N.Y. issues ID management guideline

New York state has published an identity management guideline that aims to help state and local agencies manage access to their online resources.

Michael Mittleman, New York’s chief information officer, and the state’s CIO Council issued the document earlier this month. The NYS Trust Model Best Practice Guideline sets forth standards and processes for issuing, protecting and managing identity credentials. The NYS Trust Model “is the first step in establishing a long term identity and access management strategy for the state enterprise,” according to the state’s CIO office.

The NYS Trust Model is built upon sources including the Office of Management and Budget’s E-Authentication guidance and the National Institute for Standards and Technology’s Electronic Authentication Guideline. New York’s trust model document states that compliance with federal standards is critical for state systems to continue to interface with federal and other state’s systems.

The NYS Trust Model intends to set the stage for federated identity management, which provides such functions as single sign-on across organizational boundaries. The trust model document states New York must move toward an identity and access management solution “where one credential issued to a user can be trusted across systems.”

“New York State intends to pursue federated identity management,” a spokesman for the New York State Office for Technology said. “Single sign-on within the NYS enterprise is a major business driver of the project, both in terms of operational efficiency and enhanced security.”

The trust model currently leans toward the use of Security Assertion Markup Language (SAML) 2.0, a protocol that enables federated identity. The Organization for the Advancement of Structured Information Standards, which focuses on e-business standards, developed SAML 2.0.

“We expect to support SAML 2.0,” the spokesman said. “We think that the standard is sufficiently mature at this point. Our expectation is that it is adequately supported in the marketplace. Should we find that this is not the case, we will certainly revise our plans accordingly.”


Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.