A Federated Identity Management system is a set of technologies and standards that allows users from one domain to access resources in other domains. The most common use is web-based Single-Sign-On, where a user can access multiple web sites, with only one login required. Authentication and non-repudiation can be accomplished in several ways. They vary in cost, sophistication and resistance to spoofing/defeat. The need to achieve a reasonable level of authentication and non-repudiation is raised by public expectations, GPEA, the Privacy Act and local policies and regulations.
Among high assurance communities, PKI has been implemented and policy exists to cover authentication requirements. But the certificates used (e.g., ACES and ECA) usually can only be issued to Government employees, certain contractors and members of the Armed Forces. Other means of authentication exist and are used by other Agencies, businesses, and U.S. and foreign citizens, but there is no interoperability among them, within or outside PKI technology. Those who cannot afford the up-front cost of PKI, and are intimidated by the questions they cannot answer and/or do not seek to be Information Technology “pioneers”, await introduction of a Government-wide cure-all.
ORC’s Federated Solutions leverage existing methods of authentication that can be used to allow organizations already connected by the internet to consider before exercising their own access policies and mechanisms. Once begun, subscribers could develop increasingly mature policies to ensure only those entitled gain access to their databases while facilitating expedited secure communications with their partners and customers. The process will also expedite development of an increased number of authentication methods with confidence levels that can only increase with use.
ORCs Federated eAuthentication Gateway includes components to address specific needs and provide optimized response time to be used by all FirstGov applications relying on internet accessibility. The ORC EAG consists of a repository to store user information, an on-line subscription module (providing levels 1, 2, 3 and 4 credentials), a credential validation module, a relying party interface module, and an administration module. Applications relying on the Gateway draw on this information with confidence and for a variety of purposes.
The ORC EAG supports multiple authentication methods including userid/ passphrase, shared secrets known only by the user. It can also trust multiple PKIs, such as the Access Certificates for Electronic Services (ACES), the Department of Defense PKI (including the External Certificate Authorities (ECAs)), and other FBCA compliant PKIs to authenticate users and validate their credentials.
Real time consumer and business authentication methods can greatly extend the scope and reach of the eAuthentication Gateway by addressing broad new audiences of users for e-Government applications in a timely manner. Proven capabilities that are compliant with existing law and regulation can be integrated and rapidly deployed. Telephony-based confirmation and a range of other commercially accepted methods will further demonstrate the flexibility and extensibility of this approach.
Said another way, the ORC EAG will mature more quickly, and develop confidence among its subscribers quickly, if alternative methods are incorporated and validated in order to contribute to system timeliness and acceptance.
As a GSA E-Authentication Credential Service Provider (CSP), ORC has the engineering expertise to design, build and host solutions to fit your needs, using a variety of technologies including:
- SAML 1.0 / 1.1 / 2.0
- ORC Translation Service (Single Sign On, using certificate based authentication)
- ORC Manage Validation Service (including OCSP, SCVP and PDVAL)
- The Federation for Identity and Cross-Credentialing Systems (FiXs)