Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.

Slides:

Advertisements

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Advertisements

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Lecture 23 Internet Authentication Applications

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

CNI Fall 1998 Access Management Requirements and Approaches Joan Gargano California Digital Library

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

All Rights Reserved: JusticeExperts.com Enterprise? What Enterprise? Enterprise Development.

S.R.F.E.R.S. State, Regional, and Federal Enterprise Retrieval System Inter-Agency & Inter-State Integration Using GJXML.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

1 Overview of Other Global Networks Exchange Network User Group Meeting April 2006.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

United States Department of Justice U.S. DOJ’s Global Justice Information Sharing Initiative Robert Boehmer Chairman, Global Advisory.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

TechRISS RISS. RISSTech Global Justice Information Sharing Initiative Global Advisory Committee RISS / RISSNET Trusted Credential Project Washington,

Wisconsin Digital Summit Monona Terrace November 15, 2004 Justice and Public Safety Interoperability: Wisconsin’s Justice Information Sharing (WIJIS) Initiative.

The InCommon Federation The U.S. Access and Identity Management Federation

PROJECT NAME: DHS Watch List Integration (WLI) Information Sharing Environment (ISE) MANAGER: Michael Borden PHONE: (703) extension 105.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Information Sharing Challenges, Trends and Opportunities

TUESDAY, 4:00 – 4:20PM WEDNESDAY, 4:00 – 4:20PM Douglas Hill, NHIN Implementation Lead (Contractor), Office of the National Coordinator for Health IT Vanessa.

11 Aeronautical Information Exchange Model (AIXM) / Weather Information Exchange Model (WXXM) Conference Addressing the NextGen Challenge Charles A. Leader.

...From Collaboration to Integration... Page: 1 November 2, 2006 Welcome and Introduction James Dyche Systems Manager 5 Technology Park Harrisburg, PA.

Who is TIJIS? What is NIEM? What is the Texas Path to NIEM? What does it mean to me?

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

United States Department of Justice Global Security Working Group Update Global Advisory Committee November 2, 2006 Washington, D.C.

Shibboleth: An Introduction

W HAT IS I NTEROPERABILITY ? ( AND HOW DO WE MEASURE IT ?) INSPIRE Conference 2011 Edinburgh, UK.

OGF DMNR BoF Dynamic Management of Network Resources Documents available at: Guy Roberts, John Vollbrecht.

United States Department of Justice Achieving Information Interoperability and Business Agility The Justice Reference Architecture:

State of e-Authentication in Higher Education August 20, 2004.

E-Authentication in Higher Education April 23, 2007.

National Information Exchange Model (NIEM) Executive Introduction November 29, 2006 Thomas O’Reilly NIEM Program Management Office.

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Decoding the Alphabet Soup: Global JIS Standards 101.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

CaGrid 1.0 Security Infrastructure Stephen Langella, Scott Oster, Shannon Hastings, David Ervin, Joshua Phillips, Vinay Kumar, Tahsin Kurc, Joel Saltz.

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

DOCUMENT #:GSC15-PLEN-27 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.4 CONTACT(S): Amardeo Sarma, ISG INS Chair Identity & Access Management activities.

INDIGO – DataCloud Security and Authorization in WP5 INFN RIA

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

1 CDC Health Information Exchange (HIE) Accelerating State-wide Public Health Situational Awareness in New York Through Health Information Exchanges August.

Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.

Bob Jones EGEE Technical Director

Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.

