1 / 8

DoD & IC Authorization and Attribute Services

DoD & IC Authorization and Attribute Services. Office of the DoD CIO 16 October 2007. Discussion Items. Authorization and Attribute Services Why Implement Authorization and Attribute Services Authorization and Attribute Service Example

prisca
Download Presentation

DoD & IC Authorization and Attribute Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DoD & IC Authorization and Attribute Services Office of the DoD CIO 16 October 2007 Connecting People With Information

  2. Discussion Items • Authorization and Attribute Services • Why Implement Authorization and Attribute Services • Authorization and Attribute Service Example • DOD/IC Joint Authorization and Attribute Services Tiger Team • How Can You Help? Connecting People With Information

  3. Authorization and Attribute Services • Current Scenario: • Data and Resource Owners ‘decide’ who gets access to data and resources • Authorized users are added to a list, or an account is created • Problem: • Users experience delay in gaining access, due to manual processes • Solution: • Authorization and Attribute Services are needed to allow the broadest information sharing • Automate the access decision • Create rules using attributes to determine if a user should gain access • Example: A user with Citizenship = UK and Position = Commander can access the National Threat Report Connecting People With Information

  4. Why Implement Authorization and Attribute Services ? • Users need to discover and access information without pre-registration • Users move among locations/organizations/ job functions, causing heavy account management burden • Need to share sensitive information across an inter-enterprise, multi-discipline environment • Conditions change rapidly, access management must be agile • There is a need to keep non-essential users out of critical data & services • There is a need to expand option space for making authorization decisions (e.g. citizenship, clearance, mission function, threat-level, multiple COIs) Connecting People With Information

  5. Access is based on policy (access rules) that use attributes • Access Rules determine whether a subject with attributes (x1,x2) can access a resource • Allows sharing with “unanticipated” users (no pre-defined list, or user account/registration) Rules Authorization and Attribute Service Example EnforcementPoint YES Subject NO X Resource Yes/NoDecision AuthorizationDecision AttributeService Policy Store Can user with attributes “Citizenship = UK” and “Position = Commander” access “National Threat Report” Update the access rulesnot accounts & lists Connecting People With Information

  6. Joint DoD and IC Authorization and Attribute Service Tiger Team BLUF: Both DoD CIO & DNI CIO recognize there is a compelling need to align authorization and attribute service efforts • To Achieve efficiencies in expediting compatible Authorization and Attribute Services for JWICS, SIPRNet and NIPRNet • The DNI CIO & DoD CIO respective communities are joining efforts to work Authorization & Attribute Services • Draft MOA being coordinated • Combining the efforts of two existing groups • DoD Attribute Based Access Control (ABAC) WG • DNI Authorization & Attribute Services Tiger Team Connecting People With Information

  7. DoD & IC Authorization & Attribute Services Tiger Team • Objectives: • Collect/Share issues, lessons learned, and best practices • Identify solutions to resolve common and high-priority issues • Define compatible DOD/IC interface specifications/policies • Establish the basic and extended set of enterprise attributes • Facilitate pilot and exercise opportunities • Present solutions to IC Information Sharing Steering Committee and DOD/IC Engineering Review Board (ERB) and Senior Executive Steering Group Connecting People With Information

  8. How Can You Help? • Incorporate Authorization & Attribute Services into future COI pilots / exercises • Identify attributes & policies (rules) needed to allow information sharing among unanticipated users: • US DoD and IC Organizations and Components • International Organizations • Coalitions • Alliances • N-Laterals • National, Regional, Local partners • Join the DoD/IC Authorization and Attribute Service Tiger Team Bottomline: Converging ABAC activities will provide synergy for increased information sharing and service delivery through common and/or interoperable systems. Connecting People With Information

More Related