june 2013 newsletter - transglobal secure collaboration program

June 2013 • Volume 2 : Issue 2

TSCP Monthly Newsletter

In this Issue: ECWG Update

TSCP News

Upcoming Events

Recent Deliverables

Committee Updates

WG and Project Updates

March BW Presentations

TSCP Meeting Schedule

TSCP Members List

Contact TSCPTransglobal Secure

Collaboration Participation8000 Towers Crescent Drive

Suite 1350 Vienna, VA 22182

Phone: 703.760.7898Fax: 703.760.7899

[email protected]

1

Export Control Working Group (ECWG) Completes Series of DeliverablesBy Julie Sandercock, ECWG Chairperson

Martijn Postma, NL MOD, took on the effort to collect any additional or differing requirements in the French Export Regime with the assistance of Export subject matter expert (SME), Arnaud Idiart of EADS. These requirements are now complete and were added to the consolidated requirements document, which is now completed as the final deliverable for this working group.

The TSCP ECWG was formed in 2010 to begin work on an ITAR review capturing requirements to ensure Export Controlled information would be protected appropriately in a collaborative environment leveraging TSCP specifications. After completing the ITAR requirements document, the team went on to capture requirements for US dual use export policy. In 2011, European teams were formed and over the next few years, requirements documents were completed for UK military, Netherlands military, French military, and European dual use export policy.

Martijn Postma subsequently worked to consolidate all of the require-ments into a single document and the final version was reviewed by the Export SMEs and the Architecture Committee. The document will be published to the TSCP website after an editorial review is completed.

As TSCP projects incorporate these requirements into their specifica-tions, the SMEs will remain available to provide feedback on testing and demos within various project teams, such as Information Labeling and Handling (ILH). The ILH team plans to incorporate some complex export scenarios in demos later this year.

mailto:news%40tscp.org?subject=

http://www.tscp.org

2

Please join with me to thank the many Export Subject Matter Experts who worked so dili-gently on these requirements. The work has been extremely valuable to TSCP and the future success of its specifications to ensure a higher level of secure collaboration among major A&D companies and governments.

ECWG Continued...

US Team

Ken Burton (Export SME Lead), The Boeing Company

Rob Sherwood (Technical Lead), Exostar

Joyce Counts, Booz|Allen|Hamilton/Air Force

Cheryl Holt, DRS Technologies, Inc/Finmec-canica

Heather Sears, DRS Technologies, Inc/Fin-meccanica

Brian Emmet, Lockheed Martin Space Sys-tems Company

David Sizmur, Lockheed Martin Space Sys-tems Company

Doug Ingram, Lockheed Martin Space Sys-tems Company

Barry Sidebottom, Raytheon

Michael Hoffman, The Boeing Company

European Team

Martijn Postma (Technical Lead), NL MOD

Sylvia Coburg (Export SME Lead), The Boeing Company (UK)

David Townsley, BAE Systems (UK)

Richard Skedd, BAE Systems (UK)

Sue Tooze, BAE Systems (UK)

Nigel Griffin, DRS Technologies, Inc/Fin-meccanica (UK)

Alexander Groba, EADS (GER)

Arnaud Idiart, EADS (FR)

Rene Wiegers, NLR (NL)

Hetty Raaijmakers, NLR (NL)

Laura Verdijk, NL MOD

Bart van Lent, NL MOD

Michael Frackiewicz, Northrop Grumman (UK)

The ECWG’s next focus area is being discussed. The implications of export controls in cloud environments are not well understood today and regulatory agencies have provided lim-ited guidance. As cloud based services become more popular, standards and guidance for handling export control information will be needed. The ECWG is investigating the current efforts underway in this space and is planning a path forward.

3

TSCP News

TSCP Submits Proposal for NSTIC FFOThe National Strategy for Trusted Identi-ties in Cyberspace (NSTIC) Federal Fund-ing Opportunity (FFO) Pilots Cooperative Agreement Program announced their FFO (number 2013-NIST-NSTIC-01) in January 2013. In March, TSCP submitted an ab-stract and was down selected to submit a full proposal. TSCP developed and submit-ted a full proposal in May. Review of pro-posals, selection of applicants, and awards processing is expected to be completed in August 2013. The earliest anticipated start date for awards is September 1, 2013.

TSCP Bridge ServiceTSCP submitted a preliminary application to the Federal Public Key Infrastructure Policy Management Authority to stand up a bridge service allowing participants to cross-certify to the Federal Bridge. The preliminary application was accepted with acknowledgement of a completed applica-tion to be expected later this year. TSCP expects the bridge service to be opera-tional and ready for new participants late in 2013. Work to create the certificate policy and certificate authority is well un-derway.

