N.Y. issues ID management guideline

New York state has published an identity management guideline that aims to help state and local agencies manage access to their online resources.

Michael Mittleman, New York’s chief information officer, and the state’s CIO Council issued the document earlier this month. The NYS Trust Model Best Practice Guideline sets forth standards and processes for issuing, protecting and managing identity credentials. The NYS Trust Model “is the first step in establishing a long term identity and access management strategy for the state enterprise,” according to the state’s CIO office.

The NYS Trust Model is built upon sources including the Office of Management and Budget’s E-Authentication guidance and the National Institute for Standards and Technology’s Electronic Authentication Guideline. New York’s trust model document states that compliance with federal standards is critical for state systems to continue to interface with federal and other state’s systems.

The NYS Trust Model intends to set the stage for federated identity management, which provides such functions as single sign-on across organizational boundaries. The trust model document states New York must move toward an identity and access management solution “where one credential issued to a user can be trusted across systems.”

“New York State intends to pursue federated identity management,” a spokesman for the New York State Office for Technology said. “Single sign-on within the NYS enterprise is a major business driver of the project, both in terms of operational efficiency and enhanced security.”

The trust model currently leans toward the use of Security Assertion Markup Language (SAML) 2.0, a protocol that enables federated identity. The Organization for the Advancement of Structured Information Standards, which focuses on e-business standards, developed SAML 2.0.

“We expect to support SAML 2.0,” the spokesman said. “We think that the standard is sufficiently mature at this point. Our expectation is that it is adequately supported in the marketplace. Should we find that this is not the case, we will certainly revise our plans accordingly.”


Featured

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected