH and has been in production since February 2003.
Page 5
Consuming Many Credential Technologies,Consuming Many Credential Technologies,Federations and Trust Framework ProvidersFederations and Trust Framework Providers
integration Services Center (ISC)Contact: [email protected]
1. Validating credentials2. Processing Levels of Assurance3. Passing valid assertions and LOA to applications
Powered by CA SiteMinder
Page 6
NIH Login TodayNIH Login Today
• Supports approximately internal and external 35,000 users
• Number of systems:– 202 Service Level Agreements– 450 URLs
• Over 1 million transactions per day
integration Services Center (ISC)Contact: [email protected]
Page 7
External Users External Users
integration Services Center (ISC)Contact: [email protected]
NIH provides financial support to researchers around the world.
NIH invests over $28 billion in medical research each year.
7
$28 Billion in Medical Research
83% goes to almost 50,000 competitive grants that support over 325,000 researchers outside of
NIH.
Page 8Website: http://EnterpriseArchitecture.nih.govContact: [email protected]
NIH Federated LoginNIH Federated Login
Page 9Website: http://EnterpriseArchitecture.nih.govContact: [email protected]
Federal GovernmentFederal Government
• SAML Identity Providers – Northrop Grumman’s GovTrip, InCommon Wiki, Indiana CTS
• Federated with other HHS agencies– Food and Drug Administration (ADFS 1.0)– HHS Shared Services – Health Resources and Services Administration
• NIH PIV– Level 3 software certificates at FPKI Medium– Level 4 PIV cards at FPKI High
• Certificates cross-certified with Federal Bridge– DOD and Aerospace– SAFE Pharma– Other agencies
Page 10Website: http://EnterpriseArchitecture.nih.govContact: [email protected]
NIH and InCommonNIH and InCommon
Page 11Website: http://EnterpriseArchitecture.nih.govContact: [email protected]
NIH and InCommon – FutureNIH and InCommon – Future
• LOA - 2 (silver) Pilot with e-Grants – Production expected in FY11 with 200,000
users• Additional Services:
– Multiple Institute/Center SharePoint instances– Proxy to multiple managed services– Additional scientific wikis
Page 12Website: http://EnterpriseArchitecture.nih.govContact: [email protected]
NIH and OpenIDNIH and OpenID
• Current Status: Full implementation pending OpenID Foundation approval as Trust Framework Provider and Foundation members’ compliance with Federal OpenID profile and scheme
• Early LOA-1 applications targeting use of OpenID credentials National Library of Medicine Medical wikis Conference registration Regional library access Others
• Early OpenID providers Google Yahoo AOL Microsoft
Page 13Website: http://EnterpriseArchitecture.nih.govContact: [email protected]
Next StepsNext Steps
• Production service with OpenID member credential providers
• InCommon member credential providers at LOA-2• Continue adding NIH and other Agency apps as relying
parties• Add InfoCard to the mix – open NIH-wide• Identity Provider discovery/workflow – need to present a
scalable, user-friendly interface
Page 14Website: http://EnterpriseArchitecture.nih.govContact: [email protected]
Contact Information
• NIH Federated Login– http://federatedidentity.nih.gov– http://isc.nih.gov– [email protected]
• NIHEnterprise Architecture– http://enterprisearchitechure.nih.gov
• NIH Enterprise Architecture Community in the NIH Portal– [email protected]