UNCLASSIFIED 1 Authorization and Attribute Service Tiger Team (AATT) Update & Status January 13, 2008

Slides:

Advertisements

Similar presentations

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Advertisements

Provider Directory Services (PDS) March 12, 2015 Karen Hale, Senior Policy Analyst Office of Health Information Technology, Oregon Health Authority

UNCLASSIFIED 1 Enterprise Architecture Career Path Working Group Walt Okon Senior Architect Engineer Architecture & Infrastructure Directorate Office of.

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

Principles of Quality Architecture and Moving Forward Towards a Unified Common Approach 5 January 2012 Walt Okon Senior Architect Engineer Architecture.

Systems Engineering in a System of Systems Context

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

1 Universal Core Executive Briefing Paul Shaw COI Forum October 16, 2007.

Information Technology Audit

A Combat Support Agency Defense Information Systems Agency UNCLASSIFIED Program Executive Office GIG Enterprise Services (PEO-GES) 101 Briefing As of October.

Embedding Records Management into Agency Processes The FEA Records Management Profile Laurence Brewer, CRM National Archives and Records Administration.

Program Update ASMC Meeting May BMMP Mission “Transform business operations to achieve improved warfighter support while enabling financial accountability.

OE 3B Roles & Responsibilities New GSMP V15 26 th August 2009.

Functional Model Workstream 1: Functional Element Development.

Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.

National Preparedness All Hazards Consortium Corey Gruber Assistant Deputy Administrator, National Preparedness National Preparedness.

UNCLASSIFIED Joint and Coalition Warfighting Mr. John Vinett March 2012 Technical Baseline Capability.

9/15/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO Conclusions Version 1.2 DoD Net-Centric Data Strategy (DS) and Community of Interest (COI) Training.

Information Technology Architecture Group ITAG, version 2.0 We need resource commitments! February ITLC.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.

SAML, XACML & the Terrorism Information Sharing Environment “Interoperable Trust Networks” XML Community of Practice February 16, 2005 Martin Smith Program.

Geospatial Platform Update Migration of GOS to Data.gov Rob Dollison GOS Project Manager FGDC Metadata Summit 10/26/11.

Enterprise User Enabling Warfighter Capability

Roles and Responsibilities

December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

1 The Federal Shared Youth Vision Partnership A Federal Partnership between the Corporation for National community Service;

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Text. #ICANN49 Data & Metrics for Policy Making Working Group Thursday 27 March 2014 – 08:00.

JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.

ERA OneView Gateway to eRA. 2 Agenda Business Case Business Case Functional Case Functional Case Prototype Prototype Technical Case Technical Case Timeline.

ISA Setting the Standard for Automation ™ Automation Standards Compliance Institute ISA Security Compliance Institute (ISCI) Prepared by: Andre Ristaino,

FEA DRM Management Strategy Presented by : Mary McCaffery, US EPA.

CaGrid 2.0 Security Prototype 1. Goals Prototype some proposed security solutions – Ensure interoperability across programming models – Ensure interoperability.

EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.

Initial Operating Capability Task Force (IOCTF) Status Briefing September 21, 2008.

1 Geospatial Line of Business Update FGDC Coordination Group April 14, 2009.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Federal Geographic Data Committee Update Karen Siderelis, Acting Chair Ivan B. DeLoatch, Executive Director NGAC Meeting March 24, 2010.

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

Joint Concept Development and Experimentation (JCD&E)

Collaboration & Transformation Special Interest Group Information Sharing Committee Observations August 2011.

CCSSO Task Force Recommendations on Educator Preparation Idaho State Department of Education December 14, 2013 Webinar.

State of Georgia Release Management Training

U.S. Department of Agriculture eGovernment Program Smart Choice Pre-Select Phase Transition September 2002.

Funding of Regional Planning Organizations May, 2006.

NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.

3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid

ISWG / SIF / GEOSS OOSSIW - November, 2008 GEOSS “Interoperability” Steven F. Browdy (ISWG, SIF, SCC)

1 Industry Advisory Council’s Enterprise Architecture Shared Interest Group (IAC EA SIG) Collaborative Approach to Addressing Common Government- Industry.

NSF INCLUDES Inclusion Across the Nation of Learners of Underrepresented Discoverers in Engineering and Science AISL PI Meeting, March 1, 2016 Sylvia M.

Environment, Safety, and Occupational Health Opportunities in DoD Business Transformation May 4, 2006.

Status Report to the President under EO EPA ACTIONS 1 Executive Order: Improving Chemical Facility Safety & Security.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Mgt Project Portfolio Management and the PMO Module 8 - Fundamentals of the Program Management Office Dr. Alan C. Maltz Howe School of Technology.

Update from the Faster Payments Task Force

Program Executive Office GIG Enterprise Services (PEO-GES)

Universal Core Task Force Connecting People With Information

ONC P2 FHIR Ecosystem Task Force

UNLV Data Governance Executive Sponsors Meeting

About The Federal Data Architecture Subcommittee (DAS) 2008

Health Ingenuity Exchange - HingX

Guidance for Patient Interactions

IT Next – Transformation Program

Presentation transcript:

UNCLASSIFIED 1 Authorization and Attribute Service Tiger Team (AATT) Update & Status January 13, 2008

UNCLASSIFIED IC/DoD Authorization & Attribute Service Tiger Team (AATT) December 18, Established the IC/DoD AATT –DoD Co- Chair: Ms. Myra Powell –IC Co- Chair: Ms. Amy Reiss Purpose: –Implement Authorization and Attribute Services across the IC & DoD as part of a dynamic information sharing environment that delivers timely information to authorized users Objective: –Provide Operational user/resource owners the ability to control information sharing Result: Users gain appropriate access to mission critical & business information without manual pre-registration processes –Identify common interfaces and service specifications that can be used to deploy common authorization and attribute capabilities across the IC & DoD environments Unified security services enabling agile information sharing and collaboration for SIE and GIG 2

