Title: E-Authentication Overview
1E-Authentication Overview Technical Approach
Technical Track Session
2E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Policy Framework
- Technical Approach
- Interoperability Lab
3Policy Infrastructure
1. Establish e-Authentication risk and assurance
levels for Governmentwide use (OMB M-04-04
Federal Policy Notice 12/16/03)
2. Establish standard methodology for
e-Authentication risk assessment (ERA)
3. Establish technical assurance standards for
e-credentials and credential providers (NIST
Special Pub 800-63 Authentication Technical
Guidance)
4. Establish methodology for evaluating
credentials/providers on assurance criteria
(Credential Assessment Framework)
6. Establish common business rules for use of
trusted 3rd-party credentials
5. Establish trust list of trusted credential
providers for govt-wide (and private sector) use
4OMB 04-04
Assurance Level Impact Profiles Assurance Level Impact Profiles Assurance Level Impact Profiles Assurance Level Impact Profiles
Potential Impact Categories for Authentication Errors 1 2 3 4
Inconvenience, distress or damage to standing or reputation Low Mod Mod High
Financial loss or agency liability Low Mod Mod High
Harm to agency programs or public interests N/A Low Mod High
Unauthorized release of sensitive information N/A Low Mod High
Personal Safety N/A N/A Low Mod High
Civil or criminal violations N/A Low Mod High
5NIST SP 800-63
Assurance Level Assurance Level Assurance Level Assurance Level
Allowed Token Types 1 2 3 4
Hard crypto token ? ? ? ?
Soft crypto token ? ? ?
Zero knowledge password ? ? ?
One-time Password Device ? ? ?
Strong password ? ?
PIN ? ?
6E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Technical Approach
- Assertion Based Authentication
- Certificate Based Authentication
- Interoperability Lab
7E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Technical Approach
- Assertion Based Authentication
- Overview
- Management
- SAML (Security Assertion Markup Language)as an
Adopted Scheme - Certificate Based Authentication
- Interoperability Lab
8Base Case
9Starting at the AA
10Startingat the CS
11SpecializedPortals
12E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Technical Approach
- Assertion Based Authentication
- Overview
- Management
- SAML as an Adopted Scheme
- Certificate Based Authentication
- Interoperability Lab
13EmergingTechnology
14SchemeTranslator
15E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Technical Approach
- Assertion Based Authentication
- Overview
- Management
- SAML as an Adopted Scheme
- Certificate Based Authentication
- Interoperability Lab
16SAML 1.0Artifact ProfileBase Case
17SAML 1.0Artifact Profile Single Sign-On
18SAML 1.0Artifact ProfileGovernance
19E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Technical Approach
- Assertion Based Authentication
- Certificate Based Authentication
- Interoperability Lab
20ValidationService
21LocalValidation
22CertificatesAt LowerAssuranceApplications
Scheme Translator
Step 4 The ST uses the validation service
to validate the certificate
23E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Technical Approach
- Interoperability Lab
- Product Testing
- Technical Support
- CS / AA Testing
24- COTS (Commercial Off The Shelf) Product Testing
- Scheme compliance
- Interoperability
AAs CSs
25- Product Testing
- See List of Approved Vendors
26- COTS Product Testing
- Certificate Validation
27E-Authentication Architecture Evolution
- Architecture Working Group
- Evaluating Evolving Standards
- Scheme Translators
28E-Authentication Interoperability Lab
- Technical Support
- Interoperability Testing
- SAML Conformance Testing
- Acceptance Testing
- Approved Product List
- Cookbook / Recipes
- Extensive Experience in All These Areas
29E-Authentication Technical Approach
- Agenda
- E-Authentication Overview
- Technical Approach
- Interoperability Lab
30Resources
- http//www.cio.gov/eauthentication
- interoplab_at_enspier.com
- Additional Contacts
- Chris Louden - 703-299-3444 Chris.louden_at_enspier.c
om - Andrew Chiu - 703-299-3444 Andrew.chiu_at_enspier.com
- Steve Lazerowich - 703-299-3444
- Steve.lazerowich_at_enspier.com
- David Simonetti - 410-356-2260
- David.simonetti_at_enspier.com
31Contact Information
- I appreciate your feedback and comments.
- I can be reached at
- Scott Lowry
- scott_at_enspier.com
- 202-236-8221