Tom Clarke VP, Research & Technology National Center for State Courts.

Slides:

Advertisements

Similar presentations

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.

Advertisements

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Applying the SOA RA Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Tom Clarke, NCSC IAB Teleconference/Webinar August 14, 2008.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

JUVENILE COURT: CONTEXT AND OVERVIEW Janet Mason March 8, 2006 Institute of Government UNC at Chapel Hill.

Global Justice Information Sharing Initiative. Overview The Global Justice Information Sharing Initiative (Global) operates under.

1 Joyce Sensmeier MS, RN, FHIMSS, HIMSS Glen Marshall, Siemens Healthcare Charles Parisot, GE Healthcare IHE's contribution to standards harmonization.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

United States Department of Justice U.S. DOJ’s Global Justice Information Sharing Initiative Robert Boehmer Chairman, Global Advisory.

United States Department of Justice The goal : Enable justice information sharing and protect privacy.

State Advisory Committee on Juvenile Justice and Delinquency Prevention March Board Update 2014.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Wisconsin Digital Summit Monona Terrace November 15, 2004 Justice and Public Safety Interoperability: Wisconsin’s Justice Information Sharing (WIJIS) Initiative.

Realize the Power of Information Global Advisory Committee Meeting October 31, 2007 Steve Ambrosini Director of Operations The IJIS Institute.

James Cabral, David Webber, Farrukh Najmi, July 2012.

1 GJXDM/NIEM Presentation. Global Information Sharing Initiatives Executive Briefing Global Information Sharing Initiatives Executive Briefing 2 Background:

Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

...From Collaboration to Integration... Page: 1 November 2, 2006 Welcome and Introduction James Dyche Systems Manager 5 Technology Park Harrisburg, PA.

SEARCH Membership Group Systems & Technology PAC Global Justice XML Data Model (GJXDM) Update January 29, 2005.

1 NIEM Child Support & Court Communications From Concept to Action CSE Courts.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

GRA Implementations using Open Source Technologies Mark Perbix and Yogesh Chawla SEARCH.

United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

The State of the Information Sharing Union The State of the Information Sharing Union Paul Wormeli Executive Director IJIS Institute

Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Navigating the Standards Landscape Andrew Owen SEARCH.

United States Department of Justice Global Security Working Group Update Global Advisory Committee November 2, 2006 Washington, D.C.

National Information Exchange Model (NIEM) Overview February 7, 2006 Dave Roberts NIEM Communications and Outreach.

Overview of Issues and Interests in Standards and Interoperability Mary Saunders Chief, Standards Services Division NIST.

Categorization Recommendations for Implementing the E-Gov Act of 2002 Richard Huffine U.S. Environmental Protection Agency Co-chair, Categorization Working.

Partnerships in Information Sharing California Department of Justice Bureau of Criminal Identification and Information.

Vermont Yankee Nuclear Power Corp. v. NRDC, 435 U.S. 519 (1978) Strategic Delay in Derailing Public Policy.

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

National Information Exchange Model (NIEM) Executive Introduction November 29, 2006 Thomas O’Reilly NIEM Program Management Office.

Information Technology Division Executive Office for Administration and Finance Service Oriented Architecture An Enterprise Approach to Enabling the Business.

GAC Highlight: Sharing Criminal Record Information Among New Mexico Tribes and State Kelly Harris, SEARCH Deputy Executive Director.

United States Department of Justice Achieving Information Interoperability and Business Agility The Justice Reference Architecture:

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Jacques Bus Head of Unit, DG INFSO-F5 “Security” European Commission FP7 launch in the New Member States Regional on-line conference 22 January 2007 Objective.

Decoding the Alphabet Soup: Global JIS Standards 101.

Presented by Washington State Administrative Office of the Courts Service-Oriented Architecture: Why should we care? Tom Clarke January 2005.

Collaboration & Transformation Special Interest Group Information Sharing Committee Observations August 2011.

Exploring Service-Oriented Architecture (SOA) to Support Justice-Related Information Sharing Steven E. Correll, Chair Global Infrastructure/Standards Working.

The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.

AlabamaCAN Victim Notification System. AlabamaCAN – Victim Notification System Unique Approach to Victim Notifications Internally Developed Solution Suite.

1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.

IJIS Institute National Projects IJIS Institute National Projects Paul Wormeli Executive Director IJIS Institute Global Advisory.

