Open Identity SummitEnabling Information SharingIdentity in a Multi-Agency First Responder and EmergencyManagement Environ...
Open Identity SummitEmergency)Informa.on)Sharing)Challenges)2
Open Identity SummitHow is SA shared?!  USERS:!  Fire fighters, Police, EMS/Paramedics, Emergency Managers,Public Safety/H...
What is MASAS?!  Multi-Agency – many agencies and organizations from local allthe way up to international.!  Situational A...
Open Identity SummitSituational awareness isneeded everyday...and in many different placesInterdev(5
Open Identity SummitLocalRegional(P/T)FederalInformation FlowFirstResponderEOCP/T EMOEOCEOC 2…nEOC 1RegionalOfficeOGDRegio...
Open Identity SummitRoad closures, EM weather, checkpoints, command posts, area ofoperation, evacuation zone, plumecloud, ...
Open Identity SummitIt can be this simple!8IAM allows users toknow that the senderis who they say theyand that they are th...
Open Identity SummitFires and MVA from CAD9
Open Identity SummitHurricane SandyGood example of information sharing.Or was it?
Open Identity SummitCommon Viewer -OpenLayers!  Little to no training!  Popular browsers!  Source code available11
Open Identity SummitESRI ArcGIS Widget12
Open Identity SummitMoving toCommon Viewer - ArcGIS!  Plugs into ArcGIS!  User configurable!  Source code available13
Open Identity SummitIt works locallyIt must ...or it won’t work nationally, internationally14
Open Identity SummitLocal Level!  Tri-services!  Fire, Police, and Ambulance/Paramedics!  Emergency Managers!  Multiple Ju...
Open Identity SummitInternational – Canada/US
Open Identity SummitBeyond the BorderBeyond the Border -Action Plan onPerimeter Security...December 2011Page 25: “The seco...
Open Identity SummitSelf Examination …!  Given this Surprise …!  Why is MASAS Succeeding?!  ~50 Organizations in 2011, 200...
Open Identity SummitMoving Pieces – lots…MASAS Controlled!  Server Software!  Information Exchange!  Access Control!  Apps...
Open Identity SummitCurrent Access Control!  Django-Based!  Modified Django user access and identity!  Incredibly onerous ...
Open Identity SummitMASASBasicToolsetMASASBasicToolsetVERY SimpleArchitectureYourToolsTheirToolsFirewall FirewallESRI, Eme...
Open Identity SummitAccess Control - RESTRESTful Query:https://access.masas-sics.ca/api/check_access/?query_secret=XXXXXX&...
Open Identity SummitIt Starts Simple!  Username and Password access per hub!  Add read-only and read/write access!  4 hubs...
Open Identity SummitStarting to Sound Familiar!  Roll your own!  Add capabilities as you go!  Total Control!  …!  Until …!...
Open Identity SummitCommunity is About…!  TRUST!  How do I know you?!  Have we met?!  How do I know I can trust you?!  Who...
Open Identity SummitFuture Needs!  Increase Information Exchange Types!  Hospital Availability, Resource Request, Requests...
Open Identity SummitLessons Learned to Date!  Limit scope!  Being able to say NO is powerful!  Work on the majority – not ...
Open Identity SummitCore Market-ectureInformation Exchange LayerIdentity & Access Management Layerintegrated
Open Identity SummitInformation Exchange!  BUILD!  Architecture -> Dev -> Support!  Integrate with IAM Layer!  Protect res...
Open Identity SummitProblems!  Technical jargon tossed around:!  Credentials!  Revocation!  Provisioning!  Federation!  Ac...
Open Identity SummitLocalRegional(P/T)FederalInformation FlowFirstResponderEOCP/T EMOEOCEOC 2…nEOC 1RegionalOfficeOGDRegio...
Open Identity SummitIdentity & Access Management!  Open Source Focus of Team!  OFFSITE!  A3–  Authentication–  Authorizati...
Open Identity SummitIAM Needs!  Authentication & Authorization!  Provisioning & Management – Users, Organizations,Systems,...
Open Identity SummitIdentity Management - Asset!  A MASAS community member invests in MASAS:!  Fees (nominal)!  Time!  Rep...
Open Identity SummitOpen Identity Stack!  Open-Source – butcommercially supported!  Already C&A capable!  Supports Integra...
Open Identity SummitMASAS – Growing Community!  Business Problem: Managing thousands of useraccounts takes a lot of time –...
Open Identity SummitMASAS – CommunityManagement!  NEED: MASAS will need to track usage (revenue) andmanage the overall dir...
Open Identity SummitOrganization Management!  Firefighters, Police, EMS/Paramedics!  OpenAM tools for Management?
Open Identity SummitApplicant Processing!  Outside of Open Identity Stack
Open Identity SummitAdmin/Clerk View!  Examines Existing, Approved, and Rejected Applications!  Edits if needed – keeps lo...
Open Identity SummitParticipant Administrator!  Skin on OpenAM (via REST)!  Custom View for the Organization!  Focuses on ...
Open Identity SummitUpcoming Decisions!  Granular Permissions/Entitlements!  Groups? XACML? Attributes + Policy…!  OpenIDM...
Open Identity SummitThanksDarrell O’Donnell, P.Eng.darrell.odonnell@continuumloop.com@darrelloChief Technology OfficerMASA...
Q & ALogo of PresenterCompany HERE
Notional Market-ecture
Upcoming SlideShare
Loading in …5
×

