N.Y. issues ID management guideline
Document will help state and local agencies manage access to their online resources.
New York state has published an identity management guideline that aims to help state and local agencies manage access to their online resources.Michael Mittleman, New York’s chief information officer, and the state’s CIO Council issued the document earlier this month. The NYS Trust Model Best Practice Guideline sets forth standards and processes for issuing, protecting and managing identity credentials. The NYS Trust Model “is the first step in establishing a long term identity and access management strategy for the state enterprise,” according to the state’s CIO office.The NYS Trust Model is built upon sources including the Office of Management and Budget’s E-Authentication guidance and the National Institute for Standards and Technology’s Electronic Authentication Guideline. New York’s trust model document states that compliance with federal standards is critical for state systems to continue to interface with federal and other state’s systems.The NYS Trust Model intends to set the stage for federated identity management, which provides such functions as single sign-on across organizational boundaries. The trust model document states New York must move toward an identity and access management solution “where one credential issued to a user can be trusted across systems.”“New York State intends to pursue federated identity management,” a spokesman for the New York State Office for Technology said. “Single sign-on within the NYS enterprise is a major business driver of the project, both in terms of operational efficiency and enhanced security.”The trust model currently leans toward the use of Security Assertion Markup Language (SAML) 2.0, a protocol that enables federated identity. The Organization for the Advancement of Structured Information Standards, which focuses on e-business standards, developed SAML 2.0.“We expect to support SAML 2.0,” the spokesman said. “We think that the standard is sufficiently mature at this point. Our expectation is that it is adequately supported in the marketplace. Should we find that this is not the case, we will certainly revise our plans accordingly.”
NEXT STORY: Illinois reaches PKI milestone