Warren Suss | A sharing solution in plain sight
Commentary: Federated identity management holds the key to gathering and integrating data across multiple layers of government
- By Warren Suss
- Jul 30, 2008
Some of the government's biggest information security challenges continue to revolve around how best to share data between multiple departments, services, subagencies, bureaus and programs. And that does not include sharing information with state, local and tribal governments, corporations, schools, coalition partners, and first responders.
Federal IT managers are continually looking for better strategies for gathering and integrating data from these different layers of government so that they can provide communities of interest, ad-hoc working groups, and key executives with controlled access to interagency information.
One solution hiding in plain sight is federated identity management (FIM). FIM is a set of standards, systems and best practices that enable Web applications from different organizations to share authentication information securely across their IT domains.
FIM has received a lot of attention as an identity tool for single sign-on. However, it has other, more significant capabilities and advantages that can help address federal information sharing challenges.
For instance, FIM can:Keep data management decentralized.
It provides a framework that will allow data management responsibilities to remain at decentralized levels of government, where they belong. Each governmental entity has unique legal and regulatory responsibilities associated with gathering, protecting, analyzing and reporting on their own specialized datasets. Its data management processes and procedures represent some of our government's most valuable intellectual property, which should be protected as fiercely as corporate America protects its intellectual property. Control data-sharing risks.
FIM places data access policy decisions in the hands of those who, by law, are responsible for managing the risks associated with data sharing. Yes, IT is all about getting the right information in the hands of the right people. But there are at least two factors to consider when deciding what you mean by 'right': (1) Who benefits from seeing the information? (2) Who has the right to see the information? Federated information management allows the solution developer to focus on getting the end-user information requirements right, while those who are responsible for information privacy and security decide about information access rights, privileges, and restrictions. Structure data sharing negotiations.
Agencies must solve discrepencies between the need to know and the right to see. There's no getting around the potential for conflict here, but FIM can provide a useful framework to structure this negotiation. One of the most important aspects of federation is the divisions of data policy responsibilities between different levels of government. Each data provider can set the policies to determine which user attributes and credentials trigger access to each data element. The federation process gives each party some leverage. Limit data element access.
Federation protects agencies from sharing too much information. There's no need to open unrestricted access to all elements in an agency's database(s). Each party to the federation process has control over which data elements to share.
And federation saves time and money.
We're starting to see some early results. The Defense Information Services Agency is incorporating FIM to control access by organizations throughout the Defense Department to DISA's Network- Centric Enterprise Services program. At the state level, federation is being used to locate patient records in hospitals, public health departments and other health care facilities in Northern Minnesota.
But real-world implementations are still few and far between.
To some degree, the IT community may have pigeonholed this technology as a single sign-on tool. This is unfortunate, because FIM can provide powerful, efficient solutions to some of the government's most important challenges.Warren Suss is president of Suss Consulting. Eric Dean (firstname.lastname@example.org) contributed to this article.
Warren Suss is president of Suss Consulting, a federal IT consulting firm headquartered in Jenkintown, Pa.