Identity and Cross Domain Systems (multilayer security)
Issue/Topic: Identity & Cross Domain Systems (multilayer security) (T2C)
Conference: IIW-East September 9-10, 2010 in Washington DC Complete Set of Notes
Convener: Jusin Richer and Gerald Beuchelt
Notes-taker(s): Gary Moore
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Mitre driven
Identity in cross-domain systems
Separate systems and networks with possible guards in between - how to go from low to high and vice versa - aka data leakage protection
Use a common low side for sharing info between systems - highly structured systems this may work but what of the environment when the system is unstructured
If on the high side and going down how does one go low and not exposed identity or the fact that they are on the high side
Is there a need to correlate identities on both sides? Maybe for security reasons?
Put mapping of identifiers in guard to allow either correlated mappings or total random IDs to the low end.
One idea is use a GUID at the guard to map identities on both ends to.
Identity is first step - then how to extend to authorization