Global Reference Architecture: Overview of National Standards. Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants

Transcription

1 Global Reference Architecture: Overview of National Standards Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants

2 Goals for this Presentation Define the Global Reference Architecture (GRA) Discuss information sharing standards Introduce proven approaches Present the Global Information Sharing Toolkit (GIST)

3 GRA Overview The Problem Silos of Information Existing systems are mostly custom built, use custom means for integration, and exemplify stand-alone silos of data that make it costly and inefficient for sharing information

4 Foundation Plan Agreement Blueprint What is Architecture? for information sharing decision-making following the principles of Service Oriented Architecture (SOA)

5 What is SOA? Service-Oriented Architecture (SOA) is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components (discrete pieces of code and/or data structures) that can be reused for different purposes. Wikipedia

6 SOA An approach to developing software capabilities that support information sharing requirements Implemented through the use of Services (software components) SOA is a discipline, a philosophy, a set of principles NOT a purchased technology

7 What is Global? Global is a Federal advisory committee of justice stakeholders that supports establishing consistent and effective information exchange. Global assists the U.S. DOJ to establish and develop: Content Standards What the data will look like Sharing Standards How data will be shared Policy Requirements Privacy and confidentiality restrictions

8 What is the GRA? The GRA is a special case of SOA, or an Service Orientated Architecture approach tailored to meet the requirements of the justice community defined by a collection of Specifications, Profiles and Guidelines GRA leverages concepts that provide standards for efficiently sharing capabilities and infrastructure

9 GRA Principles Standard Service Contracts service must advertise purpose and capabilities Loose Coupling respect service boundaries; limit or eliminate any dependency across services. This promotes the independent design and evolution of a service's logic Abstraction emphasizes the need to hide as much of the underlying details of a service as possible. Doing so directly enables and preserves loose coupling Reuse the service serves its purposes in multiple implementations Autonomy having a high amount of control over underlying runtime environment Statelessness minimize resource consumption by removing state from service functioning Composability ability to use multiple services to solve a single problem

10 Why Use the GRA? In 2004, Global encouraged the national justice community to adopt SOA as the standard approach to justice and public safety information sharing The GRA is the culmination of Global s efforts to follow through on this recommendation by making it easier for state, local, and tribal justice agencies to adopt SOA The GRA provides a complete information sharing solution based on open standards Framework, Profiles, Guidelines, Specifications and Examples

11 Why base the GRA on SOA? SOA is a style of information sharing architecture with these distinguishing features: Keeps implementation separate (service-based) Open (non-proprietary) standards Formal, precise, but minimalist standards (WS.*) Shares common services Reuses components The model is the software Separates integration logic from internal system logic Defines a standard system interface Establishes consistent terminology, guidelines and requirements for service identification, service description and service interaction Provides technology-specific conformance targets, called Service Interaction Profiles (SIPs)

12 Why base the GRA on SOA? Custom builds result in: GRA and SOA help provide: NIEM GRA

13 Global Standards and Initiatives Global Reference Architecture (GRA) Governance Policy and Technical Standards National Information Exchange Model (NIEM) Global Federated Identity and Privilege Management (GFIPM) Single Sign-On Access Control Global Technical Privacy Framework Privacy Policy Rules Enforcement 13

14 GRA Framework The Framework defines a set of key concepts in a standard way, so that across the country, justice practitioners and their industry partners can adopt a consistent vocabulary to communicate about SOA The framework also provides a jumping-off point for the rest of the broader reference architecture, by identifying areas where the community needs more thorough standards and guidelines

15 GRA Concepts and Components

16 GRA Implementations consist of: An architecture for the jurisdiction, using the GRA as a basis Formal agreement among the partners in the jurisdiction to adopt/follow the architecture Commonly-provisioned infrastructure to provide shared execution context Strategy to drive service identification Specifications for initial services Adapters and connectors for initial services

