techriss riss. risstech global justice information sharing initiative global advisory committee riss...
TRANSCRIPT
RISSTechRISSTech
RISSRISS
Global Justice Information Sharing InitiativeGlobal Justice Information Sharing InitiativeGlobal Advisory CommitteeGlobal Advisory Committee
RISS / RISSNETRISS / RISSNETTrusted Credential ProjectTrusted Credential Project
Washington, D.C.Washington, D.C.April 28, 2005April 28, 2005
George P. March, DirectorGeorge P. March, DirectorRegional Information Sharing SystemsRegional Information Sharing Systems
Office of Information TechnologyOffice of Information Technology
TechTechRISSRISS
RISSRISS
To permit users with credentials from trusted To permit users with credentials from trusted partners to access resources available via partners to access resources available via
RISSNET without using the user authentication RISSNET without using the user authentication credential (V-ONE SmartPass) currently credential (V-ONE SmartPass) currently
required required
Trusted Credential Project MissionTrusted Credential Project Mission
TechTechRISSRISS
RISSRISS RISS INTELLIGENCE CENTERSRISS INTELLIGENCE CENTERS
WSINSacramento, CA
RMINPhoenix, AZ
ROCICNashville, TN
NESPINFranklin, MA
MAGLOCLENNewtown, PA
MOCICSpringfield, MO
TechTechRISSRISS
RISSRISS
RISS
REGIONAL INFORMATION SHARING SYSTEMS (RISS)
RISSNET
LAW ENFORCEMENT ONLINE (LEO)
LEO
National Law Enforcement Telecommunication System
TechTechRISSRISS
RISSRISS
Information Sharing Information Sharing Participation InitiativesParticipation Initiatives
RISS
TechTechRISSRISS
RISSRISS What is the RISS Intranet?What is the RISS Intranet?
A Sensitive But Unclassified (SBU) secure A Sensitive But Unclassified (SBU) secure electronic communication network electronic communication network
supporting information sharing between thesupporting information sharing between the RISS Intelligence Centers,RISS Intelligence Centers,
node agency systems,node agency systems, and authorized individual users,and authorized individual users,
known asknown as
RISSNETRISSNET
TechTechRISSRISS
RISSRISS
LA HIDTA
CISANetCA DOJ CIB / LEIU
WSIN
NW HIDTAWA SP
OR DOJ / OR HIDTA
HI CD
AZ DPS
RMINNLETS
UT LEIN
WY DCI
CO CBI
S FL HIDTA
FL DLEGC HIDTA
S TX (SWB) HIDTA
EPIC / CLSS
ROCICTN BI
GA BI
FBI LEONW3C
NESPINCT DSP
MI SP
LC HIDTAOH BCII
NY SP
NDIC MAGLOCLEN
WA/BALT HIDTAORI
NY/NJ HIDTA
PA SPDE GOV
SD DCI
MN BCA
MLW HIDTA
NE SP IA DSP
MW HIDTAMO SHP
MOCICCENTRAL SITE
CHI HIDTA
RISS CENTERHIDTA NODESTATE NODE
CENTRAL SITE
CISANet Gateway
PENDING STATE NODE PENDING HIDTA NODEPENDING ATF (BATFE), USSS (NTAC)
ATIX NODE
PENDING ATIX NODE
MATRIX NODE
PENDING MATRIX NODE
FEDERAL & OTHER AGENCIES
RISSNET NODES
US DOJ CDKS BI
PHL/CAM HIDTA
ATF (BATFE)USSS (NTAC)
TechTechRISSRISS
RISSRISS
RISS / RISSNETRISS / RISSNETTrusted Credential Project Trusted Credential Project
TechTechRISSRISS
RISSRISS
Identify industry-leading technologies for user Identify industry-leading technologies for user authentication and access controlauthentication and access control
Develop, test, and demonstrate methods to Develop, test, and demonstrate methods to recognize and accept credentials in addition to recognize and accept credentials in addition to those currently used on RISSNETthose currently used on RISSNET
Provide expanded information sharing and Provide expanded information sharing and collaboration while allowing all partners to keep collaboration while allowing all partners to keep their current infrastructure investments intact their current infrastructure investments intact
Trusted Credential Project ObjectivesTrusted Credential Project Objectives
TechTechRISSRISS
RISSRISS
LDAPLDAP
OctetStringOctetString
XML / SAML XML / SAML
Enterprise Portal Elements Enterprise Portal Elements
PK Certificates, SecureID Tokens, SSL VPNsPK Certificates, SecureID Tokens, SSL VPNs
