XML Community of Practice
Meeting Notes
February 16, 2005
The theme of this meeting was interoperable trust networks, with presentations from experts representing the health care, environmental, justice, and home land security communities. The Department of Justice (DOJ) hosted the meeting and Pat McCreary of the Office of Justice Programs (OJP) welcomed the group. Attendees introduced themselves and Owen Ambur made the following announcements:
● Comments are due by February 18 in response to the request for information (RFI) issued by the Core Data Types Focus Group (CDT-FG) concerning data harmonization and visualization tools.
● The Data Reference Model (DRM) Work Group has put up a Wiki and is encouraging public participation, at http://colab.cim3.net/cgi-bin/wiki.pl?DataReferenceModel
● Development work on the ET.gov site has begun. The CIO Council’s Architecture and Infrastructure Committee (AIC) will be briefed on February 17, and the site will be unveiled at the GovCon05 conference on March 30.
John Weiland of the Naval Medical Information Management Center (NMIMC) briefed the group regarding the Navy Online Medical Readiness system. It uses Web Services with PKI in the transport layer, and they are looking to use SAML in the future. They also want to leverage RDF and OWL for discovery. Registry services are needed but they are not pleased with the DoD Registry. Owen noted that the DoD registry leaves a lot to be desired with respect to discovery and that the March 16 meeting of the xmlCoP will focus once again on registry services.
John’s presentation is available at http://xml.gov/presentations/nmimc/navymed.htm
Molly O’Neill briefed the group on the Environmental Exchange Network. In addition to the States, they are trying to engage tribal governments. So many partners have been joining in the network that it is challenging to engage all of them. Robust registry services are needed. Molly’s presentation is available at http://xml.gov/presentations/epa4/environet.htm
Christina Rogers of the California Department of Justice addressed the topic of interoperable trust networks from the perspective of the law enforcement community. She noted the need to be able to establish instant virtual intranets. In order to overcome the lack of interoperability among systems in which substantial investments have already been made, the Global Security Architecture Committee (GSAC) is working to define of a set of jointly agreed-upon and standards-based security mechanisms, communications protocols, and message formats.
Christina’s presentation is available at http://xml.gov/presentations/epa4/environet.htm
George March of the Regional Information Sharing System (RISS) briefed the group on the Trusted Credentials Project, the purpose of which is to permit users with credentials from trusted partners to access resources available via RISSNET without using the user authentication credential (V-ONE SmartPass) currently required. Various credentials will be accommodated. More than 30 communities are involved in public safety and need to communicate efficiently and effectively. The objective of the project include:
● Identify industry-leading technologies for user authentication and access control
● Develop, test, and demonstrate methods to recognize and accept credentials in addition to those currently used on RISSNET
● Provide expanded information sharing and collaboration while allowing all partners to keep
their current infrastructure investments intact
Project components include: LDAP, XML/SAML, enterprise portal elements, PK certificates, secureID tokens, and SSL VPNs. The pillars of trust are agency vetting and the credential itself. Owen suggested the vetting process and the credentials that are generated from it will only be as good as the records that document them.
George’s presentation is available at http://xml.gov/presentations/riss/trustcredentials.htm
Introducing Martin Smith of the Department of Homeland Security (DHS), Owen noted that Martin was his co-founder of the xmlCoP. Martin was the one who prompted Owen to approach the CIO Council to alert them to the potential application of XML by government agencies.
Martin briefed the group on the Terrorism Information Sharing Environment and its prospective use of SAML and XACML. He noted the operative word is “environment” rather than “network” because the requirement is not defined by a physical network but, rather, by flexible access control. Access control needs to move beyond role-based (RBAC) to attribute (ABAC) and eventually to policy-based access control (PBAC). Parodoxically, he observed that more control means more sharing of data. Moreover, he noted that policy-based access control can be implemented gradually. Digital rights management technologies can provide superior access control and automated processes can provide full audit capabilities. Extensible Access-Control Markup Language (XACML) supports greatly increased complexity for access-control decision-making, including the application of business rules and not just user roles. XACML provides a method for basing an authorization decision on the attributes of the subject and the resource.
Martin’s presentation is available at http://xml.gov/presentations/dhs/infosharing.htm
During the question-and-answer session, led by Ken Gill, there was strong consensus on the need to focus on the concept of an information sharing environment, rather than merely a network. Mary McCaffrey suggested that a white paper be drafted outlining the requirements for establishing such an environment.
The next meeting of the xmlCoP is scheduled for March 16, will be hosted by the Department of Commerce, and focus on XML registry services. http://xml.gov/agenda/20050316.htm.
Among those in physical attendance were:
Owen Ambur, Co-Chair
Mark Baker, Justsystem
Tim Bornholtz, Education
Joe Chiusano, Booz Allen
Patrick Dawson, Reactivity
Azad Faruque, Department of State
Simon Frechette, NIST
Ken Gill, DOJ
Robert Greeves, DOJ
Richard Glassco, Mitretek Systems
Steve Hamby, Software AG
Shigeki Hagiwara, Justsystem
Amin Hassam, i411
Michael Isman, Booz Allen
George March, RISS OIT
Patrick McCreary, DOJ
Tchad Moore, FSG
Roy Morgan, NIST
Frank Napoli, LMI
KC Morris, NIST
Judith Newton, Ashton Computing
Quyen Nguyen, NARA
Molly O’Neill, ECOS
Christina Rogers, California Department of Justice
Sol Safran, IRS
Brian Roosevelt, Reactivity
Allyson Ugarte, XBRL Spain
David Webber, DFAS, XML Global
John Weiland, Navy
Paul Wormeli, IJIS Institute
Those who identified themselves as participating via teleconference were:
Rex Brooks, Starbourne Communications
Grit Denker, SRI
Marc LeMaitre, XDI.org
Mary McCaffrey, EPA
Please convey any additions or corrections to Owen_Ambur@ios.doi.gov