Data and Applications Security Developments and Directions

THE STEPS TO MANAGE THE GRID

HIMSS National Conference New Orleans Convention Center

WS Standards – WS-* Specifications

Presentation transcript:

Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005

Tactical Approaches VPN / Trusted Certificates/Credentials Customized Gateways Vetted and agreed upon policies and procedures Information exchange model (IEM) – XML credentials System-to-System use case IVE appliance integrated with infrastructure – Identities propagated throughout network – Tools that delegate the assignment of privileges – Certificate Policy/Practice Statement User-to-Application use case

Acute Awareness Primary Impediments to Information Sharing – Incompatible technologies – Identity, authentication, & authorization policies Factors Affecting Interoperability – Numerous autonomous agencies – Multiple trust domains – Heterogeneous environments – Varied governance structures – Significant investment in legacy environments – Inconsistent or non-existent security policies & procedures – Disparate and incompatible security mechanisms

Fundamentals of Success Trusted Identities – Identity Management Addresses the inter-domain security problem with trust and standards Agreements, standards, technologies make identity and entitlements portable across autonomous domains An authenticated user can be easily recognized and take part in the services offered by other “federation” service providers Privilege Management

Addressing the Problem Nat’l Criminal Intelligence Sharing Plan (NCISP) Global Justice Information Sharing Initiative – Advisory Committee Membership/Leadership – Advisory Committee Executive Steering Committee – Working Groups Infrastructure Standards Security –Global Security Architecture Committee Intelligence Privacy and Information Quality

Committee Composition Criminal Information Sharing Alliance Network (CISAnet) Regional Information Sharing Systems Network (RISSNET) Justice Network (JNET) DHS Homeland Security Information Network (HSIN)/ Joint Regional Information Exchange System (JRIES) Automated Regional Justice Information System (ARJIS) California and Wisconsin Departments of Justice

Business Problem – Recognized networks and information systems exist that involve substantial investments in technology, governance structures, and trust relationships – Failure to enable interoperability between the available information systems continues impede law enforcement and government officials’ ability to take effective actions when they are not aware of other information that may be known about a person or event Global Security Architecture Committee (GSAC)

Scope – In response to the implementation of the National Criminal Intelligence Sharing Plan (NCISP) to develop an “overall” NCISP Interoperability Framework – To define of a set of “jointly agreed-upon and standards-based security mechanisms, communications protocols, and message formats” Global Security Architecture Committee (GSAC)

Initiatives Federated Identity and Privilege Management Security Interoperability Demonstration (GSAC) Trusted Credential Project (RISS) DHS Service Oriented Architecture – Security and Identity Management (IdM) Component (DHS)

“Demonstration” Scope – Develop and prove an identity and privilege management service that can be used to apply authentication and access controls by disparate systems and networks desiring to make their resources “sharable” Deliverable – Demonstrate a universal mechanism, implementation- independent and non-vendor specific, designed to share trusted assertions (agreed set of attributes) that can be used to apply authentication and access controls

Demonstration Scope What’s IN What’s OUT Policies Process definition Established baseline of vetting requirements User-to-application use case Web-based applications only Use open source, non- commercial software to keep licensing costs to a minimum

Participation Premise Participants retain control over their resources (dissemination & access control decisions made locally) Participants register and administer their subscriber base Participants can implement local technologies Participants agree to a minimal set of policies, procedures, and standards allowing for subscriber authentication and privilege information to be passed between participants Participation does not preclude independent, out-of- band, bilateral agreements between participants

Use Case User-to-Application Premise – User “A” of System “A” needs access to the application(s) of System “B” Problem – So… how do applications made accessible by System B identify, authenticate, authorize, entitle, and ultimately trust, users of System A?

Use Case Characteristics A valid subscriber of System “A” can access applications of System “B”; a federation participant A valid subscriber of System “B” can access applications of System “A”; a federation participant A subscriber is “registered” locally and is not required to re-register to another federation participant’s system or application

Characteristics, cont’d A subscriber authenticates locally and is not required to re-authenticate to another federation application – even if that subscriber has traversed multiple applications within the federation Subscriber information is passed to the federation system or application – access control decisions can be made without local provisioning

Goal/Objective A multi-directional electronic exchange of criminal intelligence information, achieved through secure systems interoperability between networks/ information systems currently not capable of doing so.

More Information… Christina Rogers CA Department of Justice (916)