How Do Get Police, Fire, Paramedics and Others to Share Information? Built Trust into the System...

762 views
536 views

Published on

Presented by Darrell O'Donnell, P.Eng, President, Continuum Loop Inc. at ForgeRock Open Stack Identity Summit, June 2013

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
762
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

How Do Get Police, Fire, Paramedics and Others to Share Information? Built Trust into the System...

  1. 1. Open Identity SummitEnabling Information SharingIdentity in a Multi-Agency First Responder and EmergencyManagement EnvironmentDarrell O’Donnell, P.Eng.PresidentContinuum Loop Inc.
  2. 2. Open Identity SummitEmergency)Informa.on)Sharing)Challenges)2
  3. 3. Open Identity SummitHow is SA shared?!  USERS:!  Fire fighters, Police, EMS/Paramedics, Emergency Managers,Public Safety/Homeland Security officers!  From “boots on the ground” to senior federal leadership.!  Both “consumers” and “contributors”.!  PROBLEM:!  Sharing of basic SA information does not happen in a systematicway. Phone calls and emails rule the world of crisis and day-to-dayoperations.!  The status of SA information is difficult to determine (e.g., whethercurrent, whether confirmed at source, etc.)
  4. 4. What is MASAS?!  Multi-Agency – many agencies and organizations from local allthe way up to international.!  Situational Awareness – Sharing information that helps tounderstand what is happening around us so we can do our jobeffectively.!  System (of systems) – MASAS is not a tool, it is a way ofsharing information amongst a trusted community.
  5. 5. Open Identity SummitSituational awareness isneeded everyday...and in many different placesInterdev(5
  6. 6. Open Identity SummitLocalRegional(P/T)FederalInformation FlowFirstResponderEOCP/T EMOEOCEOC 2…nEOC 1RegionalOfficeOGDRegionalOfficeFederalRegionADM-EMCField
  7. 7. Open Identity SummitRoad closures, EM weather, checkpoints, command posts, area ofoperation, evacuation zone, plumecloud, shelter locations, shelterstatus, staging area, supply depot,live cameras, media events,pictures, sitreps, earthquakes,space weather, ...Limiting AccessCLASSIFICATIONCompletelyUnclassified7Limited(obstacles(to(success(Major(obstacles(to(success(Designatedor Classified
  8. 8. Open Identity SummitIt can be this simple!8IAM allows users toknow that the senderis who they say theyand that they are theauthoritative source.
  9. 9. Open Identity SummitFires and MVA from CAD9
  10. 10. Open Identity SummitHurricane SandyGood example of information sharing.Or was it?
  11. 11. Open Identity SummitCommon Viewer -OpenLayers!  Little to no training!  Popular browsers!  Source code available11
  12. 12. Open Identity SummitESRI ArcGIS Widget12
  13. 13. Open Identity SummitMoving toCommon Viewer - ArcGIS!  Plugs into ArcGIS!  User configurable!  Source code available13
  14. 14. Open Identity SummitIt works locallyIt must ...or it won’t work nationally, internationally14
  15. 15. Open Identity SummitLocal Level!  Tri-services!  Fire, Police, and Ambulance/Paramedics!  Emergency Managers!  Multiple Jurisdictions!  Muddy!  Today’s Incident Command Systems tells you who is in charge andwho does what? Who has what rights?!  No systems integration – no way to share data reliably andpredictably (i.e., not automated, and supporting policy)
  16. 16. Open Identity SummitInternational – Canada/US
