Identity and Cross Domain Systems (multilayer security)

From IIW

Issue/Topic: Identity & Cross Domain Systems (multilayer security) (T2C)

Conference: IIW-East September 9-10, 2010 in Washington DC Complete Set of Notes

Convener: Jusin Richer and Gerald Beuchelt

Notes-taker(s): Gary Moore

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Mitre driven

Identity in cross-domain systems

Separate systems and networks with possible guards in between - how to go from low to high and vice versa - aka data leakage protection

Use a common low side for sharing info between systems - highly structured systems this may work but what of the environment when the system is unstructured

If on the high side and going down how does one go low and not exposed identity or the fact that they are on the high side

Is there a need to correlate identities on both sides? Maybe for security reasons?

Put mapping of identifiers in guard to allow either correlated mappings or total random IDs to the low end.

One idea is use a GUID at the guard to map identities on both ends to.

Identity is first step - then how to extend to authorization