UNCLASSIFIED 3 Why Authorization and Attribute Services Attribute Based Access Control can enable: –Dynamic service and data discovery* and access –Unanticipated (but authorized) access to critical information –Resource owners can provide services and data to larger community –Dynamic, agile security posture (policy) change to meet mission tempo

UNCLASSIFIED 4 Access Control Information is virtually ‘trapped’ within systems that require account creation, or addition to a list. Manual process to add EACH user to EACH resource Resource 1 Resource 2 Millions of Users Today Future Attributes … Policy Domain Access List Add EACH User to List Administrator Resource 1 Resource 1 Owner Manual Request Access Request Access Add EACH User Account Resource 2 Manual Single User Users gain access seamlessly- no pre-registration, no delay … … while the services and data remain secure & protected!

UNCLASSIFIED 5 IC/DOD AATT Deliverable Status Each deliverable is being developed by a subgroup of the AATT. Each deliverable team is comprised with both IC and DOD membership. Each deliverable team is co-led by an IC and a DOD representative. Present day all deliverable teams have been established and have completed or are nearly finished.

UNCLASSIFIED 6 AATT Major Contributions Technical –AATT CONOP –AATT Interface Specification –AATT Authoritative Source and Attribute Service Guidelines –ABAC Pilot Workshop & Pilot alignment Policy –Recommendations regarding Authorization and Attribute Policy that need to be developed. Governance –AATT identified the need for ongoing Governance to ensure Compliance with the AATT CONOP Compliance with the AATT Interface Specification Availability of timely, accurate authorization attributes Maintenance of authorization attribute definitions & acceptable values AATT Deliverables provide significant contribution toward the implementation of secure, agile information sharing

UNCLASSIFIED 7 AATT Proposed On-going Tasks Establish Authorization and Attribute Service Working Group –The Phase I set of AATT deliverables is just the beginning for building ABAC solutions. More work is needed in support of IdAM and ESM. –Authorization Attribute Governance Committee – Process to add and maintain attributes list – Monitor Authoritative Sources – Facilitate Community Service Level Agreements –Additional SAML Profile Work Presently leveraging only Attribute Assertions Today: 80% Attribute Service - 20% Authorization Service Follow-on: 20% Attribute Service - 80% Authorization Service – Expand the AATT WG membership – Identify pilot opportunities that include DoD, IC, Coalition and other Federal efforts. – Address Advanced Dynamic Policy Capabilities Address Policy (access rule) tools, portability, hierarchy – Address Attributes for Non Person Entities Users, Systems, Data, Environment, Situation

UNCLASSIFIED Resources Deliverables are available via the following: High Wiki – _and_Attribute_Servies_Tiger_Teamhttp:// _and_Attribute_Servies_Tiger_Team Low Wiki – _Attribute_Tiger_Teamhttp:// _Attribute_Tiger_Team DKO AATT Group – 8

UNCLASSIFIED Point of Contact ABAC Lead Martin Costellic,NII/DoD- CIO

UNCLASSIFIED 10 Discussion and Questions

UNCLASSIFIED 11 Build on the AATT Foundation Recommended Policy & Governance Deliverable Set –AATT Policy Recommendations. Develop the authorization and attribute service IC and DoD policies recommended in the AATT Policy Recommendation paper. –Advanced Policy Recommendations. Develop policies based on lessons learned from pilots and operational deployment. –Governance. Establish governance arm to maintain the defined Authorization Attribute Set and report to the DoD and IC Governance bodies. Example Governance topic: Assess and Approve Changes to the Attributes or Attribute Values, based on need for a new attribute, or change to a referenced attribute set. –E.g. OMB Organization Names.

UNCLASSIFIED 12 Build on the AATT Foundation Recommended Technical Deliverable Set –Policy (access rules) Development. Provide guidance and examples for the development of policies (access rules). –Develop Solutions for Broad set of Partners. Adapt existing AATT solutions and/or develop solutions to provide authorization and attribute services for broader set of partners. –Develop detailed Profile Definition with Industry. Further definition of standard profiles for the AATT Interface Specification, to ensure interoperability between DoD and IC implementations, as well as profiles for additional partners. –Standards Assessment and Recommendation. Assess emerging standards for applicability and possible adoption by the DoD and IC, to include industry adoption of standards. –Investigate Emerging Standards and Solutions. Assess the utility of secure token service that combines authentication & authorization for the IC & DoD. –Pilot alignment. Continue work to align pilot activities.

UNCLASSIFIED Recommended Attributes No.Friendly Name JWICSSIPRNETNIPRNET Baseline Future FY Baseline Future FY Baseline Future FY CitizenshipStatus (Single)XX 2.CountryofCitizenship (Single)XXX 3.Clearance (Single)XXX 4.Cleared* (Single)X 5.SCIControls (Multi)XX 6.DistinguishedName (Single)XXX 7.OrganizationName (Single)XXX 8.UniqueIdentifier (Single)XXX 10.POA (Multi)XXX 11.FASC-N (Single)XX 12.PayGrade (Single)XX 13.PayPlan (Single)XX 14.DutyOccupationalCode (Single)XX 15.PrimaryOccupationalCode (Single)XX *Attributes may be available for use prior to the FY timeframe. 9.EmployeeType (Multi)XXX 13