曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
Partners Can Expect
Strong Credentialing of our Employees (Authentication)
Access to Our Public Key Encryption Certificates
Access to Robust Certificate Status Service
Service Access to Attribute Service (Authorization) – Future
Expectations from Partners
The Same as From Us for 24/7 Partners – Plus
Binding Federation Governance Agreement(s) / Rules that
Establish and Maintain Trust
Consistency on Unanticipated & Less Mature Partners
12
13
Summary
• We Need a Clear, Concise, Consistent, Published Course
for Ourselves and Our Mission Partners.
• Mission Partners are Fielding Strong Identity & Managed
Credentials (PKI) as well as Identity Federations
• Progress Continues in IdAM Expansion toward Consistent
Dynamic Policy-Based Sharing
Strong Identity and Access Management Are Key to
Information Sharing and Collaboration
Backup
14
15
Status, Fabric by Fabric
• TS/SCI Fabric
• Environment: Homogeneous
• Lead is DNI/CIO
• PKI: IC PKI available for authentication by US
• Federation: Among IC Certificate Authorities (CAs) and Commonwealth CAs
• Notes: Enterprise services for central identity management, Enterprise attribute,
authentication, and authorization services
• Secret Fabric
• Environment: More diverse
• Lead: CNSS (DoD CIO Chairs)
• PKI: Minimal, CNSS PKI WG Recommendations for SAB. DoD implementing in FY09
• Federation: Commensurate with CNSS Authority (DoD CIO Chairs)
• Notes: No centralized Identity Mgmt, Therefore immature IdAM environment at this time
• Unclassified Fabric
• Environment: Extremely Diverse, Complex Environment
• Lead: No Single Lead; Must Cooperate & Federate (DoD & Exec Branch are Heavies)
• PKI: 24/7 Partners Adopting eAuthentication Level 4
• Federation: Federal Identity & Access Management Federation is Central
• Notes: Multiple enclave-specific IdAM services, Most Partners Not Yet Mature
16
Bottom Line Up Front
Strong Identity and Access Management
are Key to
Information Sharing and Collaboration
DoD and IC are Partners in the Approach
Connecting People With Information 17
Identity Authentication, Then Access Management
Manual process to add EACH user to EACH resource
Resource 1
Resource Owner
Resource 2
Millions of Authenticated Users
• Resource owner defines access rules
• Users gain access to appropriate resources
- No pre-registration
- No delay
Resource Owner
Today
Future
Attributes
Access Rules … Policy
Policy Access Rules
Domain
Access List
Add User
to List Administrator
Resource 1
Resource 1 Owner
Manual
Request
Access
Request Access
Add User
Account
Resource 2 Manual
Single Authenticated User
IdAM Collaboration
DoD / IC
– DoD/IC PKI Tiger Team
Coordinate and align on hardware authentication solution
Develop comprehensive PKI solution for our mission partners
– DoD/IC Authorization and Attribute Services Tiger Team (AATT)
Co-Chairs: NSA and DOD/CIO
Advance Dynamic Policy-Based Sharing Capabilities
– Cover Tiger Team
Provide recommendations on the use and protection of identities
Federal (Created by OMB and Federal CIO Council)
– Federal Identity Credentialing Committee
– Federal PKI Policy Authority
– HSPD-12 Executive Steering Committee
– eAuthentication Executive Steering Committee
18
19
Identity and Access Management
Internally Unclassified Sharing
– Operations - Mission & Business
Strong Id Proofing & Vetting (eAuth Level-4 & CAC/PIV)
Static ACL and limited ABAC (internally)
– Non-CAC/PIV Holders (e.g., Family Accounts)
eAuth Level 2 or Level 3 Credentials
Limited functionality – Bounded privileges
External Partners
– 24/7 Partners - eAuth Level 4 and static ACL
– Unanticipated & Less Mature Partners
Situational Dependency
Under Development for controlled functionality / privileges
Partner Expectations
– Strong Credentialing of Employees (Authentication)
– Access to Public Key Encryption Certificates
– Access to Robust Certificate Status Service
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
航空资料31(157)
