Add new comment

Been there. Done that.

AFRL developed, accredited, and deployed a free LiveCD webSSO for small, fast, niche uses that provide CAC-in to Google. AFRL used it for ~6 months to provide CAC-in to its Google pliot. Its also DISA STIG'd, a testbed for advanced authentication technologies, and now a free project at Any group can now create their own.

AFRL also created and tested CAC-in using the AF Portal... fast, simple, and free. AFRL is using it now to provide CAC-in for its ~140 person GAfG pilot. The novel process can be adopted by anyone. AKO is conducting a similar test very soon. See . The process can be automated so any group could obtain such a CAC-in service from those enterprise-class Single Sign On (webSSO) services in a few minutes w/out approval. For large GAfG domains, AFRL is also exploring an advanced solution which leverages the webSSO's account & identity management services to ease GAfG admin duties.

All the above solutions are for / were tested on Google Apps for Government domains, but they can be used for any SAML v2.0 compliant cloud for authentication.

The GAfG domains used are accredited / approved for CUI / FOUO / sensitive info.

No CRADA, contract, or such was needed. It was mostly a part-time effort of just one person. AFRL just used Google's published standards, added a few COTS elements, and some ingenuity. Easy.

Other GAfG pilots across the DoD have solved similar, and tougher issues wrt the cloud.

AFRL repeatedly offered its work to DISA.