• 热门标签

当前位置: 主页 > 航空资料 > 国外资料 >

时间:2010-08-31 18:45来源:蓝天飞行翻译 作者:admin
曝光台 注意防骗 网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者

Partners Can Expect
 Strong Credentialing of our Employees (Authentication)
 Access to Our Public Key Encryption Certificates
 Access to Robust Certificate Status Service
 Service Access to Attribute Service (Authorization) – Future
Expectations from Partners
 The Same as From Us for 24/7 Partners – Plus
 Binding Federation Governance Agreement(s) / Rules that
Establish and Maintain Trust
 Consistency on Unanticipated & Less Mature Partners
12
13
Summary
• We Need a Clear, Concise, Consistent, Published Course
for Ourselves and Our Mission Partners.
• Mission Partners are Fielding Strong Identity & Managed
Credentials (PKI) as well as Identity Federations
• Progress Continues in IdAM Expansion toward Consistent
Dynamic Policy-Based Sharing
Strong Identity and Access Management Are Key to
Information Sharing and Collaboration
Backup
14
15
Status, Fabric by Fabric
• TS/SCI Fabric
• Environment: Homogeneous
• Lead is DNI/CIO
• PKI: IC PKI available for authentication by US
• Federation: Among IC Certificate Authorities (CAs) and Commonwealth CAs
• Notes: Enterprise services for central identity management, Enterprise attribute,
authentication, and authorization services
• Secret Fabric
• Environment: More diverse
• Lead: CNSS (DoD CIO Chairs)
• PKI: Minimal, CNSS PKI WG Recommendations for SAB. DoD implementing in FY09
• Federation: Commensurate with CNSS Authority (DoD CIO Chairs)
• Notes: No centralized Identity Mgmt, Therefore immature IdAM environment at this time
• Unclassified Fabric
• Environment: Extremely Diverse, Complex Environment
• Lead: No Single Lead; Must Cooperate & Federate (DoD & Exec Branch are Heavies)
• PKI: 24/7 Partners Adopting eAuthentication Level 4
• Federation: Federal Identity & Access Management Federation is Central
• Notes: Multiple enclave-specific IdAM services, Most Partners Not Yet Mature
16
Bottom Line Up Front
Strong Identity and Access Management
are Key to
Information Sharing and Collaboration
DoD and IC are Partners in the Approach
Connecting People With Information 17
Identity Authentication, Then Access Management
Manual process to add EACH user to EACH resource
Resource 1
Resource Owner
Resource 2
Millions of Authenticated Users
• Resource owner defines access rules
• Users gain access to appropriate resources
- No pre-registration
- No delay
Resource Owner
Today
Future
Attributes
Access Rules … Policy
Policy Access Rules
Domain
Access List
Add User
to List Administrator
Resource 1
Resource 1 Owner
Manual
Request
Access
Request Access
Add User
Account
Resource 2 Manual
Single Authenticated User
IdAM Collaboration
 DoD / IC
– DoD/IC PKI Tiger Team
 Coordinate and align on hardware authentication solution
 Develop comprehensive PKI solution for our mission partners
– DoD/IC Authorization and Attribute Services Tiger Team (AATT)
 Co-Chairs: NSA and DOD/CIO
 Advance Dynamic Policy-Based Sharing Capabilities
– Cover Tiger Team
 Provide recommendations on the use and protection of identities
 Federal (Created by OMB and Federal CIO Council)
– Federal Identity Credentialing Committee
– Federal PKI Policy Authority
– HSPD-12 Executive Steering Committee
– eAuthentication Executive Steering Committee
18
19
Identity and Access Management
 Internally Unclassified Sharing
– Operations - Mission & Business
 Strong Id Proofing & Vetting (eAuth Level-4 & CAC/PIV)
 Static ACL and limited ABAC (internally)
– Non-CAC/PIV Holders (e.g., Family Accounts)
 eAuth Level 2 or Level 3 Credentials
 Limited functionality – Bounded privileges
 External Partners
– 24/7 Partners - eAuth Level 4 and static ACL
– Unanticipated & Less Mature Partners
 Situational Dependency
 Under Development for controlled functionality / privileges
 Partner Expectations
– Strong Credentialing of Employees (Authentication)
– Access to Public Key Encryption Certificates
– Access to Robust Certificate Status Service
 
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:航空资料31(157)