201403xx ief reference architecture (gtf)

Copyright Advanced Systems Management Group Ltd. 1999-2013

INFORMATION EXCHANGE FRAMEWORK (IEF)REFERENCE ARCHITECTURE SPECIFICATION

March 2014Presented by: Mike Abramson

President, Advanced Systems Management Group (ASMG) Ltd.Co-chair OMG C4I Domain Task ForceChair Information Exchange Framework (IEF)


IEF Objectives

Reference Architecture and standards for Policy-Driven Data-Centric information sharing and safeguarding (ISS)solutions that enable:• Responsible Information Sharing• Dynamic Interoperability• Information Quality• Defense in Depth• Policy-Driven Data-Centric Capabilities• Rapid Development and Deployment• Standards Alignment • Support Ecosystem

Partner 1

Partner 2 Partner N


Target Audience

Communities that respond to dynamic changes in their operational environment:• Emergency management;• Public Safety;• Intelligence;• Border Security;• National Security;• Crisis Response; and• Military.

Note: Although the specification of IEF the reference architecture is focused on the named domains, the resulting specification will have the potential to address the concerns of a broader set of communities that need to balance the sharing of sensitive information (private, confidential, classified and legally significant); e.g.: financial services, healthcare, government services and business (e.g., countering industrial espionage).


Improving Information Quality

Deliver quality Information to decision makers:1) Actionable2) Accessible3) Timely4) Current5) Accurate6) Authoritative7) Relevant8) Meaningful9) Complete10) Trusted11) Secure12) Digestible13) Usable14) Concise15) Assured 16) Auditable


Scope of Support Infrastructure & Policy Life-cycle

Systematic strategies, practices, tools that enable:• Translation of Policy Instruments into a

machine enforceable form• Automated MDA transforms• Policy testing, validation and certification• Architecture Integration • Modeling, Simulation and Analytics• Management, Dissemination and

Administration• Governance

– Information Governance– Information Management– Information Assurance– Retention of institutional memory


Architecture and Design Principles

• Policy Driven: Define practices and tools that provide traceability from policy instrument to operation

• Date Centric: Define Services that enforce policy against the specific values of data-elements during operation

• Separation of Concerns: Define practices and tools that Separate the development of Policy from the Services the Enforce them

• Policy Automation: Define services that Automate the enforcement of rules derives from policy instruments

• Service Overlay: Define services the overlay existing infrastructure• Self-protecting: Define services that protect their on sharing and safeguarding • Modular Architecture: Define services that are self-contained, scalable and

reusable;• conform to well defined and open interfaces; provide implementation)

transparency; and conform to open standards.• Platform Independent: Define services the promote multiple solutions,

products and services


Architecture and Design Principles

• Related Standards: Define specifications and standards that reuse existing standards where possible

• Governance and Stewardship: Define Practices, tools and services that produce information required by:– Information Governance– Information Management– Information Assurance


Focus of the IEF RA

• High level Requirements for Policy-driven Data –centric Services

– Identity, Credential and access Management (ICAM)

– Access / Release decision and control Information Packaging and Processing

– Trusted Auditing

• Service Interfaces (as needed)– Information Dissemination Services– Platform/Network Security Services– Platform / Network Services– Communications Auditing Service(s)

IEF RA Scope


Service Overlay

– Decision and Enforcement points for:• File Exchange• Web Services• Instant Messaging• Email• Structured Messaging

– Trusted Logging and Auditing Services– Policy Management Services– Service Administration– Interfaces Specifications to Enabling Services:

• Identity Management• Credential Management• Domain Management• Dissemination Services

The Reference Architecture seeks to identify concepts, practices, elements for Information Sharing and Safeguarding capability that overlays existing information dissemination infrastructure

Overlay that leverages pre-existing information systems and security solutions


Challenge being A

• Content Challenge• Policy Challenge• Governance Challenge

– Practices– Traceability

• Dynamic Real-world Operations\– Addressing changes in

operational Context


Information about informationMissing in many environments

User ApplicationApplication SemanticsApplication Interface Specification

Exchange EnvironmentCommunity Exchange and Service Level AgreementsCommunity Interface SpecificationsCommunity Exchange SemanticsCommunity Messaging ProtocolsCommunity Networking and Community Specifications

Data and Information (Semantic) Patterns • Assembly (Aggregation, Transformation, Tagging and Marking, and

Redaction)– Structure and data Transformations– Data and Information element tagging Tags (Ownership,

Security, Privacy, QoS, …)– Static and Dynamic Filters (Security, Privacy, QoS, …)– Retrieval from User Data Stores

• Processing (Parsing, Validation, Transformation and Marshalling)– Message and Data disassembly– Domain and Semantic Validation– Data and Structure Transformation– Entry into User Data Stores

Storage EnvironmentStorage SemanticStorage Business RulesStore attributes and domainsMeta tags and labelsData and information RelationshipsGUIDs / DB Keys

Community / UserApplications

Community Agreed Exchange Standards

BusinessRules

Derived from and Traceable to Policy


Policy Life-cycle & Rules Traceability

• Implementation agnostic policy and rules vocabularies

• MDA transforms to serial rules – Policy Languages (e.g., XACML, SAML)– ETL Scripts– Middleware Script and Configuration

