Federated Identity Management at NIH…NIH Login and Beyond Debbie Bucci
19 Slides1.96 MB
Federated Identity Management at NIH NIH Login and Beyond Debbie Bucci September 2009
About NIH National Institutes of Health (NIH) Part of the U.S. Dept. of Health & Human Services Primary Federal agency for conducting and supporting medical research integration Services Center (ISC) Contact: [email protected] Page 2
In the Beginning - NIH Login NIH Login is the first Federated Identity Management service initiated at NIH In production since February 2003 integration Services Center (ISC) Contact: [email protected] Page 3
NIH Login integration Services Center (ISC) Contact: [email protected] Page 4
NIH Login integration Services Center (ISC) Contact: [email protected] Page 5
NIH Login Today Supports approximately 35,000 users Number of systems: – 202 SLAs – 450 URLs Over 1 million transactions per day integration Services Center (ISC) Contact: [email protected] Page 6
External Users NIH provides financial support to researchers around the world. NIH invests over 28 billion in medical research each year. 28 Billion in Medical Research 83% goes to almost 50,000 competitive grants that support over 325,000 researchers outside of NIH. 7 integration Services Center (ISC) Contact: [email protected] Page 7
How to Support External users Look to inside directories – Leverage existing Grants user database – Separate Active Directory for external users Limitations – Only used at NIH – User outrage over password changes – Helpdesk and account management overhead integration Services Center (ISC) Contact: [email protected] Page 8
Federated Identity Principles – Use open industry standards – Leverage existing technologies and infrastructure – Support and promote interoperability Drivers – NIH Roadmap initiatives – Expansive use of Web 2.0 tools – HSPD-12 and OMB M04-04 mandates Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 9
NIH Federated Login Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 10
NIH and InCommon InCommon is a federation of government, higher education, and private sector institutions whose mission is to create and support a common framework for trustworthy shared management of access to on-line resources in support of education and research in the United States http://www.incommonfederation.org Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 11
NIH and InCommon Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 12
NIH InCommon-Current Participants Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 13
NIH and InCommon LOA2 (silver) Pilot with ERA – Production expected in FY ‘11 with 200,000 users Additional Services: – Multiple IC SharePoint instances – Proxy to multiple managed services (NCI, NLM, NCBI) – Additional scientific wikis Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 14
Challenges InCommon limitations Current participation 21% InCommon focused on Higher Education and Research credentials University medical center credentials often differ from those issued by university IT NIH electronic Research Administration (eRA) supports 9,500 institutions and agencies, while InCommon currently has only 165 Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 15
Natural progression of Open Identities OpenID LOA1 – – – – NLM Medical wikis Conference registration. Regional Library access Infocard LOA1 – LOA3 PayPal and multiple LOAs Research-based OpenID federations springing up. – OpenID Protocol not secure beyond LOA 1 – OpenID European Foundation – OpenID Community Project Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 16
Challenges OpenID Protocol not secure beyond LOA 1 Many of the higher priority citizen-to-government applications are at LOA2 or higher (such as IRS tax filing, Social Security, and Medicare) Will combining OpenID and Information Cards help raise the LOA? Government need to support PIV Concern about common UI for users Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 17
Next Steps Initial pilot of OpenID – one or two applications Add Information Cards to the mix – open NIH-wide IDP discovery /workflow – to present a scalable user-friendly interface Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 18
Contact Information NIH Federated Login – http://federatedidentity.nih.gov – http://isc.nih.gov – [email protected] NIHEnterprise Architecture – http://EnterpriseArchitecture.nih.gov – The NIH Enterprise Architecture Community in the NIH Portal – [email protected] Website: http://EnterpriseArchitecture.nih.gov Contact: [email protected] Page 19