TSCP Trust Framework for Sup-ply Chain ManagementA large focus of the TSCP March Business Week, which saw the introduction of the Trust Framework for Supply Chain Working Group, as well as a large focus for TSCP in 2013 overall, is the creation of a trust framework for supply chain management. Using TSCP’s expertise in authentication and authorization, TSCP seeks to cre-ate, or facilitate the creation of, a supply chain trust framework that uses afford-able credentials and has a tie to common law. Though the road ahead is long, and TSCP’s specific role in the creation of the framework is still being explored, TSCP is in the preliminary stages of becoming a trust framework provider.

TSCP Office 365 WorkAt the TSCP March Business Week, both the Lockheed Martin and TSCP labs dem-onstrated the ability to use lab issued credentials to access the TSCP Office 365 SharePoint site. Currently, only a test Of-fice 365 SharePoint site is active, with no live TSCP data. Boeing, Northrop Grum-man, and BAE Systems are all working towards conducting similar tests with the TSCP Office 365 SharePoint site. Follow-ing the Business Week, a deep dive of the implementation details were reviewed with the TSCP Architecture Committee. Sub-sequently, TSCP has made the decision to move its SharePoint hosting to Office 365 to allow organizations to use their existing credentials to access the TSCP SharePoint site. A transition plan is being developed. TSCP members also continue to provide direct feedback to product development teams on features and capabilities that would enable expanded use of the Office 365 cloud environment as a viable alter-native to existing on-premise services.

4

TSCP November Conference and Executive GalaSave the date for this for this conference and gala scheduled for November 12-15. November 12 and 13 will feature internal Member meetings at the Lockheed Martin Global Vision Center with a special gala to be held on the evening of the 12th at the Steven F. Udvar-Hazy Center National Air and Space Museum located at Washing-ton Dulles International Airport in Fairfax, Virginia. The gala is by invitation only for Company and Government Executives. November 14 and 15 will feature a full conference with industry leading presenta-tions. The conference will be open to TSCP Members and the public alike and will be held at the Hyatt Regency Crystal City.

NextLabs WebinarSecure Collaboration with ERP for the A&D Supply Chain

Join SAP and TSCP members NextLabs and Lockheed Martin for this webinar to learn more about the challenges of secure collaboration across global supply chains in the face of global ERP consolidation, the foundational technologies required to securely collaborate on a global shared platform, and the solutions available to accelerate global ERP consolidation and enable supply chain collaboration while improving supply chain security.

This webinar is intended for SAP solution managers, compliance, security, and IT professionals.

It takes place on Wednesday, June 19 at 10:00 a.m. PST / 1:00 p.m. EST.

Click here to register now, and click here to learn more about the speakers: David Smith, IT Program Manager, Lockheed Martin; Magnus Bjorendahl, VP A&D Global Industry Business Unit, SAP; and E.K. Koh, VP, Solution Management, NextLabs.

Identity Federation Assertion Profile v.1.3.This document establishes an identity federation Security Assertion Mark-up Language (SAML) attributes profile for the Aerospace and Defense (A&D) industry. The goal of this document is to Identify a limited set of attributes (definitions and syntax) required to facilitate interoperabil-ity between Identity Providers (IdP) and Relying Parties (RP) and allow for equiva-lent attribute data to be passed via either the SAML 1.1 or SAML 2.0 tokens while leaving protocol selection to the deploying organizations.

Identity Federation Common Operating RulesThis document describes the Common Op-erating Rules (COR) that pertain to orga-nizations that desire to use identity fed-eration technologies to collaborate across participating organizations in a secure and interoperable manner.

Upcoming Events Recent Deliverables

http://www.nextlabs.com/html/%3Fq%3Dwebinar-request-june-19-2013-web-request-secure-collaboration-with-erp-ad-supply-chain%23Bottom

http://www.nextlabs.com/html/%3Fq%3Dabout-speakers-june-19-2013-webinar

5

TSCP Comments on NIST 800-162TSCP’s comments in response to NIST 800-162 -Guide to Attribute Based Access

Control (ABAC) Definition and Consider-ations (Draft). TSCP hopes these com-ments can assist in improving the docu-ment, and we remains open to any follow up dialogues desired to further clarify the comments. TSCP currently has work in progress developing and implementing ABAC for its community, and would be happy to share demonstrations and les-sons learned with NIST.

ILH DCIP RequirementsIn this document, TSCP ILH aims to pro-vide organizations with means to protect information in accordance to all applicable protection policies, and on all types of ap-plications required for collaboration.

