Components of a Trust Framework
Throughout human history, bricks have been the medium of choice to construct lasting structures. From ancient burial sites, to roads, to grain silos, to modern architectural masterpieces, these material units have been placed together to create something that serves a purpose.
Architect Magazine observes, “Early brick units were often composed of clay, or composite mudbricks with straw as a binder, until technological advancements facilitated methods for fired bricks baked in kilns. However, it was the transition from hand-molding to the mechanized mass production of the components during the Industrial Revolution that led to the explosion of brick as a modern building material” (Jackson, 2018).
A parallel may be derived between this long-established medium for building and the current efforts to decompose the existing structures of trust into discreet units (bricks) that are required to share criminal justice information. Just as the mechanized mass production of these units of construction impacted their use and acceptance, the ability to define and electronically share elements of trust will propel justice information sharing.
Currently, Nlets and its membership rely on each participating agency to ensure that their users, requiring access to justice information to perform their duties, are properly authorized. Nlets, its Principal Member Agencies (MA), and the agencies that they connect all rely on one another to enable justice and public safety information sharing. This interdependence and inter-member trust have both been established over the last 50+ years through the development of common standards and a shared governance model.
The standards, protocols, and trust built over the past 50+ years have been established by a common mission and created on a foundation of systems contained within distinct network perimeters connecting one to the other over private networks. Recent technology progression has been marked by dissolving perimeters, increasing the need for standards that will allow stakeholders to properly authorize access to the data resources they own. To provide for efficient operations and minimize risk, MAs must be able to monitor and control access to the data that they have been entrusted to steward. Additionally, MAs must be able to trust in the identity and assertions provided by other trusted MAs for data access.
The need for a means to decompose access requirements and deliver new controls continues to increase as more MAs develop and deploy workloads to government clouds and more officers, agency staff, and contractors connect from non-traditional devices. As MAs move their CJIS systems to new architectures, opportunities to enable greater and more robust information sharing and identity interoperability may be realized. The need for stakeholders to develop new standards to properly authorize access to the data resources within their area of authority is one of the key components to enabling improved information sharing.
The existing common security standards and common communications protocols provide a level of assurance to each MA that the information they expose will be consumed and treated appropriately by other member agencies. These commonalities also serve to enable a MA to query another Nlets connected member’s resources. These common standards and protocols provide each participant with the rules and procedures to be followed by each MA. Each MA acts as a gate keeper, determining what they will expose to other MAs, as well as what external resources they will provide to the users and agencies that the MA represents.
Currently, all inter-member queries and responses leverage a hierarchical mnemonic know as an Originating Agency Identification (ORI) number. ORI’s are used to identify, authenticate, authorize, route, and log access to data within and between member agencies. Over the past decade a significant body of work has been accomplished to enable MAs to explicitly represent what trust elements they require to enable justice information sharing. This body of work may be leveraged by the community to decompose the existing aggregate of trust into its component elements. These elements may be leveraged by data owners as requirements for access.
This blog was authored by Bill Phillips, Nlets' Chief Information Security Officer.
Jackson, M. (2018, March 1). The Building Blocks: A Brief History of Brick. THE JOURNAL OF THE AMERICAN INSTITUTE OF ARCHITECTS. https://www.architectmagazine.com/practice/the-building-blocks-a-brief-history-of-brick_o