TechTechRISSRISS

RISSRISS

RISS

RISSTechRISSTech

RISSRISS

Global Justice Information Sharing InitiativeGlobal Justice Information Sharing InitiativeGlobal Advisory CommitteeGlobal Advisory Committee

RISS / RISSNETRISS / RISSNETTrusted Credential ProjectTrusted Credential Project

Washington, D.C.Washington, D.C.April 28, 2005April 28, 2005

George P. March, DirectorGeorge P. March, DirectorRegional Information Sharing SystemsRegional Information Sharing Systems

Office of Information TechnologyOffice of Information Technology

TechTechRISSRISS

RISSRISS

To permit users with credentials from trusted To permit users with credentials from trusted partners to access resources available via partners to access resources available via

RISSNET without using the user authentication RISSNET without using the user authentication credential (V-ONE SmartPass) currently credential (V-ONE SmartPass) currently

required required

Trusted Credential Project MissionTrusted Credential Project Mission

TechTechRISSRISS

RISSRISS RISS INTELLIGENCE CENTERSRISS INTELLIGENCE CENTERS

WSINSacramento, CA

RMINPhoenix, AZ

ROCICNashville, TN

NESPINFranklin, MA

MAGLOCLENNewtown, PA

MOCICSpringfield, MO

TechTechRISSRISS

RISSRISS

RISS

REGIONAL INFORMATION SHARING SYSTEMS (RISS)

RISSNET

LAW ENFORCEMENT ONLINE (LEO)

LEO

National Law Enforcement Telecommunication System

TechTechRISSRISS

RISSRISS

Information Sharing Information Sharing Participation InitiativesParticipation Initiatives

RISS

TechTechRISSRISS

RISSRISS What is the RISS Intranet?What is the RISS Intranet?

A Sensitive But Unclassified (SBU) secure A Sensitive But Unclassified (SBU) secure electronic communication network electronic communication network

supporting information sharing between thesupporting information sharing between the RISS Intelligence Centers,RISS Intelligence Centers,

node agency systems,node agency systems, and authorized individual users,and authorized individual users,

known asknown as

RISSNETRISSNET

TechTechRISSRISS

RISSRISS

LA HIDTA

CISANetCA DOJ CIB / LEIU

WSIN

NW HIDTAWA SP

OR DOJ / OR HIDTA

HI CD

AZ DPS

RMINNLETS

UT LEIN

WY DCI

CO CBI

S FL HIDTA

FL DLEGC HIDTA

S TX (SWB) HIDTA

EPIC / CLSS

ROCICTN BI

GA BI

FBI LEONW3C

NESPINCT DSP

MI SP

LC HIDTAOH BCII

NY SP

NDIC MAGLOCLEN

WA/BALT HIDTAORI

NY/NJ HIDTA

PA SPDE GOV

SD DCI

MN BCA

MLW HIDTA

NE SP IA DSP

MW HIDTAMO SHP

MOCICCENTRAL SITE

CHI HIDTA

RISS CENTERHIDTA NODESTATE NODE

CENTRAL SITE

CISANet Gateway

PENDING STATE NODE PENDING HIDTA NODEPENDING ATF (BATFE), USSS (NTAC)

ATIX NODE

PENDING ATIX NODE

MATRIX NODE

PENDING MATRIX NODE

FEDERAL & OTHER AGENCIES

RISSNET NODES

US DOJ CDKS BI

PHL/CAM HIDTA

ATF (BATFE)USSS (NTAC)

TechTechRISSRISS

RISSRISS

RISS / RISSNETRISS / RISSNETTrusted Credential Project Trusted Credential Project

TechTechRISSRISS

RISSRISS

Identify industry-leading technologies for user Identify industry-leading technologies for user authentication and access controlauthentication and access control

Develop, test, and demonstrate methods to Develop, test, and demonstrate methods to recognize and accept credentials in addition to recognize and accept credentials in addition to those currently used on RISSNETthose currently used on RISSNET

