The FICAM Roadmap and Implementation Guidance calls out initiatives that are both Government-wide as well as Agency-specific. Two Government-wide initiatives that are of relevance to identity federation are:
- Establish a federated identity framework for the Federal Government
- Provide Government-wide services for common ICAM requirements
I will leave the shared services piece for a future blog post.
The current list of adopted trust framework providers, and the upper limit of the LOA levels they are approved to assess IdPs, can be found here. IdPs that have been assessed by these Trust Framework Providers are now able to offer credentials at LOA1 to non-PKI LOA3. For Agencies who need higher levels of assurance, there are now Shared Service Providers that now offer PIV-I Credentials (PKI Credentials at LOA4 that can be issued by Non-Federal Organizations) as well.
This in turn has positioned the eco-system to be able to fulfill the OMB Mandate to Executive Branch Agencies to accept externally-issued, FICAM approved, identity credentials [PDF] on their public facing web sites. FICAM has been actively engaging with Agencies across the US Government to help them light up these capabilities on their externally facing web sites so Citizens have flexibility and choice in using their existing credentials to obtain services from Government web sites.
- Developing guidance around federated access using credentials at various levels of assurance
- Profiling federated identity protocols to integrate government security and privacy requirements
- Facilitating relationships for interoperability within the Federal Government and outside of the Federal Government (C2G, B2G, and G2G)
- Supporting activities that bridge the gap between technical and policy aspects of ICAM