• Systematic process for translating policy instruments into machine readable and enforceable rules

• Use of modeling and simulation and analytics to test, validate and certify policy transformations

• Architecture data available for:– Modeling and Simulation (M&S)– Governance and oversight (business analytics

and decision support)– Assurance and certification (analytics)– Post missions analysis (M&S, analytics, decision

support)

• Policy Management and Administration– Dissemination to decision and enforcement

points– Central, distributed or Local administration

• Retention of institutional memory


IEF Information Handling (Assembly and Processing)

• Assembly – Aggregating releasable information elements from source data– Transforming Source Data to NIEM Taxonomy– Tagging aggregated Information Elements

• Processing – Parsing, – Validating, – Transforming and – Marshaling Data Elements

• Data-centric Safeguards for data and information elements– Automated tagging within the information Structure – Redaction of data and Information elements, – Encrypting Information Elements – Channel Routing


Incr

easi

ng S

ensi

tivity

Selective Information Sharing

Assembly- Aggregation- Tagging- Filtering/Redaction- Transformation

- Vocabulary- Structure

PartnerInformation

System

Processing- Parsing- Validation- Transformation

- Vocabulary- Structure

- Marshall / Integrate

PartnerInformation

System

Redacted Message

User Information

System

Using Standards Exchange Semantics (e.g., NIEM) and a Adaptive Filtering to Enabling Recipient Selective Sharing of Information

Policy Automation for Semantic Assembly and Adaptive Filtering

Formatted NIEM Message


SA IEPD

Addressing Information Requirements

ObjectItem

Organization

PersonéRole Location

NIEM CORE & Selected Domains

Personnel SA IEPD/XSD

Metadata, Tags& Markings Rules

Information Safeguarding

Rules

OperationalContext

Information Sharing Rules

SA IEPD

System, Network, & ICAM

Not Addressed

ReferenceArchitecture


Information Packaging Service(s)

• Service or set of services that automate information packaging policy developed using the IEPPV– Contract factory (formats and

releases messages)– Information Factory (packages

data)– Interfaces

• Rules Import • Management• Configuration File • Externals Service• Application • Logging• Session(s) to Dissemination

Services– IEF Service & Factory Controller– Policy/Rules Store

• Information Exchange Specification– Information Specification

• SemanticElement• TransactionalElement

– Assembly– Transformation– Redaction/Filtering

• WrapperElement– Distribution Specification


Scope of the IEF

• Specify Policy Vocabularies that enable the translation of policy instruments to machine readable and executable rules

• Specify decision and enforcement points that gate access to or release of information based on active enforcement of security/privacy policy

• Specify supporting services:– Packaging and processing– Policy Management– The logging and auditing – Encryption– Secure Storage of data/information elements (Secure Container) – Secure distribution/dissemination

• Enable information sharing and safeguarding across a wide range of domain specific information domains and user defined policy models

• NEW: RFP for an IEF ReferenceArchitecture (IEF RA)


IEF Reference Architecture

The Submissions shall include:• Reference Architecture: defining the abstract architectural elements comprising the a

Policy Driven Data-Centric information sharing and safeguarding solution • Reference Model [PIM]: illustrating an abstract framework for understanding

significant relationships among the entities comprising IEF solutions. • Platform Specific Model(s): Providing one or more platform specific models, aligning

the reference architecture elements to specific standards, protocols, tools and technologies.

• Operating Concept: Describing the operating characteristics for the IEF: – Statement of the goals and objectives;– Operational conditions/contexts affecting the system;– Organizations, activities, processes and interactions among participants using the system;– Specific operational concept and processes for fielding the system; and– Processes for initiating, developing, maintaining and adapting the system.

• Use cases: Providing guidance reference architecture elements are used to share and safeguard information using file sharing, text/instant messaging, Web Service and structure messaging (e.g., NIEM).


SummaryPolicy-Driven Data-Centric ISS Services

Source RequirementLegislation/International AgreementGovernment PolicyRegulationAgency PolicyOperating ProceduresService Level Agreements

Ch

an

ge

Re

co

mm

en

da

tio

ns

1

1

2

2

ExecutablePolicy

AccessControl

Data & InformationPackaging

PolicyLife-Cycle

Platform, Dissemination, Network &

Communications

(out of scope)


IEF Reference Architecture RFP

• Submitted to MARS PTF for first review December 2013

• Comments Integrated and resubmitted February 24th 2014 for Architecture Review and Issuance (March 2014 TC meeting)

27


Questions and Answers

Mike Abramson, President Advanced Systems Management Group (ASMG) Ltd.

Co-Chair C4I DTFChair IEF WG

265 Carling Ave, Suite 630, Ottawa, Ontario, K1S2E1Fax: 613-231-2556

Phone: 613-567-7097 x222Email: [email protected]

Information Exchange FrameworkSeptember 2013

201403xx ief reference architecture (gtf)

Data & Analytics

information sharing

responsible information

analytics management

financial services

government services

development of policy

control information

policy automation