US Environmental Protection Agency Central Data Exchange

							U.S. Environmental Protection Agency Central Data Exchange
EPA E-Authentication Pilot
NOLA Network Node Workshop
February 28, 2005

E-Authentication Background - 1 • What is E-Authentication?
– E-Authentication is the process of confirming the identity of individuals who:
• want to access a computer system or network, or

• Create an electronic signature.

– E-Authentication involves issuing/managing credentials (PIN, password, digital certificate, etc.) and validating them when they are presented by an individual for sign-on or signature

January 19, 2005 2

E-Authentication Background - 2 • What is the Federal E-Authentication Initiative?
– Vision: credential re-use across computer systems – Goal: minimize need for multiple credentials, reducing burden on anyone who uses government systems –
• • • • federal employees businesses ordinary citizens state and local government officials

– Other Benefits:
• Private/public sector interoperability • Single sign-on • Economies of scale – shared infrastructure for issuing, managing and validating credentials

January 19, 2005 3

E-Authentication Background - 3 • What is the Federal E-Authentication Architecture?
– Design to allow computer systems to accept credentials that they did not issue – General Services Administration (GSA) lead – Key components include:
• • • • E-Authentication Portal GSA Step-Down Translator Federal Bridge Accredited Certificate Authorities

– Two approaches
• PKI – Federal Bridge for Certificate Authority (CA) interoperability • PINs/Passwords – Security Assertion Mark-up Language (SAML) architecture to protect secrecy of PIN or password

January 19, 2005 4

E-Authentication Background - 4
• GSA’s Federal Bridge
– An “authority” that establishes that a CA’s certificates can be “trusted” – A hardware / software system that helps users access CA information needed to validate a certificate

• GSA’s SAML Approach
– Establishes “trust circles” between CA’s that issue PINs/Passwords (e.g. financial institutions) and government agencies that can rely on them – Provides architecture for E-Authentication based on SAML assertion from CA to relying government agency – Architecture includes E-Authentication Portal and Step-Down Translator

January 19, 2005 5

Network E-Authentication Pilot Overview
• An EPA/GSA partnership to show how States can use the Network to participate in E-Authentication architecture.
• Approach involves:
– Integrating the Network with the GSA architecture; – Leveraging the Network’s E-Authentication interface to provide credential validation services to any State partner that can access the network; – States using the Network services to accept either PKI certificates or SAML assertions – for either system access or signature.

• The Pilot is currently in the planning and design phase. • Completion is scheduled for October, 2005

January 19, 2005 6

Goals • Show that the Network can:
– Bring credential inter-operability to our State partners – Provide credential validation services to States that don’t want to invest in their own PKI or SAML functionality – Offer enormous economies of scale for E-Authentication

• Help States meet Cross-Media Electronic Reporting and Record-keeping Rule (CROMERRR) standards, by
– Providing access to credentials that satisfy identity-proofing requirements, that States don’t have to issue/manage – Allowing use of digital signatures without States having to acquire their own PKI capabilities.

January 19, 2005 7

Requirements of States to Participate
• Ideally, participating States would have:
– A Web browser-based application that requires user authentication, and would benefit by upgrading to SAML- or interoperable PKI-based authentication – 2 hours/week (Mar 05 – Oct 05) to invest in weekly work sessions – Up to 40-80 hours to upgrade their systems to interface with EAuthentication components

•

Participants start by filling in a questionnaire to determine how well their application would fit into the Pilot

•

EPA’s Office of Environmental Information (OEI) will provide participating States with all the software, credentials, and technical support they need for the Pilot

January 19, 2005 8

Benefits to Pilot Participants
1. Experience using CDX/E-Authentication services, with GSA-subsidized technical support, including access to designers of the E-Authentication infrastructure.

2. The chance to help shape how EPA/GSA offer E-Authentication services to States -- so that they take account of any special participant needs.
3. Information to help make better long-term system investment decisions, with a better understanding of the available E-Authentication options.

January 19, 2005 9

For more information, contact:
David Schwarz 202-566-1704 Schwarz.david@epa.gov

January 19, 2005 10