Trust PillarsTrust Pillars
Agency vettingAgency vetting
Credential compositionCredential composition
Trusted Credential Project ComponentsTrusted Credential Project Components
TechTechRISSRISS
RISSRISS
Phase I:Phase I:
Build a foundation for information sharing and Build a foundation for information sharing and collaboration among trusted organizationscollaboration among trusted organizations
Demonstrate RISSNET’s ability to allow vetted Demonstrate RISSNET’s ability to allow vetted users with X.509 certificates issued by trusted users with X.509 certificates issued by trusted partners to access resources currently only partners to access resources currently only available via RISSNET to users presenting a valid available via RISSNET to users presenting a valid V-ONE SmartPass credential V-ONE SmartPass credential
Trusted Credential Project PhasesTrusted Credential Project Phases
TechTechRISSRISS
RISSRISS
Phase II:Phase II:
Build upon lessons learned in Phase IBuild upon lessons learned in Phase I
Develop a Federated Identity Management Develop a Federated Identity Management infrastructure that will operate on the current infrastructure that will operate on the current RISSNET architectureRISSNET architecture
Implement an enterprise information technology Implement an enterprise information technology portal as the focal point of access to offered portal as the focal point of access to offered resources resources
Trusted Credential Project PhasesTrusted Credential Project Phases
TechTechRISSRISS
RISSRISS
Phase II (continued):Phase II (continued):
Build a robust and flexible system that allows for Build a robust and flexible system that allows for interoperability with a wide variety of potential partners with interoperability with a wide variety of potential partners with whom RISS can work to whom RISS can work to
Agree on a set of rules governing federated authentication, Agree on a set of rules governing federated authentication, authorization, and access controlauthorization, and access control
Agree on a set of individual and role-based privilegesAgree on a set of individual and role-based privileges
Generate and consume the proper SAML assertionsGenerate and consume the proper SAML assertions
Make the appropriate privilege management decision based Make the appropriate privilege management decision based upon the content of the SAML assertionsupon the content of the SAML assertions
Ensure initial and continued system interoperability with Ensure initial and continued system interoperability with the Federated Identity and Privilege Management Security the Federated Identity and Privilege Management Security Demonstration projectDemonstration project
Trusted Credential Project PhasesTrusted Credential Project Phases
TechTechRISSRISS
RISSRISS
Thank YouThank YouFor further information, please contact:For further information, please contact:
George P. MarchGeorge P. March DirectorDirector
Regional Information Sharing SystemsRegional Information Sharing SystemsOffice of Information TechnologyOffice of Information Technology
P.O. Box 1869P.O. Box 1869West Chester, PA 19380-0131West Chester, PA 19380-0131
Telephone: (610) 738-8810Telephone: (610) 738-8810Fax: (610) 738-8813Fax: (610) 738-8813
[email protected]@risstech.riss.net
TechTechRISSRISS
RISSRISS
Thank YouThank YouFor further information, please contact:For further information, please contact:
Lawrence M. MaloneyLawrence M. Maloney Senior Project ManagerSenior Project Manager
Regional Information Sharing SystemsRegional Information Sharing SystemsOffice of Information TechnologyOffice of Information Technology
P.O. Box 1869P.O. Box 1869West Chester, PA 19380-0131West Chester, PA 19380-0131
Telephone: (610) 738-8810Telephone: (610) 738-8810Fax: (610) 738-8813Fax: (610) 738-8813
[email protected]@risstech.riss.net