Simplifying Supply Chain Cre-dentials WhitepaperThe variety of credentials being pursued across the industry is leading to unneces-sary complexity for suppliers. While it is unlikely that any company will change its current course, this paper seeks to sim-plify supply chain credentialing through two objectives: agreement among A&D companies on common definitions for levels of proofing and credential strength, and agreement among A&D companies to accept each other’s suppliers’ credentials when the credentials meet agreed upon minimums.

Mapping of Key TermsMapping of Common Trust Framework Terms Across Identity Ecosystems briefly maps FICAM definitions across FICAM TFP / NIST 800-63-2, TSCP COR, and Kantara identity ecosystems.

Common Operating Rules to TFPAP Map-ping provides a brief look at mapping as-sertions trust criteria to COR requirements based on the assurance level (1-3).

Architecture Committee (AC)

Recently, the AC supported numerous ac-tivities. The committee has been engaged in developing the architecture to address the elements and services needed to sup-port the operation of federated authenti-cation and authorisation in a trust frame-work environment. A whitepaper entitled Simplifying Supply Chain Credentials was completed and delivered to the Trusted Supply Chain Working Group. Addition-ally, the AC has an ongoing dialogue with the Leadership Advisory Group to jointly develop, prioritize, and update the TSCP Roadmap. TSCP AC members have also been actively engaged with the Trusted Computing Group to assist in the develop-ment of a Machine Identity Framework. In a joint session with the Export Control working group, the Export Consolidated Requirements document was reviewed.

The AC also engaged in several activi-ties related to attributes and attribute management. With support from the ILH team, the AC reviewed and provided comments on the NIST 800-162 Guide to Attribute Based Access Control (ABAC) Definition and Considerations (Draft). The team received a silver member demon-stration from ID/Dataweb, which prompt-ed a follow up discussion on the role of attributes, and the framework for defining, locating, and retrieving attributes. The AC is actively reviewing and providing feed-back on the FICAM Attribute Management Roadmap.

Recent Deliverables Continued... Committee Updates

6

Working Group and Project Updates

International Policy Working Group (IPWG)Final updates are being made to the re-quirements document, inclusive of process flows. Once the requirements document is completed, the Architects will review the document and a gap analysis will be com-pleted for ILH to ensure all the require-ments have been captured accurately in the specifications.

Identity Labeling and Handlingv.1+ (ILHv.1+)ILH is now focusing on testing and imple-mentation, rather than further advancing the Business Authorization Framework (BAF) and Business Authorization Identifi-cation and Labeling Scheme (BAILS). ILH participants are working on testing in their labs with the goal to demo the capabil-ity at the November Business Week and Tradeshow.

A sub team will continue to work on an ILH XACML profile with the assistance of John Tolbert, The Boeing Company, who is the liaison to OASIS. This is an important step to standardize the use of TSCP BAF. AIA/ASD endorsement of the BAILS also remains a priority with Howard Mason,

EADS, assisting as the liaison to AIA/ASD.

At the March Business Week, Axiomatics presented a demonstrated an alternative approach to Attribute Based Access Con-trol (ABAC) in SharePoint, and Syneren Technologies Corp. presented a demo of a working prototype called ePolicyManager. This tool is web server based and imple-mented to satisfy the industry standard protocol for information sharing, namely the TSCP BAF. The tool can be of great immediate use to the System owners, Enterprise level Legal departments, policy owners, export control authorities and others. The tool allows the end-user to create, modify, validate BAF XML files, generate XACML files, integrate with En-terprise Active Directory and Mail Services and store BAF files in a central database.

Identity Federation v.2 (IdFv.2)The IdFv.2 team is working to develop and demonstrate a provisioning profile using the IETF SCIM schema as a starting point for provisioning objects and extending it to meet A&D specific requirements. The team is working on the test book and has started testing between Platinum member and TSCP labs. The goal is to demon-strate the profile using existing tools by the end of Q2, while continuing to engage with the SCIM IETF working group and COTS providers.

Trusted Supply Chain Working GroupThe charter for the working group was ap-proved by the Leadership Advisory Group (LAG) in March, and the team then met at the Spring Business Week to discuss how it can better leverage supplier relation-ships within AIA/ASD to ensure the per-spective of the smaller supplier companies is considered when developing solutions to issues the team would like to address.

Don Davidson, DoD CIO, joined the weekly meeting to share about similar supply chain related efforts within the government and private sector to increase awareness and help ensure synergy be-

7

Working Group and Project Updates

tween groups working in this space. He will continue to keep the team updated on an ongoing basis.

Dave Coxe, ID/DataWeb, shared at a re-cent meeting about his work in NSTIC pi-lots to help identify any synergy between that work and the goals of this working group. At a future meeting, he will go into more detail on what was involved setting up the Trust Framework elements and lessons learned to assist this group with similar work in the near future.