  17. 17. Open Identity SummitBeyond the BorderBeyond the Border -Action Plan onPerimeter Security...December 2011Page 25: “The second working group will focus on cross-border interoperability as a means ofharmonizing cross-border emergency communications efforts. It will pursue activities thatpromote the harmonization of the Canadian Multi-Agency Situational AwarenessSystem with the United States Integrated Public Alert and Warning System toenable sharing of alert, warning, and incident information to improve responsecoordination during binational disasters.”17
  18. 18. Open Identity SummitSelf Examination …!  Given this Surprise …!  Why is MASAS Succeeding?!  ~50 Organizations in 2011, 200 in 2012, 450 in 2013 (May)!  It isn’t Technology!  Information Exchange is somewhat novel – but not magic.!  Been done before.!  Mimics the real world – enables relationships!  Easy to approach
  19. 19. Open Identity SummitMoving Pieces – lots…MASAS Controlled!  Server Software!  Information Exchange!  Access Control!  Apps!  OpenLayers/JavaScript!  ArcGIS Flex!  Mobile (Android, iOS,BlackBerry)EXTERNAL SYSTEMS!  Incident management systems(IMS)!  Geographic information systems(GIS)!  Computer aided dispatch systems(CAD)!  Records management systems(RMS)!  Forest fire management systems!  … including external IAM (e.g.Federal AD)
  20. 20. Open Identity SummitCurrent Access Control!  Django-Based!  Modified Django user access and identity!  Incredibly onerous to maintain and add capability!  Permissions?!  Granular?!  Roles?!  Groups?!  Scale?
  21. 21. Open Identity SummitMASASBasicToolsetMASASBasicToolsetVERY SimpleArchitectureYourToolsTheirToolsFirewall FirewallESRI, EmerGeo,Interdev, Sentinel, IHS,CriSys, Command View,IDV, MyStateUSA,SharePoint, Hazus, …,basic MASAS toolsYourToolsYourToolsTheirToolsTheirToolsIncident management,mapping, dispatch,consoles, tablets,smartphones, sensors,digital radio, …21
  22. 22. Open Identity SummitAccess Control - RESTRESTful Query:https://access.masas-sics.ca/api/check_access/?query_secret=XXXXXX&secret=YYYYYYJSON response:{"groups": [ "https://access.masas-sics.ca/accounts/group/1” ],"hubs": [{ "url": https://sandbox2.masas-sics.ca/hub, "post": "Y” },{ "url": https://sandbox1.masas-sics.ca/hub, "post": "Y” }],"id": 5, "name": "MASAS NIT - Darrell ODonnell”, "uri": "https://access.masas-sics.ca/accounts/user/######/"}Groups not usedyet.
  23. 23. Open Identity SummitIt Starts Simple!  Username and Password access per hub!  Add read-only and read/write access!  4 hubs operationally (2 for dev)!  Consolidate account into one account!  r/o & r/w per hub!  OAuth 2.0 (app level access?)!  Integrate CMS (Joomla)!  Allow self-admin …!  What are we building???
  24. 24. Open Identity SummitStarting to Sound Familiar!  Roll your own!  Add capabilities as you go!  Total Control!  …!  Until …!  It Controls you – and you havebuild an Identity & AccessManagement System – a blackhole for development funds
  25. 25. Open Identity SummitCommunity is About…!  TRUST!  How do I know you?!  Have we met?!  How do I know I can trust you?!  Who else trusts you? – professional referrals!  How has this translated so far?!  Simply - but that’s a problem!  Growing needs for deeper information
  26. 26. Open Identity SummitFuture Needs!  Increase Information Exchange Types!  Hospital Availability, Resource Request, Requests for Information!  Limiting Access to Information!  Deep Identity and Access Management!  Authentication, Authorization, and Audit (A3)!  Identity!  Credentialing, revocation…!  Multi-Factor Authentication!  Integration into Directories
  27. 27. Open Identity SummitLessons Learned to Date!  Limit scope!  Being able to say NO is powerful!  Work on the majority – not the exceptions!  Standards take additional time in the beginning but providescale.!  Build only what you must – buy, configure, borrow (beg,steal) the rest!  Building for resilience and flexibility is necessary (and hard)
