Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.

Published byEstella York Modified over 8 years ago

Similar presentations

Presentation on theme: "Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005."— Presentation transcript:

1 Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005

2 Tactical Approaches VPN / Trusted Certificates/Credentials Customized Gateways Vetted and agreed upon policies and procedures Information exchange model (IEM) – XML credentials System-to-System use case IVE appliance integrated with infrastructure – Identities propagated throughout network – Tools that delegate the assignment of privileges – Certificate Policy/Practice Statement User-to-Application use case

3 Acute Awareness Primary Impediments to Information Sharing – Incompatible technologies – Identity, authentication, & authorization policies Factors Affecting Interoperability – Numerous autonomous agencies – Multiple trust domains – Heterogeneous environments – Varied governance structures – Significant investment in legacy environments – Inconsistent or non-existent security policies & procedures – Disparate and incompatible security mechanisms

4 Fundamentals of Success Trusted Identities – Identity Management Addresses the inter-domain security problem with trust and standards Agreements, standards, technologies make identity and entitlements portable across autonomous domains An authenticated user can be easily recognized and take part in the services offered by other “federation” service providers Privilege Management

5 Addressing the Problem Nat’l Criminal Intelligence Sharing Plan (NCISP) Global Justice Information Sharing Initiative – Advisory Committee Membership/Leadership – Advisory Committee Executive Steering Committee – Working Groups Infrastructure Standards Security –Global Security Architecture Committee Intelligence Privacy and Information Quality

6 Committee Composition Criminal Information Sharing Alliance Network (CISAnet) Regional Information Sharing Systems Network (RISSNET) Justice Network (JNET) DHS Homeland Security Information Network (HSIN)/ Joint Regional Information Exchange System (JRIES) Automated Regional Justice Information System (ARJIS) California and Wisconsin Departments of Justice

7 Business Problem – Recognized networks and information systems exist that involve substantial investments in technology, governance structures, and trust relationships – Failure to enable interoperability between the available information systems continues impede law enforcement and government officials’ ability to take effective actions when they are not aware of other information that may be known about a person or event Global Security Architecture Committee (GSAC)

8 Scope – In response to the implementation of the National Criminal Intelligence Sharing Plan (NCISP) to develop an “overall” NCISP Interoperability Framework – To define of a set of “jointly agreed-upon and standards-based security mechanisms, communications protocols, and message formats” Global Security Architecture Committee (GSAC)

9 Initiatives Federated Identity and Privilege Management Security Interoperability Demonstration (GSAC) Trusted Credential Project (RISS) DHS Service Oriented Architecture – Security and Identity Management (IdM) Component (DHS)

10 “Demonstration” Scope – Develop and prove an identity and privilege management service that can be used to apply authentication and access controls by disparate systems and networks desiring to make their resources “sharable” Deliverable – Demonstrate a universal mechanism, implementation- independent and non-vendor specific, designed to share trusted assertions (agreed set of attributes) that can be used to apply authentication and access controls

11 Demonstration Scope What’s IN What’s OUT Policies Process definition Established baseline of vetting requirements User-to-application use case Web-based applications only Use open source, non- commercial software to keep licensing costs to a minimum

12 Participation Premise Participants retain control over their resources (dissemination & access control decisions made locally) Participants register and administer their subscriber base Participants can implement local technologies Participants agree to a minimal set of policies, procedures, and standards allowing for subscriber authentication and privilege information to be passed between participants Participation does not preclude independent, out-of- band, bilateral agreements between participants

13 Use Case User-to-Application Premise – User “A” of System “A” needs access to the application(s) of System “B” Problem – So… how do applications made accessible by System B identify, authenticate, authorize, entitle, and ultimately trust, users of System A?

14 Use Case Characteristics A valid subscriber of System “A” can access applications of System “B”; a federation participant A valid subscriber of System “B” can access applications of System “A”; a federation participant A subscriber is “registered” locally and is not required to re-register to another federation participant’s system or application

15 Characteristics, cont’d A subscriber authenticates locally and is not required to re-authenticate to another federation application – even if that subscriber has traversed multiple applications within the federation Subscriber information is passed to the federation system or application – access control decisions can be made without local provisioning

16 Goal/Objective A multi-directional electronic exchange of criminal intelligence information, achieved through secure systems interoperability between networks/ information systems currently not capable of doing so.

17 More Information… Christina Rogers CA Department of Justice (916) 227-3124 Christina.Rogers@doj.ca.gov

Download ppt "Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005."

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
National HIT Agenda and HIE - 2007 John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
CNI Fall 1998 Access Management Requirements and Approaches Joan Gargano California Digital Library

CNI Fall 1998 Access Management Requirements and Approaches Joan Gargano California Digital Library
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
All Rights Reserved: JusticeExperts.com Enterprise? What Enterprise? Enterprise Development.

All Rights Reserved: JusticeExperts.com Enterprise? What Enterprise? Enterprise Development.
S.R.F.E.R.S. State, Regional, and Federal Enterprise Retrieval System Inter-Agency & Inter-State Integration Using GJXML.

S.R.F.E.R.S. State, Regional, and Federal Enterprise Retrieval System Inter-Agency & Inter-State Integration Using GJXML.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
1 Overview of Other Global Networks Exchange Network User Group Meeting April 2006.

1 Overview of Other Global Networks Exchange Network User Group Meeting April 2006.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
United States Department of Justice www.it.ojp.gov/global U.S. DOJ’s Global Justice Information Sharing Initiative Robert Boehmer Chairman, Global Advisory.

United States Department of Justice U.S. DOJ’s Global Justice Information Sharing Initiative Robert Boehmer Chairman, Global Advisory.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Similar presentations

Ads by Google