Developing a Federal Vision for Identity Management

1,031 views

Published on

Presentation to the President’s National Security Telecommunications Advisory Committee (NSTAC), Task Force on Identity Management

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,031
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
10
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Developing a Federal Vision for Identity Management

    1. 1. Developing a Federal Vision for Identity Management Duane Blackburn Office of Science and Technology Policy Executive Office of the President January 16, 2009
    2. 2. Building an IdM System Enrollment Application DNA Biometric Name Date of Birth SSN Birth Certificate Driver’s License Passport Address Phone Number IP Address Password E-mail Height Weight Eye Color Sex Mother’s Maiden Name High School Mascot Favorites Shoe Size PIV Card
    3. 3. Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application DNA Biometric Name Date of Birth SSN Birth Certificate Driver’s License Passport Address Phone Number IP Address Password E-mail Height Weight Eye Color Sex Mother’s Maiden Name High School Mascot Favorites Shoe Size PIV Card Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application Enrollment Application
    4. 4. Building an IdM System Enrollment Application DNA Biometric Name Date of Birth SSN Birth Certificate Driver’s License Passport Address Phone Number IP Address Password E-mail Height Weight Eye Color Sex Mother’s Maiden Name High School Mascot Favorites Shoe Size PIV Card
    5. 5. Identity Concentricity Root Core
    6. 6. Federal IdM Coordination Timeline EOP Meetings (2007) Report Release (Sep 2008) Briefings (2008) Coordinated Action? Report Approval NSTC Task Force (2008) STPI Inauguration
    7. 7. Task Force Composition <ul><li>Six month effort (January 1 – July 2, 2008) </li></ul><ul><li>Co-chairs </li></ul><ul><ul><li>Duane Blackburn (OSTP) </li></ul></ul><ul><ul><li>Judy Spencer (GSA) </li></ul></ul><ul><ul><li>Jim Dray (NIST) </li></ul></ul><ul><li>Working groups </li></ul><ul><ul><li>Drafting team </li></ul></ul><ul><ul><li>Data Collection and Analysis </li></ul></ul><ul><ul><li>Digital Identity </li></ul></ul><ul><ul><li>Grid </li></ul></ul><ul><ul><li>Privacy and Legal </li></ul></ul><ul><li>Participating agencies included DHS, DOD, DOS, DOJ, HHS, SSA, FTC, DOC, GSA, EOP, NSF, ODNI, NASA, FAA, VA, OMB </li></ul>
    8. 8. Task Force Charge <ul><li>Provide an assessment of the current state of IdM in the US Government; </li></ul><ul><li>Develop a vision for how IdM should operate in the future; </li></ul><ul><li>Develop first-step recommendations on how to advance towards this vision. </li></ul>
    9. 9. CIO Council Data Call <ul><li>First-order understanding of the IdM landscape </li></ul><ul><li>Final Report Appendix G </li></ul><ul><li>18 responses covering 191 agencies/bureaus, 3400 individual systems </li></ul><ul><li>The most common forms of information being collected for IdM are login alias, PIN/password, legal name, date of birth and social security number </li></ul><ul><li>Few systems (~15%) or programs collect or use biometric-related data (e.g., fingerprints, iris or facial imaging) or use security questions or tokens </li></ul>
    10. 10. Key Findings of the NSTC IdM TF Report <ul><li>IdM is comprised of three elements : ID applications ; Global telecommunications grid ; Digital ID repositories of all kinds </li></ul><ul><li>Within these, the latter two comprise the “IT Utility” </li></ul><ul><li>Two gross processes of Screening and Access Controls coexist within the USG. </li></ul><ul><li>Public messaging and social acceptance have sometimes been seen as sidebar issues in the USG’s approach to IdM, with resultant negative consequences. </li></ul><ul><li>PII may be segregated between application-specific data held inside applications, and that used to establish authentication of basic digital ID’s. </li></ul><ul><li>USG missions include extensive engagement with other jurisdictions of government, international partners, and the public. This underlines not only the criticality of treatment of PII, but also the need for federal processes to be attuned to commercial and emergent international IdM approaches , standards and systems. </li></ul>
    11. 11. Current Landscape
    12. 12. Future State Vision
    13. 13. Objective IdM Architectural Model ‘ Network of Networks’ Digital ID Data Federation ID-specific “Privileges” (Applications of ID in specific context), with data unique to each Application/user Interface Identity Management “ Utility” Enterprise IT System
    14. 14. IdM Refocus Focus: Challenges: Controlling Equity: Cultural Character: “ Appearance”: CHARACTERISTIC: TODAY Future Data sets Applications Standards; Scalability; Social acceptance Business models Federal IT community Balanced equities - End users - Application sponsors/managers - Digital ID managers - Global grid/IT managers Service-provider push User-demand pull German watchmaker’s Utility (elex pwr analogy) shop
    15. 15. Key recommendations <ul><li>12 prioritized R&D recommendations </li></ul><ul><ul><li>Rationale: Tech base supporting IdM decomposed, with investments (hopefully) leading to process improvements proposed in each major area </li></ul></ul><ul><li>Complete the basic as-built research, in full detail </li></ul><ul><ul><li>Applications, processes, etc </li></ul></ul><ul><li>Conduct gap analysis , and from that, detailed strategy </li></ul><ul><li>Architectural framework… </li></ul><ul><ul><li>Singular, comprehensive, interoperable </li></ul></ul><ul><ul><li>Standards-based </li></ul></ul><ul><ul><li>Privacy-centric </li></ul></ul><ul><ul><li>Security-conscious </li></ul></ul><ul><li>Advance the Global Grid agenda </li></ul><ul><ul><li>Next-generation network(s) </li></ul></ul><ul><ul><li>Engage internationally </li></ul></ul><ul><li>Governance </li></ul>
    16. 16. TF Report Available online <ul><li>www.ostp.gov/nstc </li></ul><ul><li>www.biometrics.gov </li></ul><ul><li>www.idmanagement.gov </li></ul>
    17. 17. You are not alone… <ul><li>President’s Identity Theft Task Force </li></ul><ul><li>NSTC, IdM Task Force </li></ul><ul><li>CIO Council, Information Security and IdM Committee </li></ul><ul><li>Information Sharing Environment, IdAM Framework </li></ul><ul><li>National Security Telecommunications Advisory Committee, IdM Task Force </li></ul><ul><li>HSPD 6, 11, 12 </li></ul><ul><li>NSPD-59 </li></ul><ul><li>Cybersecurity Initiative </li></ul><ul><li>Organisation for Economic Co-operation and Development (OECD) </li></ul><ul><li>International Telecommunication Union - Telecommunication Standardization Sector (ITU-T) </li></ul><ul><li>International Organization for Standardization (ISO) </li></ul><ul><li>Naval Post Graduate School, IdM degree program </li></ul><ul><li>Many others… </li></ul>
    18. 18. Duane’s Key Take-Home Points <ul><li>Identity and appropriateness of IdM varies amongst individuals </li></ul><ul><li>Numerous IdM activities in the USG </li></ul><ul><ul><li>Which represent a fraction of IdM activities in the US/World </li></ul></ul><ul><ul><li>Activities in one impact others </li></ul></ul><ul><li>If we continue to build our systems as if it was to be the only system in existence, we are building our system to fail </li></ul><ul><li>If we continue to build our system-of-systems as if our sector was the only one with identity issues, we are building our system-of-systems to fail </li></ul><ul><li>How are we going to move forward? </li></ul>

    ×