Military Health System (MHS)
Identity & Authentication Services / Single Sign-On (SSO)

Download Project Sheet PDF (105k) Identity & Authentication Services / Single Sign-On (SSO)

Project Overview

PSI is the prime integrator for enterprise identity and authentication services (iAS) within the Military Health System (MHS) enterprise. As part of this initiative, PSI is delivering a secure and robust, integrated Public Key Enablement (PKE) service and Single Sign-On (SSO) solution that enables over 700,000 users in the MHS enterprise to use their common access card (CAC) or logon account and password to access MHS applications without a need to log into applications separately or redundantly. By providing identity and authentication services at the enterprise level, the MHS lowers the total cost of ownership for its internal applications while allowing a single point of management for authentication-related security and compliance.

PSI Services & Results

PSI has been providing the architectural design, procurement, installation, configuration, system engineering and performance tuning services required for hardware and software components of the technical solution. In March 2006, the PSI Team stood up the Sun Microsystems Java Enterprise System (JES) technology stack at the DISA San Antonio computer center across eight high performance Sun Microsystems Sunfire servers. Load testing was designed and conducted to assure necessary performance to carry all MHS enterprise applications.

The deployed framework integrates public key enablement for 20 enterprise web applications, providing compliance to Joint Task Force—Communications Task Orders (JTF-CTO) mandating PKE and setting the stage to secure all access to MHS applications using the DoD Common Access Card (Smart Card).

The capability is being leveraged so that in December of 2007, the Personal Health Record was deployed as the first Public Key Enforced application, requiring a DoD CAC authentication to access HIPAA-related data. The current project scope also includes ongoing work to implement the Sun Microsystems Identity Management product suite for enterprise-wide registration, auditing and reporting. The MHS is fast becoming a showcase for illustrating how an enterprise can manage its infrastructure in a leveraged fashion by providing service-oriented capabilities and utilizing best practices to reduce costs and assure compliance to related security and privacy directives. By the time the last MHS enterprise application has fully integrating into using the framework, the MHS will know how many users access what applications and what the usage patterns are across the enterprise.

The MHS now benefits from a single enforcement point for applying security policy as it relates to identity authentication. In addition to providing enterprise-wide PKE and SSO, the solution developed by the PSI Team provides a standards-based, federated SSO capability between service portals and the MHS. This has provided the first federated identity capability between major defense portals. At this time, over one million users of Army Knowledge Online (AKO) and the Air Force Global Combat Support System (GCSS) portal can now share the authentication tokens with the MHS, thereby allowing users of those portals to seamlessly enter the MHS application enterprise without an additional logon.

Copyright 2007 Planned Systems International. All Rights Reserved.
Legal Information | Privacy Policy