Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNCLASSIFIED 1 Authorization and Attribute Service Tiger Team (AATT) Update & Status January 13, 2008

Published byElizabeth Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "UNCLASSIFIED 1 Authorization and Attribute Service Tiger Team (AATT) Update & Status January 13, 2008"— Presentation transcript:

1 UNCLASSIFIED 1 Authorization and Attribute Service Tiger Team (AATT) Update & Status January 13, 2008 Rodolph.morrison@osd.mil

2 UNCLASSIFIED IC/DoD Authorization & Attribute Service Tiger Team (AATT) December 18, 2007- Established the IC/DoD AATT –DoD Co- Chair: Ms. Myra Powell –IC Co- Chair: Ms. Amy Reiss Purpose: –Implement Authorization and Attribute Services across the IC & DoD as part of a dynamic information sharing environment that delivers timely information to authorized users Objective: –Provide Operational user/resource owners the ability to control information sharing Result: Users gain appropriate access to mission critical & business information without manual pre-registration processes –Identify common interfaces and service specifications that can be used to deploy common authorization and attribute capabilities across the IC & DoD environments Unified security services enabling agile information sharing and collaboration for SIE and GIG 2

3 UNCLASSIFIED 3 Why Authorization and Attribute Services Attribute Based Access Control can enable: –Dynamic service and data discovery* and access –Unanticipated (but authorized) access to critical information –Resource owners can provide services and data to larger community –Dynamic, agile security posture (policy) change to meet mission tempo

4 UNCLASSIFIED 4 Access Control Information is virtually ‘trapped’ within systems that require account creation, or addition to a list. Manual process to add EACH user to EACH resource Resource 1 Resource 2 Millions of Users Today Future Attributes … Policy Domain Access List Add EACH User to List Administrator Resource 1 Resource 1 Owner Manual Request Access Request Access Add EACH User Account Resource 2 Manual Single User Users gain access seamlessly- no pre-registration, no delay … … while the services and data remain secure & protected!

5 UNCLASSIFIED 5 IC/DOD AATT Deliverable Status Each deliverable is being developed by a subgroup of the AATT. Each deliverable team is comprised with both IC and DOD membership. Each deliverable team is co-led by an IC and a DOD representative. Present day all deliverable teams have been established and have completed or are nearly finished.

6 UNCLASSIFIED 6 AATT Major Contributions Technical –AATT CONOP –AATT Interface Specification –AATT Authoritative Source and Attribute Service Guidelines –ABAC Pilot Workshop & Pilot alignment Policy –Recommendations regarding Authorization and Attribute Policy that need to be developed. Governance –AATT identified the need for ongoing Governance to ensure Compliance with the AATT CONOP Compliance with the AATT Interface Specification Availability of timely, accurate authorization attributes Maintenance of authorization attribute definitions & acceptable values AATT Deliverables provide significant contribution toward the implementation of secure, agile information sharing

7 UNCLASSIFIED 7 AATT Proposed On-going Tasks Establish Authorization and Attribute Service Working Group –The Phase I set of AATT deliverables is just the beginning for building ABAC solutions. More work is needed in support of IdAM and ESM. –Authorization Attribute Governance Committee – Process to add and maintain attributes list – Monitor Authoritative Sources – Facilitate Community Service Level Agreements –Additional SAML Profile Work Presently leveraging only Attribute Assertions Today: 80% Attribute Service - 20% Authorization Service Follow-on: 20% Attribute Service - 80% Authorization Service – Expand the AATT WG membership – Identify pilot opportunities that include DoD, IC, Coalition and other Federal efforts. – Address Advanced Dynamic Policy Capabilities Address Policy (access rule) tools, portability, hierarchy – Address Attributes for Non Person Entities Users, Systems, Data, Environment, Situation

8 UNCLASSIFIED Resources Deliverables are available via the following: High Wiki –http://www.intelink.ic.giv/wiki/IC_Authorization _and_Attribute_Servies_Tiger_Teamhttp://www.intelink.ic.giv/wiki/IC_Authorization _and_Attribute_Servies_Tiger_Team Low Wiki –http://www.intelink.gov/wiki/Authorization_and _Attribute_Tiger_Teamhttp://www.intelink.gov/wiki/Authorization_and _Attribute_Tiger_Team DKO AATT Group –https://www.us.army.mil/suite/page/504666https://www.us.army.mil/suite/page/504666 8

9 UNCLASSIFIED Point of Contact ABAC Lead Martin Costellic,NII/DoD- CIO –Martin.Costellic@osd.mil

10 UNCLASSIFIED 10 Discussion and Questions

11 UNCLASSIFIED 11 Build on the AATT Foundation Recommended Policy & Governance Deliverable Set –AATT Policy Recommendations. Develop the authorization and attribute service IC and DoD policies recommended in the AATT Policy Recommendation paper. –Advanced Policy Recommendations. Develop policies based on lessons learned from pilots and operational deployment. –Governance. Establish governance arm to maintain the defined Authorization Attribute Set and report to the DoD and IC Governance bodies. Example Governance topic: Assess and Approve Changes to the Attributes or Attribute Values, based on need for a new attribute, or change to a referenced attribute set. –E.g. OMB Organization Names.