17 GRA Execution Context Connector Intermediary Adapter Intermediaries Justice Line of Business System Apache Camel/ CXF Component Apache Camel/ CXF Component Workflow Apache Camel/ CXF Component Justice Line of Business System Shared Execution Context 17

18 GRA Service Specification Package Formal document of the capabilities made available through a service Describes how a consumer will use a service Describes how a provider will expose a service in a consistent and interoperable manner Blueprint: Design (business and technical) requirements, functionality, standards and other information required to build the service Business process flow Business process model Information model NIEM IEPD

19 GRA Service Specification Package Service Specification Package Business and technical artifacts describing the service Packaged to facilitate discoverability and reuse Service Specification Guideline Practical instructions on how to use the Service Specification Package Conformance requirements

20 Service Payload National Information Exchange Model (NIEM) Common semantics (definitions) Common syntax (structure) for sharing information Example: What is a case number?

21 NIEM Data Model CBRN HHS Infrastructure Protection Person People Organization Things Places Location Immigration Events Property Contact Info Activity Metadata Intelligence Screening Criminal Justice International Trade Emergency Management Family Services

22 NIEM Translation

23 Access Control: Global Resources

24 User Authentication Fine-grained authorization rules Who is the requestor? What information is requested? What is the business purpose for the request? What are the environmental conditions? What obligations must be imposed, if granted?

25 GFIPM The Global Federated Identity and Privilege Management (GFIPM) initiative provides the justice community with a standards-based approach implementing policies regarding authentication and authorization Uses XML and NIEM to provide a standard set of elements and attributes to identify users, describe their privileges, and authenticate them

26 Documenting Policies: GPIQWG 7 Steps to Privacy, Civil Rights, and Civil Liberties Policies Privacy Impact Assessment Privacy Policy Template 238

27 Translating Human-Readable Policies to Machine-Readable Policies Policy Analysts: translate sentences to XACML Policy Matrix Privacy Policy Development Tool

28 XACML Architecture Primer, Readiness Assessment, Case Studies, Resource List, Technical Implementers Guide, and Virtual Machine

29 Application of Global Standards Governance Authorization management Authentication identification Access Control disclosure & use Architecture design Messaging data transport Data message payload

30 GIST Components Data Messaging Architecture Access Control Authentication Federation < Data > Payload Data Transport Structural Design & IS Enablement Data Disclosure & Auditing User Identification & Credentialing Security Management Underlying Technology Standard XML WS* SOAP TCIP/IP HTTP & HTTP/S Global Information Sharing Initiatives SAML XACML AD & LDAP Crypto Trust Model Trust Fabric/ SAML GRA Global Adaptation of Standard NIEM SIP GFIPM Global Technical Privacy Framework Enablement of Interoperability IEPDs SSP Global Adoption GFIPM Metadata Communication Profiles GFIPM Trust Model Federation Management & Trusted Brokers Manifestation in Your Implementation IEPs Adapters & Connectors, Intermediaries Architecture Document SP Services IdP Services Participation in Federation

31 Examples Simple Exchange Reuse of Infrastructure Identity and Privilege Management (GFIPM) Single Sign On Access Control 31

32 Warrant Request Service Warrant Request Flow

33 Infrastructure Reuse Warrant Request Warrant Notification Warrant Issue

34 Federated Query using GFIPM 34

35 Global Standards Benefits Alignment with business drivers Agility - As the business changes, the implementation can quickly change Cost efficiency as services are being reused Reduced risk due to incremental implementation Federal funding opportunities associated with conformance to standards Allow utilizing services as enterprise assets and promote service reuse

36 Global Standards Benefits Increases interoperability between justice and non-justice agency systems Promotes leveraging legacy systems and results in reduction of information sharing cost Facilitate service discoverability Promote consistency which leads to agility Facilitate incremental deployment which results in lower implementation risk GRA (SOA) is Business-Driven

37 Resources and Training Global Initiative: Global Information Sharing Toolkit: National Information Exchange Model (NIEM): Training: NIEM - Technical Privacy - Coming in 2014: GRA SSP GFIPM