Upload
terence-edwards
View
218
Download
0
Embed Size (px)
Citation preview
U.S. Department of Agriculture
eGovernment Program
August 14, 2003
eAuthentication Agency ApplicationPre-Design Meeting
eGovernment Program
2
U.S. Department of Agriculture eGovernment Program
Agenda
Overview of the eAuthentication effort
Determine eAuthentication “Prerequisite” status
Agency Application Integration Form
Integration Schedule
3
U.S. Department of Agriculture eGovernment Program
Customer interactions with USDA, will be transformed to allow customer submission through electronic means in order to meet the Government Paperwork Elimination Act
For many interactions, the identity of the person submitting the data needs to be known, either to enable an electronic signature of the form or data, for informational purposes, or to provide verified information for further contact
eAuthentication encompasses the processes and technology that identify a person electronically and present that information to the web application that is accepting the user’s data submission
eAuthentication in the current phase will only support interactions that are presented in a web format over the Internet and that require Level 1 or Level 2 Assurance
eAuthentication is applied at the application level. Agencies may integrate multiple applications each with multiple interactions
What is eAuthentication?
4
U.S. Department of Agriculture eGovernment Program
USDA eAuthentication Solution Components
The USDA eAuthentication solution encompasses four main components…
USDA
eAuthentication
Solution
Technical SolutionTechnical Solution
Identity and
Access ManagementIdentity and
Access Management
Registration ProcessRegistration Process
Presidential Initiative
(GSA Gateway)Presidential Initiative
(GSA Gateway)
5
U.S. Department of Agriculture eGovernment Program
USDA eAuthentication Solution Components
Technical SolutionTechnical Solution
“Enforcer” – web agent installed on the agency’s web server to perform authentication. Communicates with central authentication system in Web Farm
“User Stores” –Central storage of USDA Common Data. Maintains common user information in 1 location that can be utilized by all agencies. User Store data can be passed to agency applications in Header Variables
“Policy Server” and “Policy Store” – core components of the USDA authentication solution. Ties together enforcers and user stores through “policies”
Internet
Router Switch
RouterSwitch
INTERNET
INTRANET
FIR
EW
AL
LID
S
AC
LN
AT
Enforcer
WEB FARMS
www.xyz.usda.gov
Enforcer
USDA Network
FIREWALL
ALTERNATIVE HOSTING
FACILITY
Policy Server
Policy Stores
User Stores
www.abc.gov/form1
6
U.S. Department of Agriculture eGovernment Program
USDA eAuthentication Solution Components
Technical SolutionTechnical Solution
Questions for Technical users:
What type of Application and Web Server, or Web Server is being used?
What Operating System is used?
Where will it be hosted?
How is the User Information stored? What type of database is used?
Issues to think about: How do you plan to map your data to the USDA Common Data?
7
U.S. Department of Agriculture eGovernment Program
USDA Registration Process
eAuthentication will support a central registration process for users of all USDA agencies User self-registration for Level 1 password
User creates a unique username and password and enters personal information. Once this information is entered, it is stored as Common Data in the USDA directory and can be accessed by any of the agencies using a Unique Identifier or UID. User information at Level 1 is not verified.
Identity Proofing of the User for Level 2 password
Level 1 credentials can be elevated to Level 2 credentials if the user’s name can be verified through identity proofing. In-person identity proofing is performed in a Service Center or other Local Registration Authorities provided by participating agencies.
Questions for Business users: Expected user population:
Number? Type?
How many interactions will be available via this application? Will you need to Identity Proof your users? Which ones?
