Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Content Layer
id861184405


Content Column
width32.4462%
id872120869


Content Block
padding0px 5px
margin15% 10% 2%
id758600416
classblockLabelSideNav

Page Contents


Content Block
background-color$secondaryColor
border-radius0 0 10px 10px
margin-3% 10%
id872120870
classsideNav

Table of Contents
minLevel2
indent15px


Content Block
padding0px 5px
margin15% 10% 2%
id758592736
classblockLabelSideNav

Jump to...


Content Block
background-color$secondaryColor
border-radius0 0 10px 10px
margin-3% 10%
id454125876
classsideNav



Content Column
width35.053806%
id861184409


Content Block
not-tabbedtrue
id88817709
alternate-stylefalse

Overview

Exostar's Federated Identity Service (FIS) is a comprehensive PKI solution that enables full lifecycle management of certificates, strong authentication practices and controlled access to applications through Exostar's Managed Access Gateway (MAG) platform. FIS minimizes risk and assures resources and intellectual assets are protected over the extended enterprise. Because it is operationally modeled after, and is compliant with CertiPath (the PKI cross-certification bridge) security policies and federal best-practice guidelines, FIS is ideal for enabling sensitive online transactions and secure access to information.


Certificate Types

  • Authentication/Identity:  Digital certificates can be used to prove identity and to allow access to online services (similar to a driver’s license in the non-online world).

  • Signature:  Digital certificates can be used to sign electronic documents, proving data has been authored by an individual and not been tampered with (similar to a wet ink signature and wax seal).
  • Encryption:  Digital certificates can be used to encrypt sensitive data preventing non- authorized parties accessing it (similar to a key to a safe).



Assurance Levels

Exostar issues certificates with varying assurance (strength) levels.  The strength of a certificate directly corresponds to the level of proof required to obtain a particular certificate and the security used to store the private key associated with the certificate.

  • Basic Level of Assurance (BLOA):  Does not require in-person identity check (no proofing required) and is stored on a user’s hard drive.
  • Medium Level of Assurance (MLOA) Software:  Stronger than BLOA and requires in-person identity check (in-person proofing required) and is stored on a user’s hard drive.
  • Medium Level of Assurance (MLOA) Hardware:  Stronger than MLOA Software and requires in-person identity check (in-person proofing required) and is stored on a USB Security Device (token).


When users download a BLOA Digital Software Certificate, an Identity Certificate is installed to the user’s hard drive. When a user downloads MLOA Digital Certificates, the user has to complete in-person proofing. For MLOA Software Digital Certificates, all three certificate types are installed to a user’s hard drive. For MLOA Hardware Digital Certificate, all three certificate types are installed onto a USB token.


Exostar's Secure Email Service is an end-to-end solution which enables customers to rapidly deploy SecureEmail without infrastructure or technology investments in PKI. The service is supported by Exostar's member-only hosted LDAP proxy to provide certificate look-up for our members and a range of digital certificates.

Exostar LDAP Proxy is designed to automate the process of discovery of end user encryption certificates to support secure email. It is a members-only service.


System Check

To run a system check, please go here.



Info

Click the arrows below to read further about the overall FIS BLOA and MLOA processes, benefits, and roles available to users.

HTML Wrap
classexpandList



Expand
titleWorkflow

Workflow

Please select the images to enlarge:

BLOA


MLOA



Expand
titleBenefits

Benefits

  • Accelerates deployments with open, standards-based protocols and certificate policies that enable identities/entitlements to be shared across systems/domains.
  • Assures identity validity via integrated, multi-layered security and authentication practices.
  • Meets critical technical and regulatory requirements.
  • Encourages rapid adoption of PKI-enabled services by partners, customers and suppliers through seamless interoperability with Intranets, Extranets and VPNs.


Expand
titleRoles and Responsibilities

Roles and Responsibilities

Authorized Officer: Executor of the contract and designator of the FIS Administrator.


FIS Administrator: This role is the same thing as an Application Administrator, just for the FIS application in particular. The FIS Administrator manages FIS-related activities for users within their organization. For more information, see the FIS Administrator Responsibilities page.



Content Column
width32.5%
id676338629


Content Block
padding3px 7px
margin15% 10% 2%
id1289089475
classblockLabelSideNav

News and
Announcements


Content Block
background-color$secondaryColor
border-radius0 0 10px 10px
margin-3% 10%
border-color$lightGrayColor
border-width1px
id88791570
border-stylesolid
classblockNews
Stay tuned...