...From Collaboration to Integration...

Page: 1November 2, 2006

Welcome and Introduction

James DycheSystems Manager5 Technology ParkHarrisburg, PA 17110

Achieving security interoperability through common federated identity and privilege management across disparate agencies and agency systems

...From Collaboration to Integration...

Page: 2November 2, 2006

1. JNET user tries to link to RISS.

2. RISS asks user to identify their home agency.

3. JNET (the home agency) prompts the user for authentication credentials.

4. RISS accepts the authentication and privileges presented by JNET.

How it WorksHow it Works – User Perspective

...From Collaboration to Integration...

Page: 3November 2, 2006

JNET Users Participating

~130 participating JNET users, include:County - Adult Probation

• Adult Probation Supervisors• Probation Officers

State - Adult Probation Local – Law Enforcement

• Chiefs of Police• Detectives• Lieutenants• Police Officers• Sergeants

D.A. Office Staff MembersDomestic Relations Enforcement OfficersEmergency Management ChiefsTAC Officers

JNET GFIPM Users

Local - Law Enforcement Community Service Officer

Emergency Management County - Adult Probation

TAC Officer County - District Attorney

Domestic Relations Enforcement Officer

...From Collaboration to Integration...

Page: 4November 2, 2006

PA JNET Content

JNET services available to GFIPM users: PA Probation "Fail to Report" Photos and Cases PA Child Support Warrant Search/Results PA Amber Alert Lessons Learned White pages of PA Justice Staff (Proxy Issue) PA State Prisoner Locator (Proxy Problems) Courts Warrants Secured Court Docket Sheets

Potential Next 90 days: PA Driver's License Photo Database PA Dept of Corrections Intake/Exit Photos

Pending

Approved

Pending

Approved

Approved

Approved

Approved

Approved

Approved

Approved

...From Collaboration to Integration...

Page: 5November 2, 2006

Pennsylvania’s Status

GFIPM Status in PA Infrastructure Installed and Operational

•Identity Provider•Service Provider Content Available

JNET Steering Committee Presentation•Agencies still processing approvals for content

Commonwealth IPAM Presentation Development for Demonstration Tested out our sites Testing to make sure users only get to

content they are supposed to (This week) Demonstration (Nov. 1) Security Penetration Testing (Nov. 7-Nov.

8)

...From Collaboration to Integration...

Page: 6November 2, 2006

Value to Pennsylvania

Value Consist of Tangible and Intangible JNET pilot-users access to CISA, RISS with their

JNET credentials. Showcasing JNET content to CISA, RISS, future

partners Proof of Identity provider/Service provider

architecture. Eliminate duplication of registration for JNET and

home agency registrars and scores of registrations for each federation user.

Absolute authentication of current user status and privileges for federation users.

Access to JNET GFIPM Site via the Internet w/ FIPS 140-2 and NCIC blessings.

Proof that VPNs, intranets, and private networks are unnecessary for FIPS-140-2 and CJIS security.

VPN Cost Savings – TLS provides a cost effective, conformant encryption solution

...From Collaboration to Integration...

Page: 7November 2, 2006

Key Success Factors

Federation Users Simplifies User Sign-On (Single Sign-on Goal) Significantly Reduces End-User Deployment time No additional end user software to access federated data

(browser Based) Eliminates the hassle of site registration

Federation Providers Are in control of users that access their data. Are still in control of their user base (registration and

vetting) Control access what data they will share Have minimal cost impact to make content available Have moderate cost impact to for provider to configure

rules based upon identity attributes Federation Providers decide user assertions and rules

necessary to access their data from across the nation. Security Solution must respect providers autonomy

...From Collaboration to Integration...

Page: 8November 2, 2006

Future Potential

...From Collaboration to Integration...

Page: 9November 2, 2006

Need GAC’s Continued Support of this Project

Need to continue refining NIEM User Assertion Security package.

Need to keep adding content to the pilots

Consider adding more federations partners focused on expanding the pilot efforts

Continue learning from technical challenges – especially in Identity Mapping and Account Linkage

Need to Understand how Commercial Vendors support Federation using GFIPM’s meta-data base upon SAML

Recommended Next Steps