0
Securing Access through a Multi-Purpose
Credential and Digital ID
ForgeRock Identity Relationship
Management Summit
June 4...
• Stephan Papadopulos, Managing
Director, The Triage Group
• Washington, DC-based Woman-
Owned Business
• Healthcare and E...
Challenge
Multiple Agencies, Multiple Cards
• The DC One Card is designed to
give cardholders convenient access
to DC government facilities,
resources and programs
• ...
DC One Card Program
Physical and Digital Credentials
5
Citizens have multiple
ID Cards
Citizens have multiple
online ident...
How it Works
6
Physical Credential Features Online Digital Identity Features
Single digital identity can be used to
access...
How it Works
Creating Digital Account
7
8
somagee8456@student.k12.dc.us
DCPS Google Apps Login
@student.k12.dc.us
Connect using your DC One ID
or
forgot username?...
DC1C IAM Framework
9
Identity Administration
• User Provisioning
• Password Management
• Role Management
Identity Auditing...
Converged IAM Platform
Logical Architecture
Identity Management
Employees
(HCM)
IAM Txn
Database
LDAP
Access
Management
(O...
11
Single Sign-on
Authentication Mechanisms
DC One ID
DC One Card
IAM Platform
Case Study: PIV/PIV-I PACS/LACS
Case Study: Entitlements
• Access
Policies
Set in
OpenAM
• IdM
Manages
PIV-I
Issuance
• PIV
Registered
After
Issuance
Case Study: Enrollment Kiosk
• Authenticates
and Validates
Visitor Credential
• Matches Card
Data to
Entitlement
Policy
Case Study: Lobby Entry
• Reads,
Authenticates
and Validates PIV
Credential
• Sends XACML
Access and
Attribute Request
to ...
16
Deanwood
Customer Service Center
One Judiciary Square
Customer Service Center
Wilson
Customer Service Center
DCPS Secon...
Conclusion
Good, Fast, Cheap – Pick Two
Conclusion
Questions?
Upcoming SlideShare
Loading in...5
×

Securing Access Through a Multi-Purpose Credential and Digital ID

270

Published on

Breakout Session at the 2014 IRM Summit in Phoenix, Arizona by Stephan Papadopulos, Managing Director at the Triage Group.

Published in: Software, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
270
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Securing Access Through a Multi-Purpose Credential and Digital ID"

  1. 1. Securing Access through a Multi-Purpose Credential and Digital ID ForgeRock Identity Relationship Management Summit June 4, 2014
  2. 2. • Stephan Papadopulos, Managing Director, The Triage Group • Washington, DC-based Woman- Owned Business • Healthcare and Emergency Response IT and Business Consulting Firm • ForgeRock Systems Integration Partner with deep Identity and Access Management experience Introduction 2 PAPADOPULOS, STEPHAN
  3. 3. Challenge Multiple Agencies, Multiple Cards
  4. 4. • The DC One Card is designed to give cardholders convenient access to DC government facilities, resources and programs • Provides immediate benefits by incorporating WMATA SmarTrip® capabilities • Reduces citywide credentialing inefficiencies and reduces costs • Establishes single trusted identity for DC stakeholders • Consolidates Constituent Touch Points DC One Card Overview 4
  5. 5. DC One Card Program Physical and Digital Credentials 5 Citizens have multiple ID Cards Citizens have multiple online identities Objectives • Convenience • Physical and Digital ID Consolidation • Improved Constituent Relationships • Security • Cost Savings • Fraud Reduction • Improved Access DC One ID Username: Password: DCPS Google Apps Login @dcpsk12.edu Connect using your DC One ID or
  6. 6. How it Works 6 Physical Credential Features Online Digital Identity Features Single digital identity can be used to access multiple online systems – eliminating users to remember numerous passwords 12-digit barcode number ties to individual and can be easily read with a basic scanner Embedded chips can be used to control physical access to facilities and transit The PIV-I with Smart Chip secures access to high risk systems and facilities Mag Stripe for future banking use DC One ID Username: Password: Connect using your DC One ID or
  7. 7. How it Works Creating Digital Account 7
  8. 8. 8 somagee8456@student.k12.dc.us DCPS Google Apps Login @student.k12.dc.us Connect using your DC One ID or forgot username? DCPS Google Apps Login @dcpsk12.edu Connect using your DC One ID or How it Works Federated Identity for SSO
  9. 9. DC1C IAM Framework 9 Identity Administration • User Provisioning • Password Management • Role Management Identity Auditing • Reporting • Fraud Detection • Identity Reconciliation Identity Management Services Credential Management Services Access Management Services Identity Verification • Identity Proofing • User Authentication Logical Access Management • Authentication • Application Authorization • Single Sign-on and Federation • Virtual Directory Synchronization Advanced Security / Key Management • Certificate Authority • Encryption • Digital Signatures • PKI enabled authentication • OCSP / Validation Governance, Policies and Procedures Policy Management • Policy Administration • Policy Enforcement • Organizational Alignment Security Services • Platform Security • Web Services Security Service Management • Service Desk Integration • Service Operations Credential Management • Card / Token Issuance Lifecycle • Revoke / Reissue Cards / Tokens Credential Application Definition Management • PIV / PIV-I • HID • Other Physical Access • Facility Entitlements • Situational Controls Local Agency Systems Centralized Systems Centralized / Managed Services Centralized Directory Management • Directory / SSO Services • Metadata Management • Virtual Directory Management
  10. 10. Converged IAM Platform Logical Architecture Identity Management Employees (HCM) IAM Txn Database LDAP Access Management (OpenAM) Physical Control Systems Logical Apps Contractors Credential Issuance IdentitySources SSOandAccess Enforcement IAM Platform Public / Visitors BAE Schools
  11. 11. 11 Single Sign-on Authentication Mechanisms DC One ID DC One Card IAM Platform
  12. 12. Case Study: PIV/PIV-I PACS/LACS
  13. 13. Case Study: Entitlements • Access Policies Set in OpenAM • IdM Manages PIV-I Issuance • PIV Registered After Issuance
  14. 14. Case Study: Enrollment Kiosk • Authenticates and Validates Visitor Credential • Matches Card Data to Entitlement Policy
  15. 15. Case Study: Lobby Entry • Reads, Authenticates and Validates PIV Credential • Sends XACML Access and Attribute Request to OpenAM • Opens Turnstile on Permit Decision
  16. 16. 16 Deanwood Customer Service Center One Judiciary Square Customer Service Center Wilson Customer Service Center DCPS Secondary Schools (DCPS Student and Staff DC One Cards Only) Ever in Washington, DC Get a DC One Card, they’re Free!
  17. 17. Conclusion Good, Fast, Cheap – Pick Two
  18. 18. Conclusion Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×