Last Topic - Factor responsible for development of Administrative Law

Achieving Justice Information Interoperability

Standards and Certification Training

NAAS 2.0 Features and Enhancements

MODULE B - PROCESS SUBMODULES B1. Organizational Structure

Chapter 43 Administrative Law and Regulatory Agencies

The Access Challenge Multiple ID Cards Several Purposes

Summary of GSC-13 IPR WG Meeting

Presentation transcript:

Tom Clarke VP, Research & Technology National Center for State Courts

Historical Recap Courts have focused on ad hoc policies within local trusted networks for sharing data with other agencies. Courts have based their public access policies on the CCJ/COSCA Guidelines published in Many states restrict public access to juvenile data, but there is no overall consensus. Many states have been forced to consider access by social agencies for the first time only when actual exchanges were recently proposed.

Abuse & Neglect Access Policies 2 states presume open access in all juvenile cases. 14 states presume open access, with judicial discretion to close cases. 10 states presume closed access, with judicial discretion to open cases. 6 states presume closed access, with some exceptions. 21 states presumed closed access--period.

Delinquency Access Policies 35 states permit or require open access with some age and offense restrictions. 15 states have closed access. There are lots of special conditions and details about access that vary across states.

Traditional Technical Approach Two strategies are typically used for enforcement: Bilateral MOU’s between local agencies for policies. Application-embedded access rules for enforcement. At best, application rules enforce coarse (less granular) access policies using broad role definitions. At worst, lists of personnel in roles are not kept up to date, allowing inappropriate access. The policy focus was on public access, either at the courthouse or online.

Emerging Problems in Data Sharing Justice and social agencies are sharing more data of all kinds than ever before. Justice and social agencies are sharing more data outside their local trusted networks. Privacy and access rules are often complex and detailed. Privacy and access rules often require analysis of context and purpose for use. Manual training is often insufficient to ensure proper enforcement of complex business rules.

New Solutions The national justice community has established best practices for creating access and privacy rules for sharing information between government agencies. Global Justice Information Sharing Committee (GAC) Privacy Products: impact analysis, policy templates, technical enforcement models Other government communities and private industry are working on similar technical approaches. The emphasis is on privacy protection, based on the Fair Information Practices or FIPs.

Built on Open Standards Data Content: National Information Exchange Model or NIEM (earlier the GJXDM) Messaging: Justice Reference Architecture or JRA Various open web services technical standards Security: Global Federated Identity and Privilege Management or GFIPM Privacy: Based on NIEM, JRA and GFIPM, adds XACML capability

New Technical Approach Establish policies with as much granularity as needed: Subject attributes Purpose attributes Context attributes Resource attributes Obligation attributes Attributes are metadata: data about data. Data types are “tagged” using standard codes to facilitate appropriate automated rule enforcement.

New Technical Approach Advanced technical methods are used to establish “trust” across networks using open standards. Organizations manage their own members and assert attributes about them to others. Third party organizations provide rule identification, deconfliction, and enforcement capabilities: Policy Administration Points (PAP) Policy Decision Points (PDP) Policy Enforcement Points (PEP)

Business Advantages Organizations can automate enforcement of complex and very granular (detailed) access and privacy rules. Enforcement infrastructures can be reused in multiple contexts for multiple exchanges. Rules can be changed without impacting the underlying agency applications. Rules are enforced even when the data “travels” beyond the agencies or agency staff involved in the original exchange.

Implementation Issues The technology is still relatively new (but most major vendors now support the underlying technical standards in their off-the-shelf products). State and federal HHS agencies have not participated in the communities developing the technical standards nor any of the implementation pilots. The Healthcare community is just now beginning to implement some of the same automated privacy policy enforcement capabilities. Establishing the initial privacy enforcement infrastructure is relatively expensive, but subsequent reuse is relatively inexpensive.

New Supporting Capabilities The federal HHS has just decided to use NIEM for the data content of some exchanges. A new family and Juvenile domain now exists in NIEM for juvenile content. A NIEM-compliant data model for exchanges between courts and state HHS agencies now exists.

But How Real Is It? A court pilot project in Orange County, California is testing these automated privacy enforcement capabilities right now and partnering with the California Administrative Office of the Courts on further uses. Georgia and Alabama law enforcement agencies are piloting similar capabilities. Corrections and probation/parole pilots will start later this year in jurisdictions to be determined. To date, no HHS agency has participated and no juvenile data has been included in these pilots.