Leveraging Passkeys for a Federated Federal Government Environment

Session Details

This presentation will describe a potential model and functional architecture for the implementation of Derived PIV Passkeys (DPPs) for use between users who possess valid PIV Cards and federal service providers. DPPs represent a user-friendly, multifactor, phishing-resistant, sync-able and recoverable authenticator type broadly supported on and between popular IT and mobile platforms. DPPs also benefit from being associated with the strong identity proofing and lifecycle management processes of the federal Personal Identity Verification (PIV) Card based on FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors. The operational architecture of DPPs, dictated by the requirements of NIST SP 800-157r1: Guidelines for Derived Personal Identity Verification (PIV) Credentials, necessitate the use of identity federation technology to transmit authentication assertions from the federal issuing agency system to the federal service provider from which the user seeks to obtain services. Such an architecture has some unique properties, advantages and disadvantages which will be discussed as a part of this presentation. The use of DPPs within the US federal enterprise represents a leap into modern authentication for federal users without sacrificing the mature and high assurance identity management processes that have been in use within federal government since 2005!