Presentation is loading. Please wait.

Presentation is loading. Please wait.

Direct Project Direct + Policy Enablement. 12/06/10 Overview Policy Role In Direct Policy Enablement Security and Trust Support Architecture Tool Demo.

Published byLewis Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "Direct Project Direct + Policy Enablement. 12/06/10 Overview Policy Role In Direct Policy Enablement Security and Trust Support Architecture Tool Demo."— Presentation transcript:

1 Direct Project Direct + Policy Enablement

2 12/06/10 Overview Policy Role In Direct Policy Enablement Security and Trust Support Architecture Tool Demo

3 12/06/10 Policy Role In Direct Scalable Trust Philosophy for enabling Direct exchange between a large number of endpoints Policy first class citizen in scalable trust Mitigates policy variance Proposed Policy Requirements Federal Community Requirements Governance Trust Bundles Technical solution to scalable trust Bundle profiles define policy requirements Only define and attest policy compliance Can not assert and enforce policy Bundles alone are not enough

4 12/06/10 Policy Enablement Facilitate Policy Decisions at Runtime Systemic assertion of policy profile compliance Direct 2.0 vs Policy Enablement 2.0 may imply specification changes Potential compatibility issues Policy enablement requires no specification changes Optional module Backward compatible at transport

5 12/06/10 Security and Trust Support Modular Components Encryption Signature Cert Discovery Trust Chaining Current Policy Ability Simple binary trust decision based on certificate chain validation

6 12/06/10 Security and Trust Support Current State – Outgoing Message Certificate Store Dual Use Certificates Private Resolver All non-expired All non-revoked Public Resolver All non-expired All non-revoked Trust Chain to trust anchor

7 12/06/10 Security and Trust Support Current State – Incoming Message Certificate Store Dual Use Certificates Private Resolver All non-expired All non-revoked Verification Message integrity Trust Chain to trust anchor

8 12/06/10 Security and Trust Support Optional Policy Enablement Module Policy implemented as filters Injected into security and trust process Private Certificate Resolution Public Certificate Resolution Trust Chain Validation Configurable Granularity Message Direction Message Source Message Destination Circles of Trust Can be applied to DNS or LDAP hosting Defined Policy Best Practices

9 12/06/10 Security and Trust Support Policy Enabled State – Outgoing Message Certificate Store Dual Use or Single Use Certificates Private Resolver All non-expired All non-revoked Public Resolver All non-expired All non-revoked Trust Chain to trust anchor Policy Filter Filter certs that meet configured criteria

10 12/06/10 Security and Trust Support Policy Enabled State – Incoming Message Certificate Store Dual Use or Single Use Certificates Private Resolver All non-expired All non-revoked Public Resolver All non-expired All non-revoked Verification Message integrity Policy Filter Filter certs that meet configured criteria

11 Policy Engine Policy Engine (direct-policy.jar) Policy defined in lexicon specific language Definition + X509 Certificate processed by engine Engine evaluates boolean value to indicate certificate compliance with policy Policy filter equates to policy engine process in security and trust agent 12/06/10 Architecture Intermediate State Policy Definition Lexicon Parser Compiler Opcodes Executor Boolean Decision X509 Cert

12 12/06/10 Policy Engine Use Cases Build Policy Definitions Tooling to build definition file Policy filters in security and trust agent Out of band policy validation Trust bundle profile validation for anchors End entity certificate validation to CP or CPS

13 12/06/10 Release Schedule Q2 2013 Policy Engine Security and Trust Agent Configuration Service Command Line Import and Configuration of Definitions Gateway Policy Validator Summer/Early Fall 2013 Visual Policy Builders Config-UI integration Java RI 3.0 to include Q2 2013 release components

14 12/06/10 For More Information Direct + Policy Proposal: http://wiki.directproject.org/file/detail/Direct+%2B+Policy+Enablement.docxhttp://wiki.directproject.org/file/detail/Direct+%2B+Policy+Enablement.docx Scalable Trust Forum: http://wiki.directproject.org/Direct+Scalable+Trust+Forumhttp://wiki.directproject.org/Direct+Scalable+Trust+Forum Scalable Trust Summary: http://www.healthit.gov/sites/default/files/direct-scalable-trust-forum- summary-of-findings-report.pdfhttp://www.healthit.gov/sites/default/files/direct-scalable-trust-forum- summary-of-findings-report.pdf Direct Trust Bundle Workgroup: http://wiki.directproject.org/Trust+Bundle+Sub+Work+Grouphttp://wiki.directproject.org/Trust+Bundle+Sub+Work+Group Scalable Trust Story: https://secure.bluebuttontrust.orghttps://secure.bluebuttontrust.org

15 12/06/10 Policy Validation Tool Demo DEMO!!

Download ppt "Direct Project Direct + Policy Enablement. 12/06/10 Overview Policy Role In Direct Policy Enablement Security and Trust Support Architecture Tool Demo."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
2 Introduction A central issue in supporting interoperability is achieving type compatibility. Type compatibility allows (a) entities developed by various.

2 Introduction A central issue in supporting interoperability is achieving type compatibility. Type compatibility allows (a) entities developed by various.
LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (http://lead.ou.edu)

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.

Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.

S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.
Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.

Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.

Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.
Applying the ISO RM-ODP Standard in e-Government B. Meneklis 1, A. Kaliontzoglou 2,3, D. Polemi 1, C. Douligeris 1 1 University of Piraeus, Department.

Applying the ISO RM-ODP Standard in e-Government B. Meneklis 1, A. Kaliontzoglou 2,3, D. Polemi 1, C. Douligeris 1 1 University of Piraeus, Department.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
S&I Framework Doug Fridsma, MD, PhD Director, Office of Standards and Interoperability, ONC Fall 2011 Face-to-Face.

S&I Framework Doug Fridsma, MD, PhD Director, Office of Standards and Interoperability, ONC Fall 2011 Face-to-Face.
Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.
Jason Morrill NCOAUG Training Day February, 2008

Jason Morrill NCOAUG Training Day February, 2008
Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.

Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ESB Guidance 2.0 Kevin Gock

ESB Guidance 2.0 Kevin Gock
Cross Vendor Exchange Testing and Certification Plans April 18, 2013.

Cross Vendor Exchange Testing and Certification Plans April 18, 2013.

Similar presentations

Ads by Google