This document discusses implementations of global standards for information sharing using open source technologies. It describes projects in Maine, Hawaii, and Vermont that have adopted the Global Reference Architecture (GRA) and Global Federated Identity and Privilege Management (GFIPM) standards to build systems for notification services, incident reporting, and federated queries across agencies. These projects use open source technologies like Apache ServiceMix and Camel to build interoperable systems in a cost-effective and standards-compliant way. The document also introduces the Open Justice Brokerage Consortium (OJBC), a non-profit collaboration between states to support shared development and operations of these open systems.
At the IEEE International Conference on Omni-layer Intelligent Systems (COINS), DEMETER researchers at Tecnalia presented "A practical approach to cross-agri-domain interoperability and integration”. In the paper and presentation, we describe the process for making sensors and IoT devices interoperable with existing agri-solutions, and to federate data and services between two agricultural smart platforms, more precisely the AFarCloud and DEMETER solutions. This approach is in line with EU data-driven strategy and GAIA-X’s federation strategy. Finally, we present the use case where this process has been tested and validated, i.e. Kotipelto farm, a dairy farm located in Ylivieska (Finland).
Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...gogo6
gogo6 IPv6 Video Series. Event, presentation and speaker details below:
EVENT
gogoNET LIVE! 3: Enterprise wide Migration. http://gogonetlive.com
November 12 – 14, 2012 at San Jose State University, California
Agenda: http://gogonetlive.com/4105/gogonetlive3-agenda.asp
PRESENTATION
Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind?
Abstract: http://www.gogo6.com/profiles/blogs/the-largest-transition-to-v6-ever-small-steps-for-usgv6-a-giant
Presentation video: http://www.gogo6.com/video/panel-discussion-small-steps-for-usgv6-giant-leap-for-internet-at
Interview video: http://www.gogo6.com/video/interview-with-john-leland-lee-at-gogonet-live-3-ipv6-conference
SPEAKER
John Leland Lee - CTO, Internet Associates - Moderator
Bio/Profile: http://www.gogo6.com/profile/JohnLelandLee
MORE
Learn more about IPv6 on the gogoNET social network
http://www.gogo6.com
Get free IPv6 connectivity with Freenet6
http://www.gogo6.com/Freenet6
Subscribe to the gogo6 IPv6 Channel on YouTube
http://www.youtube.com/subscription_center?add_user=gogo6videos
Follow gogo6 on Twitter
http://twitter.com/gogo6inc
Like gogo6 on Facebook
http://www.facebook.com/pages/IPv6-products-community-and-services-gogo6/161626696777
15 slide presentation displaying the use cases, features and benefits of the 4th generation Kingland Platform. The platform delivers enterprise data management solutions for some of the world's largest organizations. Powered by an artificial intelligence suite, the platform helps organizations avoid costs, accelerate projects, and improve how you use data to make business decisions.
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Radisys Corporation
ETSI Workshop – RCS VoLTE and Beyond
Kranj, Slovenia
October 11, 2012
Adnan Saleem discusses the advantages of moving to VoLTE/RCS for mixed mobile operators – and addresses the key challenges along the way.
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
Watch the replay: http://cs.co/9007Dbh39
In this deep dive you’ll learn how this comprehensive solution provides actionable intelligence to help you get to the right IT decision faster. And speed you on your way to an intent-based network. Learn how to gain end-to-end network visibility in one easy-to-use dashboard, make more sense out of data by eliminating noise and false positives, reduce downtime and troubleshooting time with rapid root-cause analysis and actionable insights and move beyond reactive monitoring with proactive and predictive analytics.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9008DXCQi
TechWiseTV: http://cs.co/9009DzrjN
Knowing where the safe zone is ovum october 22 2013 Mark Skilton
2nd Annual Identity and Access Management Conference - Ovum Forum 22 October 2013 , London. Dissuccing concepts and examples of Identity management perimeterization.
