research and development: innovative - identity …...exchange profile presenter’s name june 17,...
TRANSCRIPT
![Page 1: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/1.jpg)
Research and Development: Innovative – Identity and Access Management
Attribute Based Access Control
Operationalizing the Backend Attribute Exchange profile
![Page 2: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/2.jpg)
Presenter’s Name June 17, 2003 2
S&T Identity Management Testbed
![Page 3: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/3.jpg)
Presenter’s Name June 17, 2003
Attribute Exchange for Access Control
![Page 4: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/4.jpg)
Presenter’s Name June 17, 2003
BAE Profile
SAML v2 Governance Processes
BAE Broker Agency B
Federal BAE CA
Metadata Distribution
Service
BAE Broker Agency A
BAE Broker Agency C
BAE Broker Agency D
BAE Broker Agency E
BAE Broker Agency F
Attribute Service Org E-1
Attribute Service Org C-1
Federated Attribute Exchange
4
![Page 5: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/5.jpg)
Presenter’s Name June 17, 2003 5
Local and State Participants Colorado Maryland Virginia District of Columbia Missouri Southwest Texas Pennsylvania Chester County, PA Pittsburgh, PA West Virginia Hawaii Rhode Island Nevada
Technology Transition Working Group
PIV-I/FRAC Technology Transition Working Group (TTWG) Public Safety/Emergency
Response Security Federated Identity for First
Responders National standard,
Interoperable, and trusted ID credential
One voice from the TTWG to policy makers Sharing lessons learned Provide innovative, Cost-
effective solutions
![Page 6: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/6.jpg)
Presenter’s Name June 17, 2003
SPML Read-Only Profile
Web Service Handheld
F/ERO Repository
Credential
SPML Read-Only Request
SPML Read-Only Response
Chester County - PA DHS S&T IdM Testbed
NO COMMUNICATIIONS
1. DHS, FEMA (PIV) 2. DOD (CAC) 3. Chester Co PA (PIV-I)
F/ERO Entitlements Authoritative Source
Field Station
Unique F/ERO Identifier
Incident Scene Access Provisioning Pilot
PIV: Personal Identity Verification PIV-I: PIV– Interoperability CAC: Common Access Card OASIS: Organization for the Advancement of Structured Information Standards F/ERO: Federal/Emergency Response Official SPML: Service Provisioning Markup Language
6
![Page 7: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/7.jpg)
Presenter’s Name June 17, 2003
End-to-End Attribute Exchange Using Standards
Agency 1 Authoritative
Source
Agency 2 Authoritative
Source
Agency 3 Authoritative
Source
F/ERO Repository (Attributes)
SPML Service SPML
Gateway
Local Workstation Handheld
Tablet
Smartphone
SAML Service
SPML Read-Only
Profile Web
Service
SPML Create, Read,
Update, Delete Profile
7
![Page 8: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/8.jpg)
Presenter’s Name June 17, 2003
Verification using Smart Phone
Samsung Galaxy Nexus smartphone Apps screen
“Give me a list of all Users with Attribute X, Y, and Z” “Give me all the
Emergency Support Function (ESF) attributes of User X” “Give me all authorized
users for the incident”
![Page 9: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/9.jpg)
Presenter’s Name June 17, 2003
S&T Identity Management Testbed - Flow Components
9
F/ERO Repository
Protocol WS
WS-Security
Radiant Logic
Layer 7
Axiomatics
![Page 10: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/10.jpg)
Presenter’s Name June 17, 2003 10 10
Attributes
Permit or Deny
![Page 11: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/11.jpg)
Presenter’s Name June 17, 2003
Cyber-Physical Convergence
11
Platform collects sensor data from various sources Platform provides interoperability between the
reader/control and logical policy decision based on standard (XACML)
![Page 12: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/12.jpg)
Presenter’s Name June 17, 2003
BAE and GFIPM interoperability
12
![Page 13: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/13.jpg)
Presenter’s Name June 17, 2003
BAE introduced in Cyber Defense Competition
13
Educating our upcoming workforce on defensive skills in cyberspace
Providing real-world, hands-on experience
Educating students in securing network infrastructures
Inserted the Backend Attribute Exchange and learned some real world lessons
![Page 14: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/14.jpg)
Presenter’s Name June 17, 2003
Resources
14
Websites http://www.ahcusa.org/PIV-I%20TTWG.htm https://www.cyber.st.dhs.gov/idmdp.html http://www.idmanagement.gov/documents/BAE_v2_Ov
erview_Document_Final_v1.0.0.pdf
![Page 15: Research and Development: Innovative - Identity …...Exchange profile Presenter’s Name June 17, 20032 S&T Identity Management Testbed Presenter’s Name June 17, 2003 Attribute](https://reader036.vdocument.in/reader036/viewer/2022081407/5f24b89a9b9ec2564216a292/html5/thumbnails/15.jpg)
Contact Information
Karyn Higa-Smith DHS Science and Technology Directorate Cyber Security Division Identity Management Research Program Manager Homeland Security Advanced Research Projects Agency [email protected] 202.254.5335
15