90 likes | 152 Views
Welcome and Introduction. James Dyche Systems Manager 5 Technology Park Harrisburg, PA 17110. Achieving security interoperability through common federated identity and privilege management across disparate agencies and agency systems. How it Works. How it Works – User Perspective. 1. 4.
E N D
Welcome and Introduction • James Dyche • Systems Manager • 5 Technology Park • Harrisburg, PA 17110 • Achieving security interoperability through common federated identity and privilege management across disparate agencies and agency systems
How it Works How it Works – User Perspective 1 4 2 • JNET user tries to link to RISS. • RISS asks user to identify their home agency. • JNET (the home agency) prompts the user for authentication credentials. • RISS accepts the authentication and privileges presented by JNET. 3
JNET Users Participating • ~130 participating JNET users, include: • County - Adult Probation • Adult Probation Supervisors • Probation Officers • State - Adult Probation • Local – Law Enforcement • Chiefs of Police • Detectives • Lieutenants • Police Officers • Sergeants • D.A. Office Staff Members • Domestic Relations Enforcement Officers • Emergency Management Chiefs • TAC Officers
PA JNET Content • JNET services available to GFIPM users: • PA Probation "Fail to Report" Photos and Cases • PA Child Support Warrant Search/Results • PA Amber Alert • Lessons Learned • White pages of PA Justice Staff (Proxy Issue) • PA State Prisoner Locator (Proxy Problems) • Courts Warrants • Secured Court Docket Sheets • Potential Next 90 days: • PA Driver's License Photo Database • PA Dept of Corrections Intake/Exit Photos Approved Approved Approved Approved Approved Approved Approved Approved Pending Pending
Pennsylvania’s Status • GFIPM Status in PA • Infrastructure Installed and Operational • Identity Provider • Service Provider Content Available • JNET Steering Committee Presentation • Agencies still processing approvals for content • Commonwealth IPAM Presentation • Development for Demonstration • Tested out our sites • Testing to make sure users only get to content they are supposed to (This week) • Demonstration (Nov. 1) • Security Penetration Testing (Nov. 7-Nov. 8)
Value to Pennsylvania • Value Consist of Tangible and Intangible • JNET pilot-users access to CISA, RISS with their JNET credentials. • Showcasing JNET content to CISA, RISS, future partners • Proof of Identity provider/Service provider architecture. • Eliminate duplication of registration for JNET and home agency registrars and scores of registrations for each federation user. • Absolute authentication of current user status and privileges for federation users. • Access to JNET GFIPM Site via the Internet w/ FIPS 140-2 and NCIC blessings. • Proof that VPNs, intranets, and private networks are unnecessary for FIPS-140-2 and CJIS security. • VPN Cost Savings – TLS provides a cost effective, conformant encryption solution
Key Success Factors • Federation Users • Simplifies User Sign-On (Single Sign-on Goal) • Significantly Reduces End-User Deployment time • No additional end user software to access federated data (browser Based) • Eliminates the hassle of site registration • Federation Providers • Are in control of users that access their data. • Are still in control of their user base (registration and vetting) • Control access what data they will share • Have minimal cost impact to make content available • Have moderate cost impact to for provider to configure rules based upon identity attributes • Federation Providers decide user assertionsand rules necessary to access their data from across the nation. • Security Solution must respect providers autonomy
Recommended Next Steps • Need GAC’s Continued Support of this Project • Need to continue refining NIEM User Assertion Security package. • Need to keep adding content to the pilots • Consider adding more federations partners focused on expanding the pilot efforts • Continue learning from technical challenges – especially in Identity Mapping and Account Linkage • Need to Understand how Commercial Vendors support Federation using GFIPM’s meta-data base upon SAML