authorization and attribute service tiger team aatt update status n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Authorization and Attribute Service Tiger Team (AATT) Update & Status PowerPoint Presentation
Download Presentation
Authorization and Attribute Service Tiger Team (AATT) Update & Status

Loading in 2 Seconds...

play fullscreen
1 / 13

Authorization and Attribute Service Tiger Team (AATT) Update & Status - PowerPoint PPT Presentation


  • 67 Views
  • Uploaded on

Authorization and Attribute Service Tiger Team (AATT) Update & Status. January 13, 2008 Rodolph.morrison@osd.mil. IC/DoD Authorization & Attribute Service Tiger Team (AATT). December 18, 2007- Established the IC/DoD AATT DoD Co- Chair: Ms. Myra Powell IC Co- Chair: Ms. Amy Reiss

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Authorization and Attribute Service Tiger Team (AATT) Update & Status' - jorden-bowen


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
authorization and attribute service tiger team aatt update status

Authorization and Attribute Service Tiger Team (AATT)Update & Status

January 13, 2008

Rodolph.morrison@osd.mil

ic dod authorization attribute service tiger team aatt
IC/DoD Authorization & Attribute Service Tiger Team (AATT)

December 18, 2007- Established the IC/DoD AATT

        • DoD Co- Chair: Ms. Myra Powell
        • IC Co- Chair: Ms. Amy Reiss
  • Purpose:
    • Implement Authorization and Attribute Services across the IC & DoD as part of a dynamic information sharing environment that delivers timely information to authorized users
  • Objective:
    • Provide Operational user/resource owners the ability to control information sharing
      • Result: Users gain appropriate access to mission critical & business information without manual pre-registration processes
    • Identify common interfaces and service specifications that can be used to deploy common authorization and attribute capabilities across the IC & DoD environments

Unified security services enabling agile information sharing and collaboration for SIE and GIG

why authorization and attribute services
Why Authorization and Attribute Services

Attribute Based Access Control can enable:

  • Dynamic service and data discovery* and access
  • Unanticipated (but authorized) access to critical information
  • Resource owners can provide services and data to larger community
  • Dynamic, agile security posture (policy) change to meet mission tempo
access control
Access Control

Information is virtually ‘trapped’ within systems that require account creation, or addition to a list. Manual process to add EACH user to EACH resource

Today

SingleUser

Manual

Resource 1

Add EACH

User

to List

Access List

Administrator

Request Access

Resource 1 Owner

Manual

Resource 2

Request

Access

Add EACH

User

Account

Domain

Future

Users gain access seamlessly- no pre-registration, no delay …

Millions of Users

Policy

Resource 1

Policy

Resource 2

… while the services and data remain secure & protected!

Attributes

ic dod aatt deliverable status
IC/DOD AATT Deliverable Status
  • Each deliverable is being developed by a subgroup of the AATT.
  • Each deliverable team is comprised with both IC and DOD membership.
  • Each deliverable team is co-led by an IC and a DOD representative.
  • Present day all deliverable teams have been established and have completed or are nearly finished.
aatt major contributions
AATT Major Contributions
  • Technical
    • AATT CONOP
    • AATT Interface Specification
    • AATT Authoritative Source and Attribute Service Guidelines
    • ABAC Pilot Workshop & Pilot alignment
  • Policy
    • Recommendations regarding Authorization and Attribute Policy that need to be developed.
  • Governance
    • AATT identified the need for ongoing Governance to ensure
      • Compliance with the AATT CONOP
      • Compliance with the AATT Interface Specification
      • Availability of timely, accurate authorization attributes
      • Maintenance of authorization attribute definitions & acceptable values

AATT Deliverables provide significant contribution toward the implementation of

secure, agile information sharing

aatt proposed on going tasks
AATT Proposed On-going Tasks
  • Establish Authorization and Attribute Service Working Group
    • The Phase I set of AATT deliverables is just the beginning for building ABAC solutions. More work is needed in support of IdAM and ESM.
    • Authorization Attribute Governance Committee
      • Process to add and maintain attributes list
      • Monitor Authoritative Sources
      • Facilitate Community Service Level Agreements
    • Additional SAML Profile Work
      • Presently leveraging only Attribute Assertions
      • Today: 80% Attribute Service - 20% Authorization Service
      • Follow-on: 20% Attribute Service - 80% Authorization Service
    • Expand the AATT WG membership
      • Identify pilot opportunities that include DoD, IC, Coalition and other Federal efforts.
    • Address Advanced Dynamic Policy Capabilities
        • Address Policy (access rule) tools, portability, hierarchy
    • Address Attributes for Non Person Entities
        • Users, Systems, Data, Environment, Situation
resources
Resources
  • Deliverables are available via the following:
  • High Wiki
    • http://www.intelink.ic.giv/wiki/IC_Authorization_and_Attribute_Servies_Tiger_Team
  • Low Wiki
    • http://www.intelink.gov/wiki/Authorization_and_Attribute_Tiger_Team
  • DKO AATT Group
    • https://www.us.army.mil/suite/page/504666
point of contact
Point of Contact
  • ABAC Lead Martin Costellic,NII/DoD-CIO
    • Martin.Costellic@osd.mil
build on the aatt foundation
Build on the AATT Foundation

Recommended Policy & Governance Deliverable Set

  • AATT Policy Recommendations. Develop the authorization and attribute service IC and DoD policies recommended in the AATT Policy Recommendation paper.
  • Advanced Policy Recommendations. Develop policies based on lessons learned from pilots and operational deployment.
  • Governance. Establish governance arm to maintain the defined Authorization Attribute Set and report to the DoD and IC Governance bodies.
    • Example Governance topic: Assess and Approve Changes to the Attributes or Attribute Values, based on need for a new attribute, or change to a referenced attribute set.
      • E.g. OMB Organization Names.
build on the aatt foundation1
Build on the AATT Foundation

Recommended Technical Deliverable Set

  • Policy (access rules) Development. Provide guidance and examples for the development of policies (access rules).
  • Develop Solutions for Broad set of Partners. Adapt existing AATT solutions and/or develop solutions to provide authorization and attribute services for broader set of partners.
  • Develop detailed Profile Definition with Industry. Further definition of standard profiles for the AATT Interface Specification, to ensure interoperability between DoD and IC implementations, as well as profiles for additional partners.
  • Standards Assessment and Recommendation. Assess emerging standards for applicability and possible adoption by the DoD and IC, to include industry adoption of standards.
  • Investigate Emerging Standards and Solutions. Assess the utility of secure token service that combines authentication & authorization for the IC & DoD.
  • Pilot alignment. Continue work to align pilot activities.
recommended attributes
Recommended Attributes

*Attributes may be available for use prior to the FY 10-15 timeframe.