Federated multi-agency credentialing

摘要

This paper describes various approaches to secure interagency information sharing. The common objective of these approaches is to use federated credentialing as the basis for controlled access to federated, multi-agency information. The exemplary scenario for federated information sharing consists of FAA flight information being shared with authorized persons or organizations within a partner agency, such as the Department of Defense (DoD) and the converse. Approaches we explored involve an identity provider (IdP) entity that authenticates a user/client and provides a security token for consumption by a service provider (SP) entity accessed by the client. Since the emulated agencies maintain distinct security domains, secure information-sharing approaches involve varying combinations of IdP and SP entities spanning the emulated interagency boundary.