Significant breakthrough for information interoperability: partners agree on baseline of attributes

At the office of the PM-ISE, we understand the challenges involved with strengthening both information sharing and information safeguarding – to advance the sharing of terrorism, homeland security, cyber, and other national security information. Thus our vision: “National Security through responsible information sharing.” Our role is to improve and accelerate information sharing in a responsible and secure way to enhance the response to the needs of our defense, law enforcement, and first responder communities. One such group actively supporting this mission is the Sensitive But Unclassified (SBU) Working Group (WG), under the Information Integration Sub-Committee (IISC). The SBU WG is leveraging standards to improve network interoperability for sharing while strengthening information safeguarding through Identity and Access Management (IdAM) best practices. I want to highlight their work in the IdAM space, specifically the Identity and Authorization Attributes (IAA) effort.

The four lead members of the SBU WG (FBI Criminal Justice Information Systems, DHS Homeland Security Information Network, Intelink, and Regional Information Sharing Systems), assisted by the PM-ISE, unanimously approved a standard set of Identity and Authorization Attributes for exchanging user identities across networks and organizations. Essentially, the SBU WG members agreed to exchange authenticated identity information along with approved authorization attributes – moving towards a federated identity model. This effort promotes trust among current and future SBU WG members through a framework built on transparency, autonomy, sharing, and assurance for user identity and access to information. Standardizing these attributes allows new and existing SBU organizations to quickly connect with all other federation members. Once part of the federation, the need for multiple usernames and passwords, manual logins, and manual account processing is minimized.

This effort also lays the groundwork for an Attribute Registry Service (ARS) capability, which we are championing. A federated ARS minimizes time, effort, and uncertainty required for relying and trusting parties to identify users and their authorization attributes for access to services and information resources. With the four lead SBU WG members serving well over a quarter million users, this capability is well worth the investment for information sharing and safeguarding.

Speaking of progress on information interoperability: if you haven’t checked out Project Interoperability yet, you should!

Michael E. Kennedy's picture
Blog Author: Michael E. Kennedy, Michael E. Kennedy, Deputy Program Manager, Technology | Apr 21, 2014

Read more posts by Michael E. Kennedy

Add new comment