Registration ProcessRegistration Process
8
U.S. Department of Agriculture eGovernment Program
eAuthentication Access Management Functions
Identity and
Access ManagementIdentity and
Access Management
User Registration Level 1
User Registration Level 2 with ID Proofing
User Help Desk Services: Change Password
Forgotten Password
Other user self service maintenance
USDA LRA: USDA Common Data
Application Administrator: Can delegate administration to
Agency Administrators to assign users to Agency Specific Roles
Don’t forget about Training your Administrators
Application Administration: Authorization is based upon Agency
Specific Data, as managed by agency
Can also be based on USDA Common Data passed as header variables from eAuthentication to the Agency
AuthenticationeAuthentication verifies that
the user is who they claim to be
Access ControlGive or deny access to a specific URL based on functionality and
information stored in eAuthentication system
AuthorizationAllow or Deny a user to perform
certain actions based on
functionality within an Application
Help Desk
Logging
Alerts
Reports
Supporting Mgmt
Features
Process Steps ID/Access Control Mgmt Features
9
U.S. Department of Agriculture eGovernment Program
Agency Web
Servers
USDA Logon
Servers
GSA
Gateway
ECP ECP ECP
USDA
eAuthentication
Internet
The GSA Gateway is the Presidential Initiative solution for eAuthentication. USDA’s integration approach is to create a single point of integration with the GSA Gateway, through the USDA eAuthentication solution.
The USDA eAuthentication solution and GSA Gateway integration will occur once the Gateway is complete
An integration proof-of-concept is planned for August, 2003
Applications will integrate with the USDA eAuthentication solution, which will connect to the GSA Gateway, so each agency application will not have to be integrated separately with the GSA Gateway
Upon completion, Agency applications will receive the benefits of the GSA Gateway
USDA eAuthentication Solution Components
Presidential Initiative
(GSA Gateway)Presidential Initiative
(GSA Gateway)
10
U.S. Department of Agriculture eGovernment Program
Agenda
Overview of the eAuthentication effort
Determine eAuthentication “Pre-requisite” status
Agency Application Integration Form
Integration Schedule
11
U.S. Department of Agriculture eGovernment Program
July Pre-requisite Checklist
Identify your GPEA implementation team and Application Development teams
Identify the GPEA compliant interactions which will be available electronically by Oct 21 and which require eAuthentication, and complete impact profile assessments for each of these interactions
Identify the applications that will be hosting the interactions electronically
Identify an application developer(s) or owner(s) who can describe the high-level architecture of the application
Review the Agency Guidebook, especially sections 1, 2 and 3 http://www.egov.usda.gov/intranet/eauth_docs.html
Initiate planning about the high-level decisions of access control, authorization and registration as described in the agency guidebook
Select Electronic Submission web tool
Identify FY ‘03 funding sources
12
U.S. Department of Agriculture eGovernment Program
Agenda
Overview of eAuthentication effort
Determine eAuthentication “Pre-requisite” status
Agency Application Integration Form
Integration Schedule
13
U.S. Department of Agriculture eGovernment Program
Agency Application Integration Form
The application Integration form needs to be completed for each application before the design meeting. This form is available electronically at http://www.egov.usda.gov/intranet/eauth_docs.html
Decision makers may determine that Registration Processes, Access Control and Authorization Data are not required beyond the standard capability delivered by the USDA eAuthentication system. These components are described in detail in the Agency Guidebook available electronically at http://www.egov.usda.gov/intranet/eauth_docs.html
14
U.S. Department of Agriculture eGovernment Program
Agenda
Overview of eAuthentication effort
Determine eAuthentication “Pre-requisite” status
Agency Application Integration Form
Integration Schedule
15
U.S. Department of Agriculture eGovernment Program
August OctoberSeptemberJuly
Pre-Design Meeting
Aug 15th
Build Coordination
Meetings
Test/Certification Meetings
Integrated Reporting Meetings
Train LRAs
Train Admins
Production Readiness
Complete Pre-requisites
July 31stReview Agency
Guidebook
August 15th
Integration Testing
October 3rd
Integrate Development Environment
Aug 22nd - Sep 19th
Complete Integration Form
August 22nd
Integrate Production Environment
October 13th - 17th
Complete Testing and GO LIVE
October 21th
Integrate Test Environment
Sept 22nd - Oct 3rd
Design Meeting
Aug 22nd
Integration Schedule
16
U.S. Department of Agriculture eGovernment Program
Agenda
Overview of eAuthentication effort
Determine eAuthentication “Pre-requisite” status
Agency Application Integration Form
Integration Schedule
18
U.S. Department of Agriculture eGovernment Program
For More Information
For more information on the eAuthentication Initiative, please review the eAuthentication Frequently Asked Questions on the eGovernment site:
http://www.egov.usda.gov/intranet/eauth_docs.html
Please contact the eGovernment team for username and password.
Email: [email protected]
Telephone Number: 202-720-6144