1 / 9

Welcome and Introduction

Welcome and Introduction. James Dyche Systems Manager 5 Technology Park Harrisburg, PA 17110. Achieving security interoperability through common federated identity and privilege management across disparate agencies and agency systems. How it Works. How it Works – User Perspective. 1. 4.

twila
Télécharger la présentation

Welcome and Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome and Introduction • James Dyche • Systems Manager • 5 Technology Park • Harrisburg, PA 17110 • Achieving security interoperability through common federated identity and privilege management across disparate agencies and agency systems

  2. How it Works How it Works – User Perspective 1 4 2 • JNET user tries to link to RISS. • RISS asks user to identify their home agency. • JNET (the home agency) prompts the user for authentication credentials. • RISS accepts the authentication and privileges presented by JNET. 3

  3. JNET Users Participating • ~130 participating JNET users, include: • County - Adult Probation • Adult Probation Supervisors • Probation Officers • State - Adult Probation • Local – Law Enforcement • Chiefs of Police • Detectives • Lieutenants • Police Officers • Sergeants • D.A. Office Staff Members • Domestic Relations Enforcement Officers • Emergency Management Chiefs • TAC Officers

  4. PA JNET Content • JNET services available to GFIPM users: • PA Probation "Fail to Report" Photos and Cases • PA Child Support Warrant Search/Results • PA Amber Alert • Lessons Learned • White pages of PA Justice Staff (Proxy Issue) • PA State Prisoner Locator (Proxy Problems) • Courts Warrants • Secured Court Docket Sheets • Potential Next 90 days: • PA Driver's License Photo Database • PA Dept of Corrections Intake/Exit Photos Approved Approved Approved Approved Approved Approved Approved Approved Pending Pending

  5. Pennsylvania’s Status • GFIPM Status in PA • Infrastructure Installed and Operational • Identity Provider • Service Provider Content Available • JNET Steering Committee Presentation • Agencies still processing approvals for content • Commonwealth IPAM Presentation • Development for Demonstration • Tested out our sites • Testing to make sure users only get to content they are supposed to (This week) • Demonstration (Nov. 1) • Security Penetration Testing (Nov. 7-Nov. 8)

  6. Value to Pennsylvania • Value Consist of Tangible and Intangible • JNET pilot-users access to CISA, RISS with their JNET credentials. • Showcasing JNET content to CISA, RISS, future partners • Proof of Identity provider/Service provider architecture. • Eliminate duplication of registration for JNET and home agency registrars and scores of registrations for each federation user. • Absolute authentication of current user status and privileges for federation users. • Access to JNET GFIPM Site via the Internet w/ FIPS 140-2 and NCIC blessings. • Proof that VPNs, intranets, and private networks are unnecessary for FIPS-140-2 and CJIS security. • VPN Cost Savings – TLS provides a cost effective, conformant encryption solution

  7. Key Success Factors • Federation Users • Simplifies User Sign-On (Single Sign-on Goal) • Significantly Reduces End-User Deployment time • No additional end user software to access federated data (browser Based) • Eliminates the hassle of site registration • Federation Providers • Are in control of users that access their data. • Are still in control of their user base (registration and vetting) • Control access what data they will share • Have minimal cost impact to make content available • Have moderate cost impact to for provider to configure rules based upon identity attributes • Federation Providers decide user assertionsand rules necessary to access their data from across the nation. • Security Solution must respect providers autonomy

  8. Future Potential

  9. Recommended Next Steps • Need GAC’s Continued Support of this Project • Need to continue refining NIEM User Assertion Security package. • Need to keep adding content to the pilots • Consider adding more federations partners focused on expanding the pilot efforts • Continue learning from technical challenges – especially in Identity Mapping and Account Linkage • Need to Understand how Commercial Vendors support Federation using GFIPM’s meta-data base upon SAML

More Related