research and development: innovative - identity …...exchange profile presenter’s name june 17,...
TRANSCRIPT
Research and Development: Innovative – Identity and Access Management
Attribute Based Access Control
Operationalizing the Backend Attribute Exchange profile
Presenter’s Name June 17, 2003 2
S&T Identity Management Testbed
Presenter’s Name June 17, 2003
Attribute Exchange for Access Control
Presenter’s Name June 17, 2003
BAE Profile
SAML v2 Governance Processes
BAE Broker Agency B
Federal BAE CA
Metadata Distribution
Service
BAE Broker Agency A
BAE Broker Agency C
BAE Broker Agency D
BAE Broker Agency E
BAE Broker Agency F
Attribute Service Org E-1
Attribute Service Org C-1
Federated Attribute Exchange
4
Presenter’s Name June 17, 2003 5
Local and State Participants Colorado Maryland Virginia District of Columbia Missouri Southwest Texas Pennsylvania Chester County, PA Pittsburgh, PA West Virginia Hawaii Rhode Island Nevada
Technology Transition Working Group
PIV-I/FRAC Technology Transition Working Group (TTWG) Public Safety/Emergency
Response Security Federated Identity for First
Responders National standard,
Interoperable, and trusted ID credential
One voice from the TTWG to policy makers Sharing lessons learned Provide innovative, Cost-
effective solutions
Presenter’s Name June 17, 2003
SPML Read-Only Profile
Web Service Handheld
F/ERO Repository
Credential
SPML Read-Only Request
SPML Read-Only Response
Chester County - PA DHS S&T IdM Testbed
NO COMMUNICATIIONS
1. DHS, FEMA (PIV) 2. DOD (CAC) 3. Chester Co PA (PIV-I)
F/ERO Entitlements Authoritative Source
Field Station
Unique F/ERO Identifier
Incident Scene Access Provisioning Pilot
PIV: Personal Identity Verification PIV-I: PIV– Interoperability CAC: Common Access Card OASIS: Organization for the Advancement of Structured Information Standards F/ERO: Federal/Emergency Response Official SPML: Service Provisioning Markup Language
6
Presenter’s Name June 17, 2003
End-to-End Attribute Exchange Using Standards
Agency 1 Authoritative
Source
Agency 2 Authoritative
Source
Agency 3 Authoritative
Source
F/ERO Repository (Attributes)
SPML Service SPML
Gateway
Local Workstation Handheld
Tablet
Smartphone
SAML Service
SPML Read-Only
Profile Web
Service
SPML Create, Read,
Update, Delete Profile
7
Presenter’s Name June 17, 2003
Verification using Smart Phone
Samsung Galaxy Nexus smartphone Apps screen
“Give me a list of all Users with Attribute X, Y, and Z” “Give me all the
Emergency Support Function (ESF) attributes of User X” “Give me all authorized
users for the incident”
Presenter’s Name June 17, 2003
S&T Identity Management Testbed - Flow Components
9
F/ERO Repository
Protocol WS
WS-Security
Radiant Logic
Layer 7
Axiomatics
Presenter’s Name June 17, 2003 10 10
Attributes
Permit or Deny
Presenter’s Name June 17, 2003
Cyber-Physical Convergence
11
Platform collects sensor data from various sources Platform provides interoperability between the
reader/control and logical policy decision based on standard (XACML)
Presenter’s Name June 17, 2003
BAE and GFIPM interoperability
12
Presenter’s Name June 17, 2003
BAE introduced in Cyber Defense Competition
13
Educating our upcoming workforce on defensive skills in cyberspace
Providing real-world, hands-on experience
Educating students in securing network infrastructures
Inserted the Backend Attribute Exchange and learned some real world lessons
Presenter’s Name June 17, 2003
Resources
14
Websites http://www.ahcusa.org/PIV-I%20TTWG.htm https://www.cyber.st.dhs.gov/idmdp.html http://www.idmanagement.gov/documents/BAE_v2_Ov
erview_Document_Final_v1.0.0.pdf
Contact Information
Karyn Higa-Smith DHS Science and Technology Directorate Cyber Security Division Identity Management Research Program Manager Homeland Security Advanced Research Projects Agency [email protected] 202.254.5335
15