NIH Identity Federation - PowerPoint PPT Presentation

1 / 23

About This Presentation

Title:

NIH Identity Federation

Description:

NIH Identity Federation Roadmap. NIH Login Begin the journey. NIH ... Clogging system with redundant accounts. Local account store is only source of truth ... – PowerPoint PPT presentation

Number of Views:83

Avg rating:3.0/5.0

Slides: 24

Provided by: donsc5

Category:

more less

Transcript and Presenter's Notes

Title: NIH Identity Federation

1
NIH Identity Federation

Valerie Wampler, CIT/EMIB
Debbie Bucci, CIT/DECA

2
NIH Identity Federation Roadmap

NIH Login Begin the journey
NIH External Further the journey
Define Federation Define the vision
NIH Industry Technologies Realize the vision
Next Steps Expand the vision

3
NIH Login

Promote eBusiness
Single Sign On
Secure
Load balanced
Product CA Site Minder
Customers NIH Institutes web and applications
with authentication requirements

4
NIH Login goals

Network de-perimeterization
Bridging organizational boundaries
Service oriented architecture
Bridging platform boundaries

5
NIH Identity Federation Roadmap

NIH Login Begin the journey
NIH External Further the journey
Define Federation Define the vision
NIH Industry Technologies Realize the vision
Next Steps Expand the vision

6
NIH External

Pre-federation Collaboration
EA Domain Team
Developed Business Process
Defined data elements
AD forest (security boundary)
63 projects
Workflow approval process developed
Self service registration
NIST authorization level 1 and 2
Identity validation done by project owners
Password self service available to NIH External

7
NIH Login, NIH External, AD, Commons

Identity Silos
Clogging system with redundant accounts
Local account store is only source of truth
Manages credentials for internal/external users
Manages permissions for internal/external users

8
Identity Silos
Your EMPLOYEES onyour NETWORK
9
Identity Silos Affect NIH
IT/Helpdesk Productivity
Compliance Risks
End User Productivity
Security Threats

User privacy
End-end auditability

Account setup delays
Forgotten passwords
Many logons

External user account provisioning
External user password resets

Compromised passwords
Excessive Permissions
Dangling accounts

10
NIH Identity Federation Roadmap

NIH Login Begin the journey
NIH External Further the journey
Define Federation Define the vision
NIH Industry Technologies Realize the vision
Next Steps Expand the vision

11
What is meant by Identity Federation?

Standards, technologies and use cases that make
the negotiation and allows an identity or
privileges to be portable
Goal allow an individual to use a single name,
password or other identity to access multiple
applications or data sources securely and
seamlessly

12
NIH Federation Principles

Digital Identity
Federated Identity
Assertion/Claim
Federated Trust
Identity Provider
Service Provider
Relying Party

for more information NIHRFC00028 at
http//enterprisearchitecture.nih.gov/
13
NIH Federation Solution

Use existing technology
Support open industry standards
WS-
XML
SOAL
SAML
STS
Claims Transformation

for more information NIHRFC00028 at
http//enterprisearchitecture.nih.gov/
14
Assertion/Claims Transformation

The idea of claims transformation is the most
important technical advance in distributed
computing for at least a decade. It is so
powerful that it wasnt even fully understood
until we began to build things with it.

Kim Cameron, Microsoft Chief Identity Architect
15
Federation Flow Example
User
User approves release of token
7
Client
User select digital identity
4
Client tries to access a resource
1
Request Security Token sent to IP
5
3
Which IPs can satisfy RPs policy
RP provides identity requirements policy
2
6
IP returns security token
8
Assertion/Claim released to RP
Identity Provider(IP)
Relying Party(RP)/Service Provider (SP)
16
NIH Identity Federation Roadmap