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Cisco Canada
Digital transformation is the key buzz word today. But how do you get there? How do you plan now for the future? Cisco delivers the most complete SDN solutions to meet your data center needs - from programmable networks to programmable fabrics to a fully integrated solution with Application Centric Infrastructure (ACI). Here about our latest innovations for all areas, from Applications to ASICs, that bring unique capabilities and value to the industry. Hear your peers share their SDN journeys and how Cisco's open choice solutions have helped them improve agility and attain astounding results for their business. And learn how to lay the foundation now for your digital transformation in the decade ahead. Get ready!
Internet of Everything: The CIO's Point of ViewCisco Canada
Rebecca Jacoby, SVP and CIO Cisco, as she takes you on a journey through the possibilities of the Internet of Everything. Rebecca will share a CIO's perspective of the technology transformations enabling this new era. She will offer insights into the critical elements needed to effectively build a foundation to meet today's IT imperative: Unlock the business value available through the intelligent connections among people, process, data and things.
At the IEEE International Conference on Omni-layer Intelligent Systems (COINS), DEMETER researchers at Tecnalia presented "A practical approach to cross-agri-domain interoperability and integration”. In the paper and presentation, we describe the process for making sensors and IoT devices interoperable with existing agri-solutions, and to federate data and services between two agricultural smart platforms, more precisely the AFarCloud and DEMETER solutions. This approach is in line with EU data-driven strategy and GAIA-X’s federation strategy. Finally, we present the use case where this process has been tested and validated, i.e. Kotipelto farm, a dairy farm located in Ylivieska (Finland).
Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...gogo6
gogo6 IPv6 Video Series. Event, presentation and speaker details below:
EVENT
gogoNET LIVE! 3: Enterprise wide Migration. http://gogonetlive.com
November 12 – 14, 2012 at San Jose State University, California
Agenda: http://gogonetlive.com/4105/gogonetlive3-agenda.asp
PRESENTATION
Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind?
Abstract: http://www.gogo6.com/profiles/blogs/the-largest-transition-to-v6-ever-small-steps-for-usgv6-a-giant
Presentation video: http://www.gogo6.com/video/panel-discussion-small-steps-for-usgv6-giant-leap-for-internet-at
Interview video: http://www.gogo6.com/video/interview-with-john-leland-lee-at-gogonet-live-3-ipv6-conference
SPEAKER
John Leland Lee - CTO, Internet Associates - Moderator
Bio/Profile: http://www.gogo6.com/profile/JohnLelandLee
MORE
Learn more about IPv6 on the gogoNET social network
http://www.gogo6.com
Get free IPv6 connectivity with Freenet6
http://www.gogo6.com/Freenet6
Subscribe to the gogo6 IPv6 Channel on YouTube
http://www.youtube.com/subscription_center?add_user=gogo6videos
Follow gogo6 on Twitter
http://twitter.com/gogo6inc
Like gogo6 on Facebook
http://www.facebook.com/pages/IPv6-products-community-and-services-gogo6/161626696777
15 slide presentation displaying the use cases, features and benefits of the 4th generation Kingland Platform. The platform delivers enterprise data management solutions for some of the world's largest organizations. Powered by an artificial intelligence suite, the platform helps organizations avoid costs, accelerate projects, and improve how you use data to make business decisions.
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Radisys Corporation
ETSI Workshop – RCS VoLTE and Beyond
Kranj, Slovenia
October 11, 2012
Adnan Saleem discusses the advantages of moving to VoLTE/RCS for mixed mobile operators – and addresses the key challenges along the way.
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
Watch the replay: http://cs.co/9007Dbh39
In this deep dive you’ll learn how this comprehensive solution provides actionable intelligence to help you get to the right IT decision faster. And speed you on your way to an intent-based network. Learn how to gain end-to-end network visibility in one easy-to-use dashboard, make more sense out of data by eliminating noise and false positives, reduce downtime and troubleshooting time with rapid root-cause analysis and actionable insights and move beyond reactive monitoring with proactive and predictive analytics.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9008DXCQi
TechWiseTV: http://cs.co/9009DzrjN
Knowing where the safe zone is ovum october 22 2013 Mark Skilton
2nd Annual Identity and Access Management Conference - Ovum Forum 22 October 2013 , London. Dissuccing concepts and examples of Identity management perimeterization.