  28. 28. Open Identity SummitCore Market-ectureInformation Exchange LayerIdentity & Access Management Layerintegrated
  29. 29. Open Identity SummitInformation Exchange!  BUILD!  Architecture -> Dev -> Support!  Integrate with IAM Layer!  Protect resources!  Use Standards!  Integrate through Configuration where possible
  30. 30. Open Identity SummitProblems!  Technical jargon tossed around:!  Credentials!  Revocation!  Provisioning!  Federation!  Access Control!  Audience Control!  OAuth!  XACML!  SAML!  …
  31. 31. Open Identity SummitLocalRegional(P/T)FederalInformation FlowFirstResponderEOCP/T EMOEOCEOC 2…nEOC 1RegionalOfficeOGDRegionalOfficeFederalRegionADM-EMCField
  32. 32. Open Identity SummitIdentity & Access Management!  Open Source Focus of Team!  OFFSITE!  A3–  Authentication–  Authorization – rights, permissions, membership–  Audit!  Integration – internal & external!  Huge Enterprise Space (Oracle, IBM, MS, etc.)
  33. 33. Open Identity SummitIAM Needs!  Authentication & Authorization!  Provisioning & Management – Users, Organizations,Systems, Devices, etc.!  Integration – Core Tools, Internal Systems, ExternalSystems etc.!  OPPORTUNITY – Identity is an investment of thecommunity!  STICKY and hard to leave
  34. 34. Open Identity SummitIdentity Management - Asset!  A MASAS community member invests in MASAS:!  Fees (nominal)!  Time!  Reputation…!  In the social space, this is sticky!  No common space in Canada right now beyond MASAS!  No credentialed system beyond organization boundaries!  Identity underpins trust – and it needs enterprise and cloud scale
  35. 35. Open Identity SummitOpen Identity Stack!  Open-Source – butcommercially supported!  Already C&A capable!  Supports Integration out ofbox!  Out-of-box for admins!  Still need CommunityManagement
  36. 36. Open Identity SummitMASAS – Growing Community!  Business Problem: Managing thousands of useraccounts takes a lot of time – more time than the NewEntity can reasonably spend.!  SOLUTION: Offload effort by allowing Organizations tomanage their own needs.
  37. 37. Open Identity SummitMASAS – CommunityManagement!  NEED: MASAS will need to track usage (revenue) andmanage the overall directory!  # of Organization Accounts!  Access Rights for Organization, Organization Hierarchy!  Policy Enforcement!  MASAS OPS team gets OpenAM … in its RAW form…
  38. 38. Open Identity SummitOrganization Management!  Firefighters, Police, EMS/Paramedics!  OpenAM tools for Management?
  39. 39. Open Identity SummitApplicant Processing!  Outside of Open Identity Stack
  40. 40. Open Identity SummitAdmin/Clerk View!  Examines Existing, Approved, and Rejected Applications!  Edits if needed – keeps log of Rejections!  Approval Process – OpenIDM REST – create Org and Org Admin’saccount.
  41. 41. Open Identity SummitParticipant Administrator!  Skin on OpenAM (via REST)!  Custom View for the Organization!  Focuses on their Organization only!  Manages permissions for their members!  Creates/Edits/Deletes Accounts for that Organization
  42. 42. Open Identity SummitUpcoming Decisions!  Granular Permissions/Entitlements!  Groups? XACML? Attributes + Policy…!  OpenIDM vs. OpenAM REST APIs!  Scale!  Issues and Roadblocks!  Federation
  43. 43. Open Identity SummitThanksDarrell O’Donnell, P.Eng.darrell.odonnell@continuumloop.com@darrelloChief Technology OfficerMASAS National Implementation Team(under contract) Centre for SecuritySciencePresident, Principal ConsultantContinuum Loop Inc.Ottawa, Ontario, CANADA
  44. 44. Q & ALogo of PresenterCompany HERE
  45. 45. Notional Market-ecture

×