Transcript Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health.

Single Sign-On, Federated
Authentication and Beyond
at NIH
Dr. Peter Alterman
National Institutes of Health
About NIH
• National Institutes of Health (NIH)
• Operating division of the U.S. Department
of Health & Human Services (HHS)
• Primary Federal
agency for conducting
and supporting
biomedical research
2
External Users
• NIH provides financial support to
researchers around the world.
• NIH invests over $28 billion in
medical research each year.
$5 Billion for
Researchers
Inside NIH
$23 Billion for
Researchers
Outside NIH
3
83% goes to almost 50,000
competitive grants that
support over 325,000
researchers outside NIH.
Authentication Services at NIH
NIH iTrust
Multifunction single sign-on (SSO) and federated authentication
service consisting of:
• NIH Login – links internal users at NIH to internal and
departmental (HHS) applications and electronic resources
• NIH Federated Login – links external users to NIH and
departmental (HHS) applications and resources
4
NIH Login
• In production since 2003
• Over 35,000 NIH users, 238
applications, 450 URLs
• Over 2.5 million transactions
per day
• Single Sign-On (SSO),
including use of Personal
Identity Verification (PIV)
Cards
• Authenticated web services
5
NIH Federated Login – In Production
Since 2007
• Leverages existing credentials
• Expands support for up to 55,000
internal and 10 million external
users:
− Grants and research activities
(wikis, SharePoint, Grids)
− Library services
− Acquisition services
− Enterprise/departmental
applications
− Cross-agency, governmentwide collaborations
6
Federated Partners:
Authentication at All Four Levels of Assurance
• Government Departments and Agencies
• Any PKI cross-certified with the Federal PKI
Architecture, directly or indirectly (via Bridge CAs).
• InCommon Federation – identity and access
management federation for the higher education and
research communities; 25 major universities access NIH
resources through InCommon.
• Open Identity Exchange (OpenID and Information Card
Foundations) are working with industry leaders such as
AOL, Equifax, Google, PayPal, VeriSign, and Yahoo
7
Federated View
8
Federated Authentication at NIH: OIX
General Services Administration
Trust framework provider
Private-sector
identity providers
Assessors
& auditors
Dispute
resolvers
User
9
U.S. Government
websites
Federated Authentication at NIH: InCommon
General Services Administration
Trust framework provider
U.S. government
websites
Universities
Assessors
& auditors
Dispute
resolvers
User
10
InCommon
Federation Provider
websites
Federated Authentication at NIH:
PKI
Trust Framework
Provider: Federal PKI
Architecture
US Government
websites
Federal Agencies
CertiPath
SAFE-BioPharma
HEBCA
11
Cross-certified CAs
And PKI Bridges
Assessors
& auditors
Dispute
resolvers
User
Key Points
• Aligns with FICAM’s IdM reference segment architecture
• Integrates with HHS Operating Divisions and other
departments and agencies
• Promotes both interoperability and standards
• Meets the needs of researchers and clinicians
• Saves time and money
• Offers quick implementation
12
For Further Information
Dr. Peter Alterman
[email protected]
Debbie Bucci
[email protected]
NIH Integration Services Center
[email protected]
NIH Center for Information Technology
www.cit.nih.gov
13