The team is now working on an abstract to help better inform executives and other members of TSCP of the goals and impor-tance of the team, and work is also start-ing with the objective to simplify supply chain credentials. This effort will require a technical and legal tiger team working to ensure each company can trust one another’s credentials based on agreed upon minimum levels of assurance. A legal team will be tasked with developing an enterprise level federation legal agree-ment which all companies agree to and which can be leveraged by current and future contracts. The working group also developed briefing decks which could be used to help CISOs and Legal/Contracts persons better understand the objectives and importance of this activity.

If you haven’t had a chance to view presen-tations from the recent TSCP March Busi-ness Week, click here to see a number of excellent speakers and topics, such as:

Paul Grant, DoD Relying Party Position Pa-per

W. Douglas Maughan, DHS Cybersecurity R&D Overview

Chi Hickey, Federal Government Mobility and Digital Strategy

Deborah Gallagher, Federal Identity Creden-tial and Access Management (FICAM) and Federal Cloud Credential Exchange

Iana Bohmer, 2012 Executive Interviews

Mr. Michael Howell, National Strategy for Information Sharing and Safeguards

Dennis Taylor, NASA New Member Update

Thomas J. Smedinghoff, A Legal Perspective on Designing a Trust Framework Ecosystem

Trevor Freeman, Plasma, A Next General Technology for Information Asset Protection

Michael Farnsworth, Identity: A State Per-spective

Paul Blanchard, Cross-Sector Digital Iden-tity Initiative (NIST Award Number: 70NAN-B12D297)

Kate Zakharova, Syneren Technologies Corp., ePolicyManager Demonstration

Gerry Gebel, Axiomatics Americas, Applying an Alternative Approach to ABAC in Share-Point

March Business Week Presentations Available!

http://www.tscp.org/index.php/spring-2013-business-week-videos

8

To access the TSCP Master Calendar in SharePoint, click here.

Monday Tuesday Wednesday Thursday Friday

3 4 5 6 78:00 AMGovernment Alignment Group8:00 AMTSCP Project Techni-cal Lead Coordination11:00 AMInformation Labeling and Handling (ILH)

11:00 AMSE v.1 Platinum and Government Lead Deployment Discus-sion

10:00 AMArchitecture Com-mittee Meeting

11:00 AMTSCP IdFv.2 Weekly Meeting

No meetings are held on Fridays.

10 11 12 13 148:00 AMTSCP Project Techni-cal Lead Coordination11:00 AMInformation Labeling and Handling (ILH)

11:00 AMTSCP Intellectual Property Working Group (IPWG) bi-weekly meeting







11:00 AMTSCP IdFv.2 Weekly Meeting11:00 AMLeadership Advisory Group







1 2 3 4 58:00 AMGovernment Alignment Group8:00 AMTSCP Project Techni-cal Lead Coordination Meeting11:00 AMInformation Labeling and Handling (ILH)





TSCP Meeting Schedule for June

https://tscp.sharesrvr.com/Lists/Calendar/calendar.aspx

9

Monday Tuesday Wednesday Thursday Friday

1 2 3 4 58:00 AMGovernment Alignment Group8:00 AMTSCP Project Techni-cal Lead Coordination Meeting11:00 AMInformation Labeling and Handling (ILH)













11:00 AMTSCP IdFv.2 Weekly Meeting11:00 AMLeadership Advisory Group












TSCP Meeting Schedule for July

10

Platinum Members

BAE SystemsContact: [email protected]

Lockheed MartinContact: [email protected]

BoeingContact: [email protected]

U.S. Department of DefenseContact: [email protected]

Netherlands Ministry of DefenseContact: [email protected]

U.S. General Services AdministrationContact: [email protected]

NASAContact: [email protected]

CA TechnologiesContact: [email protected]

ActivIDentityContact: [email protected]

CertiPathContact: [email protected]

ElectrosoftContact: [email protected]

IntercedeContact: [email protected]

NLRContact: [email protected]

AxiomaticsContact: [email protected]

Deep-SecureContact: [email protected]

FuGen SolutionsContact: [email protected]

Criterion SystemsContact: [email protected]

Government Members

Gold Members

Silver Members

Northrop GrummanContact: [email protected]

EADSContact: [email protected]

RaytheonContact: [email protected]

French ANSSIContact: [email protected]

UK Ministry of DefenseContact: [email protected]

U.S. Secret ServiceContact: [email protected]

MicrosoftContact: [email protected]

Litmus LogicContact: [email protected]

SynerenContact: [email protected]

Boldon JamesContact: [email protected]

DeloitteContact: [email protected]

GemaltoContact: [email protected]

NextLabsContact: [email protected]

WaveContact: [email protected]

CentrifyContact: [email protected]

june 2013 newsletter - transglobal secure collaboration program

Documents