U.S. Department of Agriculture

eGovernment Program

August 14, 2003

eAuthentication Agency ApplicationPre-Design Meeting

eGovernment Program

2

U.S. Department of Agriculture eGovernment Program

Agenda

Overview of the eAuthentication effort

Determine eAuthentication “Prerequisite” status

Agency Application Integration Form

Integration Schedule

3

U.S. Department of Agriculture eGovernment Program

Customer interactions with USDA, will be transformed to allow customer submission through electronic means in order to meet the Government Paperwork Elimination Act

For many interactions, the identity of the person submitting the data needs to be known, either to enable an electronic signature of the form or data, for informational purposes, or to provide verified information for further contact

eAuthentication encompasses the processes and technology that identify a person electronically and present that information to the web application that is accepting the user’s data submission

eAuthentication in the current phase will only support interactions that are presented in a web format over the Internet and that require Level 1 or Level 2 Assurance

eAuthentication is applied at the application level. Agencies may integrate multiple applications each with multiple interactions

What is eAuthentication?

4

U.S. Department of Agriculture eGovernment Program

USDA eAuthentication Solution Components

The USDA eAuthentication solution encompasses four main components…

USDA

eAuthentication

Solution

Technical SolutionTechnical Solution

Identity and

Access ManagementIdentity and

Access Management

Registration ProcessRegistration Process

Presidential Initiative

(GSA Gateway)Presidential Initiative

(GSA Gateway)

5

U.S. Department of Agriculture eGovernment Program

USDA eAuthentication Solution Components

Technical SolutionTechnical Solution

“Enforcer” – web agent installed on the agency’s web server to perform authentication. Communicates with central authentication system in Web Farm

“User Stores” –Central storage of USDA Common Data. Maintains common user information in 1 location that can be utilized by all agencies. User Store data can be passed to agency applications in Header Variables

“Policy Server” and “Policy Store” – core components of the USDA authentication solution. Ties together enforcers and user stores through “policies”

Internet

Router Switch

RouterSwitch

INTERNET

INTRANET

FIR

EW

AL

LID

S

AC

LN

AT

Enforcer

WEB FARMS

www.xyz.usda.gov

Enforcer

USDA Network

FIREWALL

ALTERNATIVE HOSTING

FACILITY

Policy Server

Policy Stores

User Stores

www.abc.gov/form1

6

U.S. Department of Agriculture eGovernment Program

USDA eAuthentication Solution Components

Technical SolutionTechnical Solution

Questions for Technical users:

What type of Application and Web Server, or Web Server is being used?

What Operating System is used?

Where will it be hosted?

How is the User Information stored? What type of database is used?

Issues to think about: How do you plan to map your data to the USDA Common Data?

7

U.S. Department of Agriculture eGovernment Program

USDA Registration Process

eAuthentication will support a central registration process for users of all USDA agencies User self-registration for Level 1 password

User creates a unique username and password and enters personal information. Once this information is entered, it is stored as Common Data in the USDA directory and can be accessed by any of the agencies using a Unique Identifier or UID. User information at Level 1 is not verified.

Identity Proofing of the User for Level 2 password

Level 1 credentials can be elevated to Level 2 credentials if the user’s name can be verified through identity proofing. In-person identity proofing is performed in a Service Center or other Local Registration Authorities provided by participating agencies.

Questions for Business users: Expected user population:

Number? Type?

How many interactions will be available via this application? Will you need to Identity Proof your users? Which ones?

Registration ProcessRegistration Process

8

U.S. Department of Agriculture eGovernment Program

eAuthentication Access Management Functions

Identity and

Access ManagementIdentity and

Access Management

User Registration Level 1

User Registration Level 2 with ID Proofing

User Help Desk Services: Change Password

Forgotten Password

Other user self service maintenance

USDA LRA: USDA Common Data

Application Administrator: Can delegate administration to

Agency Administrators to assign users to Agency Specific Roles

Don’t forget about Training your Administrators

Application Administration: Authorization is based upon Agency

Specific Data, as managed by agency

Can also be based on USDA Common Data passed as header variables from eAuthentication to the Agency

AuthenticationeAuthentication verifies that

the user is who they claim to be

Access ControlGive or deny access to a specific URL based on functionality and

information stored in eAuthentication system

AuthorizationAllow or Deny a user to perform

certain actions based on

functionality within an Application

Help Desk

Logging

Alerts

Reports

Supporting Mgmt

Features

Process Steps ID/Access Control Mgmt Features

9

U.S. Department of Agriculture eGovernment Program

Agency Web

Servers

USDA Logon

Servers

GSA

Gateway

ECP ECP ECP

USDA

eAuthentication

Internet

The GSA Gateway is the Presidential Initiative solution for eAuthentication. USDA’s integration approach is to create a single point of integration with the GSA Gateway, through the USDA eAuthentication solution.