Provide expanded information sharing and Provide expanded information sharing and collaboration while allowing all partners to keep collaboration while allowing all partners to keep their current infrastructure investments intact their current infrastructure investments intact

Trusted Credential Project ObjectivesTrusted Credential Project Objectives

TechTechRISSRISS

RISSRISS

LDAPLDAP

OctetStringOctetString

XML / SAML XML / SAML

Enterprise Portal Elements Enterprise Portal Elements

PK Certificates, SecureID Tokens, SSL VPNsPK Certificates, SecureID Tokens, SSL VPNs

Trust PillarsTrust Pillars

Agency vettingAgency vetting

Credential compositionCredential composition

Trusted Credential Project ComponentsTrusted Credential Project Components

TechTechRISSRISS

RISSRISS

Phase I:Phase I:

Build a foundation for information sharing and Build a foundation for information sharing and collaboration among trusted organizationscollaboration among trusted organizations

Demonstrate RISSNET’s ability to allow vetted Demonstrate RISSNET’s ability to allow vetted users with X.509 certificates issued by trusted users with X.509 certificates issued by trusted partners to access resources currently only partners to access resources currently only available via RISSNET to users presenting a valid available via RISSNET to users presenting a valid V-ONE SmartPass credential V-ONE SmartPass credential

Trusted Credential Project PhasesTrusted Credential Project Phases

TechTechRISSRISS

RISSRISS

Phase II:Phase II:

Build upon lessons learned in Phase IBuild upon lessons learned in Phase I

Develop a Federated Identity Management Develop a Federated Identity Management infrastructure that will operate on the current infrastructure that will operate on the current RISSNET architectureRISSNET architecture

Implement an enterprise information technology Implement an enterprise information technology portal as the focal point of access to offered portal as the focal point of access to offered resources resources

Trusted Credential Project PhasesTrusted Credential Project Phases

TechTechRISSRISS

RISSRISS

Phase II (continued):Phase II (continued):

Build a robust and flexible system that allows for Build a robust and flexible system that allows for interoperability with a wide variety of potential partners with interoperability with a wide variety of potential partners with whom RISS can work to whom RISS can work to

Agree on a set of rules governing federated authentication, Agree on a set of rules governing federated authentication, authorization, and access controlauthorization, and access control

Agree on a set of individual and role-based privilegesAgree on a set of individual and role-based privileges

Generate and consume the proper SAML assertionsGenerate and consume the proper SAML assertions

Make the appropriate privilege management decision based Make the appropriate privilege management decision based upon the content of the SAML assertionsupon the content of the SAML assertions

Ensure initial and continued system interoperability with Ensure initial and continued system interoperability with the Federated Identity and Privilege Management Security the Federated Identity and Privilege Management Security Demonstration projectDemonstration project

Trusted Credential Project PhasesTrusted Credential Project Phases

TechTechRISSRISS

RISSRISS

Thank YouThank YouFor further information, please contact:For further information, please contact:

George P. MarchGeorge P. March DirectorDirector

Regional Information Sharing SystemsRegional Information Sharing SystemsOffice of Information TechnologyOffice of Information Technology

P.O. Box 1869P.O. Box 1869West Chester, PA 19380-0131West Chester, PA 19380-0131

Telephone: (610) 738-8810Telephone: (610) 738-8810Fax: (610) 738-8813Fax: (610) 738-8813

gmarch@risstech.riss.netgmarch@risstech.riss.net

TechTechRISSRISS

RISSRISS

Thank YouThank YouFor further information, please contact:For further information, please contact:

Lawrence M. MaloneyLawrence M. Maloney Senior Project ManagerSenior Project Manager

Regional Information Sharing SystemsRegional Information Sharing SystemsOffice of Information TechnologyOffice of Information Technology

P.O. Box 1869P.O. Box 1869West Chester, PA 19380-0131West Chester, PA 19380-0131

Telephone: (610) 738-8810Telephone: (610) 738-8810Fax: (610) 738-8813Fax: (610) 738-8813

lmaloney@risstech.riss.netlmaloney@risstech.riss.net