N.Y. issues ID management guideline

New York state has published an identity management guideline that aims to help state and local agencies manage access to their online resources.

Michael Mittleman, New York’s chief information officer, and the state’s CIO Council issued the document earlier this month. The NYS Trust Model Best Practice Guideline sets forth standards and processes for issuing, protecting and managing identity credentials. The NYS Trust Model “is the first step in establishing a long term identity and access management strategy for the state enterprise,” according to the state’s CIO office.

The NYS Trust Model is built upon sources including the Office of Management and Budget’s E-Authentication guidance and the National Institute for Standards and Technology’s Electronic Authentication Guideline. New York’s trust model document states that compliance with federal standards is critical for state systems to continue to interface with federal and other state’s systems.

The NYS Trust Model intends to set the stage for federated identity management, which provides such functions as single sign-on across organizational boundaries. The trust model document states New York must move toward an identity and access management solution “where one credential issued to a user can be trusted across systems.”

“New York State intends to pursue federated identity management,” a spokesman for the New York State Office for Technology said. “Single sign-on within the NYS enterprise is a major business driver of the project, both in terms of operational efficiency and enhanced security.”

The trust model currently leans toward the use of Security Assertion Markup Language (SAML) 2.0, a protocol that enables federated identity. The Organization for the Advancement of Structured Information Standards, which focuses on e-business standards, developed SAML 2.0.

“We expect to support SAML 2.0,” the spokesman said. “We think that the standard is sufficiently mature at this point. Our expectation is that it is adequately supported in the marketplace. Should we find that this is not the case, we will certainly revise our plans accordingly.”


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.