Government agencies increasingly have a mandate to control access to their data and applications; not by firewalling their assets from view, but by managing access to properly authenticated individuals at the appropriate level of assurance. Yet while there is a large potential population of users holding strong credentials like CAC and PIV cards, integrating these identities into application and data access policies can be a challenge. Furthermore, we live in an increasingly multi-channel world, where the same data may be access through a web application, on a mobile device, or through encrypted email. How can an organization solve the cross-domain identity and access control problem?
Strategies for managing identities and provisioning access
How to craft access policies
How to enforce policy in a multi-channel scenario
The US Government has invested heavily over the years in identity and access management, including the DoD CAC program and expansion with HSPD-12 to include PIV and PIV-I credentials. The vision of the Federal Bridge CA includes the creation of an interoperable policy framework that allows applications within one domain to obtain some level of trust concerning credentials issued by an independently controlled network of issuing authorities in other domains. But with the scope of this project comes a level of complexity and a range of enabling technologies that may seem daunting.
At the same time, the need for agencies to paradoxically both control and share information has increased dramatically. Forces from the consumer internet world are also reshaping the way individuals think about accessing information, so the basic model of managing user access to application-managed information has now expanded to include multiple synchronous and asynchronous access channels. An application may be enabled to distribute information through encrypted email, or may provide a secure API to allow applications in other domains to create mash-ups including data from multiple sources.
But there is a pragmatic way to address this complexity. By focusing on the specific needs of individual applications and agencies, and by taking a policy-centered approach, organizations can reliably and comprehensibly provide access to their data without getting lost in the complexities of the enabling technologies. By separating policy and information flow from underlying technology standards, a durable future-proof infrastructure can be created. Binding to a wide range of current and emerging technical standards then does not require reworking the implementation approach
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
O'Neill co-founded Vordel, a leading SOA Security and API Management vendor, which was acquired by Axway in 2012. He is author of the book "Web Services Security" and a frequent speaker and blogger on security and integration topics. Mark is based in Boston, Massachusetts.