COMCARE

Home · Glossary · Contact Us · Members Only · Site Map 
bar

 

Fire - FEMA
Home
About COMCARE
E-Safety Vision
Initiatives
Media Center
Members Only
Contact Us

ADDITIONAL RESOURCES

Click here for the Markle Report on national security in the information age

Click here for the NRIC Final Report

 

 

 

 

 

 

 
 

 

"Information security within the justice discipline has never been more important than it is today: not only in how it can protect the data or systems, but how it can enhance secure information exchange between trusted partners."

Steve E. Correll
National Law Enforcement Telecommunication System

 

 

 

 

 

 

Although an EPAD companion module, Identity Rights Management is intended to function as a standalone Web service that can be used by other application systems operating within the E-Safety Network. Acting as the network “on-ramp,” it will answer three basic questions:

1) Who are you?
2) What are you allowed to do? 
3) Where are you allowed to go? 

To answer these questions, the module provides:

  • Assurance that entities and users accessing the network are authorized to do so. This assurance is granted by the process of authentication, a significant portion of which is built into the Web services model.
  • Assurance that entities and users are allowed to exercise selected functions. This assurance is granted by the process of authorization.

Whereas authentication is generally concerned with who has access, authorization using roles and permissions is more focused on what functions individuals are allowed to exercise. To that end, EPAD’s Identity Rights Management module assigns system processing rights to both individual users and agencies registered in the EPAD. 

THE NEED

Emergency response organizations are being faced with an increasingly complex set of challenges as they balance the need for security against the need for data access and cross-domain information exchange. Currently, there are over 100,000 emergency response agencies in the US, each of which has bits of data that could save lives. When data from private companies are added into the mix, the sheer volume and spread of critical information needed during emergency response efforts becomes evident. Core services enable the process of information sharing across this vast enterprise by making available tools for the discovery and routing of information. However, there also must be tools that include the “rules” for when and how information can be accessed and how the integrity of the data can be preserved.

The traditional security model for protecting technology assets inside an organization’s walls no longer works. Mobile computing is becoming more prevalent as responders need to access data services and information from multiple physical locations, using a range of physical devices. In this type of information sharing environment, policies and operating rules must be established for the collection, handling, distribution, retention, and accuracy of information. They should clearly define what is permitted and what is not permitted.  The goal is to create a distributed, yet trusted and controlled information sharing environment.

While individual agencies can certainly establish their own authentication and authorization systems, it is costly to do so and one agency cannot be assured that the operating rules and policies are the same or are equally enforced from one agency to another. By creating a shared facilitation service, the Identity Rights Management module of EPAD attempts to alleviate some of the problems in this new processing model. It ensures that data is not simply available for the taking but can be accessed only for a particular purpose, for a finite amount of time, and with proper authorization.

COMCARE'S APPROACH

By making Identity Rights Management a shared Web service available for use by anyone operating within the E-Safety Network, a consistent set of rules and policies along with a consistent level of trust can be established, maintained and audited. It enables the creation and enforcement of access policies, as well as monitoring and reporting for compliance and audit purposes. As agencies procure or develop new application systems, those systems can be modified to use this module.

When users are identified into the module, the agency or agency group to which the user resides assigns a system defined role to the user. The assigned role represents a set of permissions that allow the user to view, update, or access categorized information. This module also manages the relationships of users within an agency or agency group and will enable hierarchical inheritance within that user group. Lastly, the module tracks all user actions and creates an accessible audit trail for review and determination of security breaches.

In addition to user rights, agencies and levels of government are also assigned permissions that define agency approved actions such as the types of incident event messages they can send for their respective agency type, jurisdiction and organizational structure. They are also given permissions that would allow them to filter recipient lists and to view certain types of information included in an actual incident event message. For example, patient information housed within the Vehicular Emergency Data Set (VEDS) can only be viewed by agencies that have a need to know this information.

Identity federation is the sharing of identity authentication and profile information across a network. Initially the module will act as a central authenticator and identity provider to pass authenticated users and their attributes to a surrounding number of application systems. When a user logs into a system, that system sends a query to the Identity Rights Management module. The module sends back appropriate information so that the inquiring system knows that the user has been approved, knows what the user can do and what systems can be accessed. No other sign-on is required for the user during his active session.

Identity Rights Management functions include:

  • User Provisioning
  • Authentication Services
  • Role-Based Access Control
  • Policy and Operating Rule Administration and Enforcement
  • Security Auditing and Reporting

FROM VISION TO REALITY

With the detailed design complete for both this module and EPAD, COMCARE is now working with a board coalition of emergency response organizations to make the E-Safety Vision available to all emergency agencies in the nation. This coalition called the National Emergency and Alerting Response Systems (NEARS) Initiative is now seeking the funding needed for this purpose.

COMCARE has also surveyed the marketplace to review the available Commercial-Off-The-Shelf (COTS) product offerings and has tentatively selected a viable solution.

Back to Top

Home · Contact Us · Glossary · Privacy Policy · All rights reserved. COMCARE © 2005-2006