Single Sign-On, Federated Authentication and Beyond at NIH
13
Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health
description
Single Sign-On, Federated Authentication and Beyond at NIH. Dr. Peter Alterman National Institutes of Health. About NIH. National Institutes of Health (NIH) Operating division of the U.S. Department of Health & Human Services (HHS) Primary Federal agency for conducting - PowerPoint PPT Presentation
Transcript of Single Sign-On, Federated Authentication and Beyond at NIH
Single Sign-On, Federated Authentication and Beyond
at NIH
Dr. Peter AltermanNational Institutes of Health
2
About NIH• National Institutes of Health (NIH)• Operating division of the U.S. Department
of Health & Human Services (HHS)• Primary Federal agency for conducting and supporting biomedical research
3
External Users • NIH provides financial support to
researchers around the world.• NIH invests over $28 billion in
medical research each year.
$23 Billion for Researchers Outside NIH
83% goes to almost 50,000 competitive grants that support over 325,000
researchers outside NIH.
$5 Billion for Researchers Inside NIH
4
Authentication Services at NIH
NIH iTrustMultifunction single sign-on (SSO) and federated
authentication service consisting of:• NIH Login – links internal users at NIH to internal and
departmental (HHS) applications and electronic resources• NIH Federated Login – links external users to NIH and
departmental (HHS) applications and resources
5
NIH Login
• In production since 2003• Over 35,000 NIH users, 238
applications, 450 URLs• Over 2.5 million transactions
per day• Single Sign-On (SSO),
including use of Personal Identity Verification (PIV) Cards
• Authenticated web services
6
NIH Federated Login – In Production Since 2007
• Leverages existing credentials
• Expands support for up to 55,000 internal and 10 million external users:
− Grants and research activities (wikis, SharePoint, Grids)
− Library services
− Acquisition services
− Enterprise/departmental applications
− Cross-agency, government-wide collaborations
7
Federated Partners: Authentication at All Four Levels of Assurance
• Government Departments and Agencies • Any PKI cross-certified with the Federal PKI
Architecture, directly or indirectly (via Bridge CAs).• InCommon Federation – identity and access
management federation for the higher education and research communities; 25 major universities access NIH resources through InCommon.
• Open Identity Exchange (OpenID and Information Card Foundations) are working with industry leaders such as AOL, Equifax, Google, PayPal, VeriSign, and Yahoo
8
Federated View
9
Trust framework provider
General Services Administration
Private-sector identity
providers
U.S. Government
websitesAssessors& auditors
Disputeresolvers
User
Federated Authentication at NIH: OIX
10
Trust framework provider
General Services Administration
Universities
U.S. government websites
Assessors& auditors
Disputeresolvers
User
Federated Authentication at NIH: InCommon
InCommon Federation
Provider websites
11
Trust Framework Provider: Federal PKIArchitecture
Federal Agencies Assessors
& auditorsDispute
resolvers
User
Federated Authentication at NIH: PKI
US Government websites
CertiPathSAFE-BioPharma
HEBCA
Cross-certified CAsAnd PKI Bridges
12
Key Points
• Aligns with FICAM’s IdM reference segment architecture• Integrates with HHS Operating Divisions and other
departments and agencies• Promotes both interoperability and standards• Meets the needs of researchers and clinicians• Saves time and money• Offers quick implementation
For Further Information
Dr. Peter [email protected]
Debbie [email protected]
NIH Integration Services [email protected]
NIH Center for Information Technologywww.cit.nih.gov
13