12 UNCLASSIFIED 12 Build on the AATT Foundation Recommended Technical Deliverable Set –Policy (access rules) Development. Provide guidance and examples for the development of policies (access rules). –Develop Solutions for Broad set of Partners. Adapt existing AATT solutions and/or develop solutions to provide authorization and attribute services for broader set of partners. –Develop detailed Profile Definition with Industry. Further definition of standard profiles for the AATT Interface Specification, to ensure interoperability between DoD and IC implementations, as well as profiles for additional partners. –Standards Assessment and Recommendation. Assess emerging standards for applicability and possible adoption by the DoD and IC, to include industry adoption of standards. –Investigate Emerging Standards and Solutions. Assess the utility of secure token service that combines authentication & authorization for the IC & DoD. –Pilot alignment. Continue work to align pilot activities.

13 UNCLASSIFIED Recommended Attributes No.Friendly Name JWICSSIPRNETNIPRNET Baseline Future FY 10-15 Baseline Future FY 10-15 Baseline Future FY 10-15 1.CitizenshipStatus (Single)XX 2.CountryofCitizenship (Single)XXX 3.Clearance (Single)XXX 4.Cleared* (Single)X 5.SCIControls (Multi)XX 6.DistinguishedName (Single)XXX 7.OrganizationName (Single)XXX 8.UniqueIdentifier (Single)XXX 10.POA (Multi)XXX 11.FASC-N (Single)XX 12.PayGrade (Single)XX 13.PayPlan (Single)XX 14.DutyOccupationalCode (Single)XX 15.PrimaryOccupationalCode (Single)XX *Attributes may be available for use prior to the FY 10-15 timeframe. 9.EmployeeType (Multi)XXX 13

Download ppt "UNCLASSIFIED 1 Authorization and Attribute Service Tiger Team (AATT) Update & Status January 13, 2008"

Similar presentations

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Provider Directory Services (PDS) March 12, 2015 Karen Hale, Senior Policy Analyst Office of Health Information Technology, Oregon Health Authority

Provider Directory Services (PDS) March 12, 2015 Karen Hale, Senior Policy Analyst Office of Health Information Technology, Oregon Health Authority
UNCLASSIFIED 1 Enterprise Architecture Career Path Working Group Walt Okon Senior Architect Engineer Architecture & Infrastructure Directorate Office of.

UNCLASSIFIED 1 Enterprise Architecture Career Path Working Group Walt Okon Senior Architect Engineer Architecture & Infrastructure Directorate Office of.
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
Principles of Quality Architecture and Moving Forward Towards a Unified Common Approach 5 January 2012 Walt Okon Senior Architect Engineer Architecture.

Principles of Quality Architecture and Moving Forward Towards a Unified Common Approach 5 January 2012 Walt Okon Senior Architect Engineer Architecture.
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.

S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
1 Universal Core Executive Briefing Paul Shaw COI Forum October 16, 2007.

1 Universal Core Executive Briefing Paul Shaw COI Forum October 16, 2007.
Information Technology Audit

Information Technology Audit
A Combat Support Agency Defense Information Systems Agency UNCLASSIFIED Program Executive Office GIG Enterprise Services (PEO-GES) 101 Briefing As of October.

A Combat Support Agency Defense Information Systems Agency UNCLASSIFIED Program Executive Office GIG Enterprise Services (PEO-GES) 101 Briefing As of October.
Embedding Records Management into Agency Processes The FEA Records Management Profile Laurence Brewer, CRM National Archives and Records Administration.

Embedding Records Management into Agency Processes The FEA Records Management Profile Laurence Brewer, CRM National Archives and Records Administration.
Program Update ASMC Meeting May 2005. BMMP Mission “Transform business operations to achieve improved warfighter support while enabling financial accountability.

Program Update ASMC Meeting May BMMP Mission “Transform business operations to achieve improved warfighter support while enabling financial accountability.
OE 3B Roles & Responsibilities New GSMP V15 26 th August 2009.

OE 3B Roles & Responsibilities New GSMP V15 26 th August 2009.
Functional Model Workstream 1: Functional Element Development.

Functional Model Workstream 1: Functional Element Development.
Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.

Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.
National Preparedness All Hazards Consortium Corey Gruber Assistant Deputy Administrator, National Preparedness National Preparedness.

National Preparedness All Hazards Consortium Corey Gruber Assistant Deputy Administrator, National Preparedness National Preparedness.

Similar presentations

Ads by Google