The USDA eAuthentication solution and GSA Gateway integration will occur once the Gateway is complete

An integration proof-of-concept is planned for August, 2003

Applications will integrate with the USDA eAuthentication solution, which will connect to the GSA Gateway, so each agency application will not have to be integrated separately with the GSA Gateway

Upon completion, Agency applications will receive the benefits of the GSA Gateway

USDA eAuthentication Solution Components

Presidential Initiative

(GSA Gateway)Presidential Initiative

(GSA Gateway)

10

U.S. Department of Agriculture eGovernment Program

Agenda

Overview of the eAuthentication effort

Determine eAuthentication “Pre-requisite” status

Agency Application Integration Form

Integration Schedule

11

U.S. Department of Agriculture eGovernment Program

July Pre-requisite Checklist

Identify your GPEA implementation team and Application Development teams

Identify the GPEA compliant interactions which will be available electronically by Oct 21 and which require eAuthentication, and complete impact profile assessments for each of these interactions

Identify the applications that will be hosting the interactions electronically

Identify an application developer(s) or owner(s) who can describe the high-level architecture of the application

Review the Agency Guidebook, especially sections 1, 2 and 3 http://www.egov.usda.gov/intranet/eauth_docs.html

Initiate planning about the high-level decisions of access control, authorization and registration as described in the agency guidebook

Select Electronic Submission web tool

Identify FY ‘03 funding sources

12

U.S. Department of Agriculture eGovernment Program

Agenda

Overview of eAuthentication effort

Determine eAuthentication “Pre-requisite” status

Agency Application Integration Form

Integration Schedule

13

U.S. Department of Agriculture eGovernment Program

Agency Application Integration Form

The application Integration form needs to be completed for each application before the design meeting. This form is available electronically at http://www.egov.usda.gov/intranet/eauth_docs.html

Decision makers may determine that Registration Processes, Access Control and Authorization Data are not required beyond the standard capability delivered by the USDA eAuthentication system. These components are described in detail in the Agency Guidebook available electronically at http://www.egov.usda.gov/intranet/eauth_docs.html

14

U.S. Department of Agriculture eGovernment Program

Agenda

Overview of eAuthentication effort

Determine eAuthentication “Pre-requisite” status

Agency Application Integration Form

Integration Schedule

15

U.S. Department of Agriculture eGovernment Program

August OctoberSeptemberJuly

Pre-Design Meeting

Aug 15th

Build Coordination

Meetings

Test/Certification Meetings

Integrated Reporting Meetings

Train LRAs

Train Admins

Production Readiness

Complete Pre-requisites

July 31stReview Agency

Guidebook

August 15th

Integration Testing

October 3rd

Integrate Development Environment

Aug 22nd - Sep 19th

Complete Integration Form

August 22nd

Integrate Production Environment

October 13th - 17th

Complete Testing and GO LIVE

October 21th

Integrate Test Environment

Sept 22nd - Oct 3rd

Design Meeting

Aug 22nd

Integration Schedule

16

U.S. Department of Agriculture eGovernment Program

Agenda

Overview of eAuthentication effort

Determine eAuthentication “Pre-requisite” status

Agency Application Integration Form

Integration Schedule

17

U.S. Department of Agriculture eGovernment Program

Questions and Answers

18

U.S. Department of Agriculture eGovernment Program

For More Information

For more information on the eAuthentication Initiative, please review the eAuthentication Frequently Asked Questions on the eGovernment site:

http://www.egov.usda.gov/intranet/eauth_docs.html

Please contact the eGovernment team for username and password.

Email: egov@usda.gov

Telephone Number: 202-720-6144