Presentation is loading. Please wait.

Presentation is loading. Please wait.

United States Department of Justice www.it.ojp.gov/global Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

Published byMadlyn Stanley Modified over 8 years ago

Similar presentations

Presentation on theme: "United States Department of Justice www.it.ojp.gov/global Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,"— Presentation transcript:

1 United States Department of Justice www.it.ojp.gov/global Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg, Chair, Global Technical Privacy Task Team and Dr. Alan Harbitter, IJIS Institute 10/31/2007

2 United States Department of Justice www.it.ojp.gov/global Topics Approach Overview Privacy Policy Technical Framework and Components Applying the Framework to a Simple Use Case Implementing the Framework Task Progress Summary

3 United States Department of Justice www.it.ojp.gov/global Underlying Principles and Assumptions Do not invent new technology Focus on the domain-specific components required for interoperability (e.g., standards, specific metadata) For now, focus on access rather than collection Assume that there is a written policy in place Briefly, we are going to –Identify technologies to translate written privacy policy in machine-readable form –Define the pieces necessary to link justice information systems to that policy

4 United States Department of Justice www.it.ojp.gov/global Global Privacy Task Team Approach 1.Review the Global Privacy and Information Quality Working Group “Privacy Policy Development Guide and Implementation Templates” for Business Requirements 2.Draft Technical Requirements from Business Requirements 3.Validate Technical Requirements against sample use cases

5 United States Department of Justice www.it.ojp.gov/global Global Privacy Task Team Approach (continued) 4.Define a Technical Framework for Implementing Privacy Policy 5.Identify metadata to support electronic privacy policy implementations 6.Review vendor products, market maturity for designing and deploying policy services 7.Provide a Summary of Design/Implementation Guidelines, Technical Framework, Standards, and Recommendations for Next Steps

6 United States Department of Justice Technical Framework Audit trail Environmental conditions Written policy Obligations Actions: release, modify, access, delete, … Response message Content metadata Electronic policy statements (dynamic, federated) PEP PDP Request message Identity credentials PEP: Policy Enforcement Point PDP: Policy Decision Point

7 United States Department of Justice www.it.ojp.gov/global Electronic Policy Rules General authorization policy rule –Perform outcomes in response to requests by user categories to perform actions on data categories under conditions for valid business purpose(s) subject to prior agreement to [optional] obligations (metadata in bold italics)

8 United States Department of Justice www.it.ojp.gov/global Example Electronic Privacy Policy Rule Specific to justice applications –Allow (oc) law enforcement ORIs (uc) to perform Updates (a) on criminal history records (dc) under the condition where the ORI is the record owner (c) for criminal history reporting (p) requiring logging of actions (o) uc:User categories a:Actions dc:Data categories c:Conditions p:Purposes o:Obligations Oc:Outcome

9 United States Department of Justice Simple Use Case: A Cross-Jurisdictional Traffic Stop

10 United States Department of Justice www.it.ojp.gov/global More Implementation Considerations Level of authorization granularity impacts cost and complexity –Coarse-grained authorization—user categories including attributes such as user role, user certifications, user organization/membership, … are evaluated to grant/deny access to an application/database/portal –Fine-grained authorization—user categories and data categories are evaluated to restrict access to specific records within a database or specific functions within an application Industry support –There are commercial products available to implement each component of the framework

11 United States Department of Justice www.it.ojp.gov/global More Implementation Considerations (continued) Open standards support –WS-Federation built upon WS-Policy Framework WS-Trust WS-SecureConversation WS-Security –WS-MetaDataExchange –XACML (Policy Assertion Language (PAL)) –WS-SecurityPolicy Domain-specific vocabulary –NIEM/GJXDM privacy and data quality metadata additions

12 United States Department of Justice www.it.ojp.gov/global Implementation Cost Considerations Balance cost, risk, and complexity –Human MOU with no technical implementation standards –Low-hanging fruit such as encryption of portable media (memory sticks, laptops, etc.) –Larger investment and support required for fine- grained than for coarse-grained authorization

13 United States Department of Justice www.it.ojp.gov/global It’s Not All Technology Training and outreach Legal research of laws governing privacy and disclosure requirements Establishment of information stewards and policy decision makers –Confidentiality of personal information –Appropriate Use Practices –Appropriate dissemination policy –Physical security measures –Procedural measures –Policy on portable devices/media –Separation of security administration roles

14 United States Department of Justice www.it.ojp.gov/global Global Tech Privacy Team Status Update First draft report delivery—June 2007 Global Working Groups, GESC, and IJIS reviews— July/August 2007 Final draft—executive review and ready for release in fall 2007 Follow-up and next steps—currently under consideration by GAC GESC: Global Executive Steering Committee IJIS: Integrated Justice Information System Institute

15 United States Department of Justice www.it.ojp.gov/global Next Steps Action items and assignments –Privacy Policy Pilot Projects Global Security Working Group (GSWG) Global Privacy Information Quality Working Group (GPIQWG) –Continued integration with Justice Reference Architecture (JRA) Global Infrastructure Standards Working Group (GISWG) –Mature metadata and integrate with NIEM/GJXDM/GFIPM XML Structure Task Force (XSTF)

16 United States Department of Justice www.it.ojp.gov/global Recommendations Adopt the Privacy Policy Technical Framework Adopt the common set of standards and metadata that are specific to the justice domain and aligned with current initiatives Develop a transition strategy for moving to enterprise electronic policy services

17 United States Department of Justice www.it.ojp.gov/global Questions?

18 United States Department of Justice www.it.ojp.gov/global GAC Recommendations 1.Adopt Implementing Privacy Policy in Justice Information Sharing: A Technical Framework 2.Recommend as resource Implementing Privacy Policy in Justice Information Sharing: A Technical Framework Executive Summary Flyer 3.Recommend as resource Global Federated Identity and Privilege Management Executive Summary Flyer

Download ppt "United States Department of Justice www.it.ojp.gov/global Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,"

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Business Plan and Outstanding Issues for Illinois Justice Network Portal IIJIS Technical Committee Meeting January 16, 2004.

Business Plan and Outstanding Issues for Illinois Justice Network Portal IIJIS Technical Committee Meeting January 16, 2004.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Information Security Policies and Standards

Information Security Policies and Standards
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Global Justice Information Sharing Initiative. www.it.ojp.gov/global Overview The Global Justice Information Sharing Initiative (Global) operates under.

Global Justice Information Sharing Initiative. Overview The Global Justice Information Sharing Initiative (Global) operates under.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
United States Department of Justice www.it.ojp.gov/global Global Privacy and Information Quality Working Group Chairman Carl Wicklund.

United States Department of Justice Global Privacy and Information Quality Working Group Chairman Carl Wicklund.
United States Department of Justice www.it.ojp.gov/global The goal : Enable justice information sharing and protect privacy.

United States Department of Justice The goal : Enable justice information sharing and protect privacy.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Similar presentations

Ads by Google