Identity Virtualization
Federated Identity for
Federal Agencies
Identity Virtualization Enables the Future, Respects the Legacy
Federal agencies face a
major dilemma — how
to meet future demands
of the Continuous Diagnostics
and Mitigation (CDM) program without impairing mission-critical legacy systems. For many agencies, identities are fragmented across a complex array of silos, and every
new application or initiative requires significant integration into these legacy systems for user authentication and authorization decisions.
These agencies face challenges and opportunities:
• mandates for certificate-based strong authentication
• collaboration and information sharing around identity across agencies
• implementation of dynamic authorization, providing access only to needed resources
Identity Integration
Many agencies mandated to implement common access card (CAC),
personal identity verification (PIV)
or other certification-based strong authentication are scrambling to upgrade legacy systems needed to meet those standards.
Upgrading an existing identity system based on outdated authentication methods — such as usernames and passwords — to a
stronger, certificate-based method requires manually replacing user names and passwords with tamperproof identity attributes implemented by
the certificate. This demands reaching into fragmented identity sources to create a common form of identity
“With identity- as-a-service,
I can plug in
my application and know that
I will get the
right data for authentication and authorization.”
– Dieter Schuller, Vice President, Sales and Business Development, Radiant Logic
representation, thereby integrating users’ attributes and providing a global identity profile. This unified view forms the basis for single sign-on and, more importantly, granular authorization and access.
Without this unified view, end users wrangle with multiple usernames and
passwords, and agencies can’t deploy the mandated strong authentication methods. Some users can’t get access to the systems they need, while others get access to what they shouldn’t have.
“When you build your own authentication and authorization functions into each application, things become even more siloed,” said Dieter Schuller, vice president, business development, at Radiant Logic. “Each new initiative involves an unanticipated project within a project, and identity integration becomes the roadblock to all of these new initiatives.”
Just Say No?
Overextending access rights is every cybersecurity pro’s nightmare. Given the sensitivity of the material, granular authorization is a must-have in the federal sector. An overabundance
of caution about access, though, can wall off functionality and cause unnecessary user delays.
“The easiest way to provide security is to simply say ‘no’ — and that is often what happens. People cannot get access,” Schuller said.
With fine-grained, dynamic authorization, policy engines ensure that users can access what they need at the right time — and nothing more. Modern authorization methods, such as ABAC, rely on a rich supply of user
PRODUCED BY: SPONSORED BY: