Identity, credential, and access management at NASA, from Zachman to attributes

Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI:10.1145/1527017.1527019

Corinne S. Irwin, Dennis C. Taylor

{"title":"Identity, credential, and access management at NASA, from Zachman to attributes","authors":"Corinne S. Irwin, Dennis C. Taylor","doi":"10.1145/1527017.1527019","DOIUrl":null,"url":null,"abstract":"To achieve the ultimate goal of attribute-based access control (ABAC), a robust architecture for Identity, Credential, and Access Management must first be established. The National Aeronautics and Space Administration (NASA) began formal development of its Identity, Credential, and Access Management Architecture using the Zachman Framework for Enterprise Architecture in June 2006. The Architecture provided the necessary structure to meet aggressive deadlines for issuance and use of the PIV smartcard. It also led to the development of NASA's Logical Access Control infrastructure to support not only PIV smartcards, but all authentication credentials in use at NASA.\n Use of the Zachman Framework has transformed the way that NASA looks at Logical Access Control, and has positioned NASA to provide robust attributed-based access control in the future. In this paper, we will discuss the Logical Access Control System (LACS) we are implementing at NASA, changes in the way NASA views Identity Trust and Level of Assurance, technical challenges to implementation, and our future vision for Identity, Credential, and Access Management.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium on Identity and Trust on the Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1527017.1527019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

To achieve the ultimate goal of attribute-based access control (ABAC), a robust architecture for Identity, Credential, and Access Management must first be established. The National Aeronautics and Space Administration (NASA) began formal development of its Identity, Credential, and Access Management Architecture using the Zachman Framework for Enterprise Architecture in June 2006. The Architecture provided the necessary structure to meet aggressive deadlines for issuance and use of the PIV smartcard. It also led to the development of NASA's Logical Access Control infrastructure to support not only PIV smartcards, but all authentication credentials in use at NASA. Use of the Zachman Framework has transformed the way that NASA looks at Logical Access Control, and has positioned NASA to provide robust attributed-based access control in the future. In this paper, we will discuss the Logical Access Control System (LACS) we are implementing at NASA, changes in the way NASA views Identity Trust and Level of Assurance, technical challenges to implementation, and our future vision for Identity, Credential, and Access Management.

查看原文本刊更多论文

NASA的身份、凭证和访问管理，从Zachman到属性

为了实现基于属性的访问控制(ABAC)的最终目标，必须首先建立一个健壮的身份、凭证和访问管理体系结构。2006年6月，美国国家航空航天局(NASA)开始使用Zachman企业架构框架正式开发其身份、凭证和访问管理架构。该体系结构提供了必要的结构，以满足发行和使用PIV智能卡的严格期限。它还导致了NASA逻辑访问控制基础设施的发展，不仅支持PIV智能卡，还支持NASA使用的所有身份验证凭据。Zachman框架的使用改变了NASA看待逻辑访问控制的方式，并使NASA在未来能够提供健壮的基于属性的访问控制。在本文中，我们将讨论我们在NASA实施的逻辑访问控制系统(LACS)， NASA看待身份信任和保证级别的方式的变化，实现的技术挑战，以及我们对身份、凭证和访问管理的未来愿景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Symposium on Identity and Trust on the Internet

自引率

0.00%

发文量