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Cisco Canada
Digital transformation is the key buzz word today. But how do you get there? How do you plan now for the future? Cisco delivers the most complete SDN solutions to meet your data center needs - from programmable networks to programmable fabrics to a fully integrated solution with Application Centric Infrastructure (ACI). Here about our latest innovations for all areas, from Applications to ASICs, that bring unique capabilities and value to the industry. Hear your peers share their SDN journeys and how Cisco's open choice solutions have helped them improve agility and attain astounding results for their business. And learn how to lay the foundation now for your digital transformation in the decade ahead. Get ready!
Internet of Everything: The CIO's Point of ViewCisco Canada
Rebecca Jacoby, SVP and CIO Cisco, as she takes you on a journey through the possibilities of the Internet of Everything. Rebecca will share a CIO's perspective of the technology transformations enabling this new era. She will offer insights into the critical elements needed to effectively build a foundation to meet today's IT imperative: Unlock the business value available through the intelligent connections among people, process, data and things.
2. Goals
Quick review of Global Standards and
Initiatives
Describe projects that have adopted and
successfully implemented various Global
Standards
Discuss advantages of using Open
Source software
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 2
3. Global Standards and Initiatives
Global Reference Architecture (GRA)
Global Federated Identity and Privilege
Management (GFIPM)
Global Technical Privacy Framework
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 3
4. Global Standards and Initiatives
Global Reference Architecture (GRA)
National Information Exchange Model (NIEM)
Governance – Policy and Technical Standards
Global Federated Identity and Privilege
Management (GFIPM)
Single Sign On
Access Control
Global Technical Privacy Framework
Privacy Policy Rules Enforcement
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 4
5. Focus
Global Reference Architecture (GRA)
National Information Exchange Model (NIEM)
Governance – Policy and Technical Standards
Global Federated Identity and Privilege
Management (GFIPM)
Single Sign On
Access Control
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 5
6. GIST - Where does it all fit in?
Data Messaging Architecture Access Control Authentication Federation
< Data > Data Structural Design
Data Disclosure User Identification Security
Payload Transport & IS Enablement
& Auditing & Credentialing Management
Underlying WS* AD & LDAP
BPEL/XSLT
Technology XML TCIP/IP XACML/SAML Crypto Trust Federation
ebXML
Standard HTTP & HTTP/S Trust Model
GRA GFIPM
Global Adaptation of
NIEM
Standard
Global Technical Privacy Framework
GFIPM Metadata GFIPM Trust Model
Enablement of Federation & FMO
IEPDs SSPs SIPs
Interoperability Definition
Communication Profiles
Services
Manifestation in
Participation in
Your IEPs SP Services IdP Services
Adapters & Intermediary & Federation
Implementation
Connectors Service Registry
6
7. GRA - Technical Components
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 7
8. GRA Implementation Projects
Notification Service
Interstate Compact for Adult Offender
Supervision (ICAOS)
Maine State Police Incident Reporting
Subscription Notification
Hawaii Integrated Justice Information System
(HIJIS)
Federated Query/Response with GFIPM
Vermont Integrated Justice Information
System Portal
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 8
9. ICAOS
Business Requirements
Notify fusion centers (and potentially other
law enforcement agencies) when a probation
or parole offender relocates to another state.
