1 / 19

Information Sharing Puzzle : Next Steps

Information Sharing Puzzle : Next Steps. Chris Rogers California Department of Justice April 28, 2005. Tactical Approaches. VPN / Trusted Certificates/Credentials Customized Gateways Vetted and agreed upon policies and procedures Information exchange model (IEM) XML credentials

kalea
Télécharger la présentation

Information Sharing Puzzle : Next Steps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005

  2. Tactical Approaches • VPN / Trusted Certificates/Credentials • Customized Gateways • Vetted and agreed upon policies and procedures • Information exchange model (IEM) • XML credentials • System-to-System use case • IVE appliance integrated with infrastructure • Identities propagated throughout network • Tools that delegate the assignment of privileges • Certificate Policy/Practice Statement • User-to-Application use case

  3. Acute Awareness • Primary Impediments to Information Sharing • Incompatible technologies • Identity, authentication, & authorization policies • Factors Affecting Interoperability • Numerous autonomous agencies • Multiple trust domains • Heterogeneous environments • Varied governance structures • Significant investment in legacy environments • Inconsistent or non-existent security policies & procedures • Disparate and incompatible security mechanisms

  4. Fundamentals of Success • Identity Management • Addresses the inter-domain security problem with trust and standards • Agreements, standards, technologies make identity and entitlements portable across autonomous domains • Authenticated users can be easily recognized and consume services offered by other “federation” service providers • Privilege Management

  5. Addressing the Problem • Nat’l Criminal Intelligence Sharing Plan (NCISP) • Global Justice Information Sharing Initiative • Advisory Committee Membership/Leadership • Advisory Committee Executive Steering Committee • Global Working Groups • Infrastructure Standards • Security • Global Security Architecture Committee • Intelligence • Privacy and Information Quality

  6. Committee Composition • Criminal Information Sharing Alliance Network (CISAnet) • Regional Information Sharing Systems Network (RISSNET) • Justice Network (JNET) • DHS Homeland Security Information Network (HSIN)/ Joint Regional Information Exchange System (JRIES) • Automated Regional Justice Information System (ARJIS) • California Departmentof Justice • Wisconsin Departmentof Justice

  7. Global Security Architecture Committee (GSAC) • Business Problem • Recognized networks and information systems exist that involve substantial investments in technology, governance structures, and trust relationships • Failure to enable interoperability between the available information systems continues impede law enforcement and government officials’ ability to take effective actions when they are not aware of other information that may be known about a person or event

  8. Global Security Architecture Committee (GSAC) • Committee Scope • In response to the implementation of the National Criminal Intelligence Sharing Plan (NCISP) to develop an “overall” NCISP Interoperability Framework • To define of a set of “jointly agreed-upon and standards-based security mechanisms, communications protocols, and message formats”

  9. Initiatives • Federated Identity and Privilege Management Security Interoperability Demonstration (GSAC participants) • Trusted Credential Project (RISS) • DHS Service Oriented Architecture • Security and Identity Management (IdM) Component (DHS)

  10. Demonstration Federated Identity and Privilege Management Security Interoperability

  11. Goal/Objective • A multi-directional electronic exchange of criminal intelligence information, achieved through secure systems interoperability between networks and information systems currently not capable of doing so

  12. Scope • Develop and prove an identity and privilege management service that can be used to apply authentication and access controls by disparate systems and networks desiring to make their resources “sharable”

  13. Scope (cont’d) What’s IN What’s OUT • Policies • Process definition • Established baseline • of vetting requirements • User-to-application • use case • Web-based • applications only • Use open source, non- • commercial software • to keep licensing • costs to a minimum

  14. Deliverable • Demonstrate a universal mechanism, implementation-independent and non-vendor specific, designed to share trusted assertions (agreed set of attributes) that can be used to apply authentication and access controls

  15. Use Case • A valid subscriber of System “A” can access applications of System “B” (a federation participant) • A valid subscriber of System “B” can access applications of System “A”; (a federation participant) • A subscriber is “registered” locally and is not required to re-register to another federation participant’s system or application

  16. Use Case (cont’d) • A subscriber authenticates locally and is not required to re-authenticate to another federation application • even if that subscriber has traversed multiple applications within the federation • Subscriber information is passed to the federation system or application • access control decisions can be made withoutlocal provisioning

  17. Participation Premise • Participants retain control over their resources (dissemination & access control decisions made locally) • Participants register & administer their subscriber base • Participants can implement local technologies • Participants agree to a minimal set of policies, procedures, and standards allowing for subscriber authentication and privilege information to be passed between participants • Participation does not preclude independent, out-of-band, bilateral agreements between participants

  18. Progress • Cooperative Agreements • Funding • Data Requirements Survey • Industry Specs • Recommendations/Common Usage Profile • Concept Demo • Coming soon…

  19. For more information… Christina Rogers California Department of Justice (916) 227-3124 Christina.Rogers@doj.ca.gov

More Related