Outcome
Send notification through existing fusion
center network infrastructure
Notifications sent from outside the fusion
center environment meeting security
requirements
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 9
12. Maine State Police Incident
Reporting
Business Requirements
Incident Reports sent to N-DEx
Case Referrals sent to Prosecutor
Outcomes
Single Incident Record sent by police
agencies to FBI and/or Prosecutor
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 12
14. HIJIS Notification of Re-arrest
Business Requirement
Notify probation and parole officers when
an offender is arrested for a new offense
Outcome
Monitor statewide booking process and send
a notification to parole and probation
officers
Subscriptions are automatically loaded from
Parole and Probations systems
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 14
16. Vermont Federated Query
Business Requirement
Provide access to incident records from all
law enforcement agencies
Support Single Sign-On access
Outcomes
Enable users to access records in other
agency RMSs using native credentials
Implement Entity Resolution capabilities to
merge persons or vehicles that do not have
unique identifiers
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 16
20. Open Source Technology Option
Apache Foundation
ServiceMix
Camel
CXF
Advantages
Compliance with Standards
No upfront licensing
Broad community of support
No vendor “lock-in”
Maintainability
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 20
21. Sustainability Options
Develop internal expertise
Rely on outside resources
Why?
Many options
Shared support - cooperative
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 21
22. What is the OJBC?
Non-profit consortium of state and
local jurisdictions to support reuse
and sharing of technology
States of Hawaii, Vermont and
Maine are the initial members
Goals of the consortium:
Integrate contributions from member states
into a single, reusable platform
Provide shared expert staff resources
Enable use of low-cost, open source
technology
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
23. Benefits of the OJBC
Commonality across states creates
significant opportunity for reuse
Don’t reinvent the wheel
Learn from one another
Save time and money
National standards create the basis
for a common technology platform
Technology is powerful, but
complex and costly to own and
operate in isolation
Continues a long tradition of
collaboration among jurisdictions
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
24. Questions?
“The only one thing you can always count
on is that everything will always change”
- Unknown
Contact Information
Mark Perbix
Director, Information Sharing Programs
mark.perbix@search.org
916-712-5918
Yogesh Chawla
Information Sharing Architecture Specialist
Yogesh.chawla@search.org
608-438-5965
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 24
Editor's Notes
We all understand why we need to share, but what is the best way to approach it? Flexible/strong/agile vs brittle/weak/clumsy, which to choose?
The Global Reference Architecture (GRA) identifies a small but significant set of infrastructure components that are core to any GRA implementation. These components include: Adapters: Components that implement the “provider” side of a service interaction, typically by receiving messages and interacting with a service provider agency’s internal systems or business processes. Connectors: Components that implement the “consumer” side of a service interaction, typically by observing data changes or “triggers” in a consumer agency’s internal systems or business processes, and initiating a message transmission to a service provider. Intermediaries: Special adapters that “mediate” information exchanges between participating organizations, performing such operations as transformations, routing, validation, and message aggregation; intermediaries reside on a broker, which exists in a “common space” between the partner organizations. The communication between these components must adhere to the GRA Service Interaction Profiles (SIPs), which in practice means that interactions must be via standards-conformant Web Services protocols.
1. User requests access to web application, hosted on the “Web Portal Server”, via a web browser. 2. Web browser redirects the user’s HTTP request to the Service Provider for the Web Portal Server. 3. If the Service Provider does not have a session for the user, it redirects the user’s web browser to the user’s Identity Provider, which prompts the user to authenticate. Note that the Identity Provider is the sole place in the HIJIS environment where the user’s credentials are maintained; this will generally be at the user’s home agency. 4. Following authentication, the Identity Provider forms an assertion for the user and redirects the user’s web browser back to the Service Provider. The redirected HTTP request contains the assertion in an HTTP header. The Service Provider forms a session for the user, and redirects the user’s web browser back to the originally requested web application page. 5. The web application, which contains a Connector, forms a WS-Trust Request Security Token Request (RSTR) and sends the request to a GFIPM Assertion Delegate Service (ADS). An ADS is a special-purpose WS-Trust Security Token Service (STS), defined by GFIPM. The RSTR contains the original assertion obtained at the IdP in step 3. 6. The ADS forms a new SAML assertion and sends it back to the Connector. 7. The Connector includes the new SAML assertion in its web service message to the Intermediary. 8. The intermediary services the web service request and returns a response. 9. The web application returns the web page to the user’s web browser 10. The user’s web browser displays the web page to the user
Why? Limited amount of work needed to support GRA components Many options – open source software is supported by many vendors and service providers – avoids vendor lock-in.