Subscribe to ODNI news via emailSubscribe via RSStumblr offtwitter off 2Like ODNI on FacebookView ODNI photos on FlickrVisit ODNI’s YouTube Channelscribd off

Organization

IdAM: Full Service Directory

Chief Information Officer

IC CIO Enterprise Integration & Architecture

IdAM: Full Service Directory

Overview

The Data Encoding Specification for the IC Full Service Directory Schema V1.0 codifies the set of Lightweight Directory Access Protocol (LDAP) attributes that IC elements are expected to provide when participating in the Intelligence Community Full Service Directory (IC FSD) architecture. The collection of attributes defined in the specification results in an overarching IC FSD Schema that is suitable for describing IC Entities within the TS/SCI environment. IC Entities may fall into the categories of an “IC Person” or “IC Non-Person Entity”, with the latter being used to define objects such as servers, devices, appliances, applications, and services that exist within the IC enterprise. The IC FSD Schema described in the specification is designed for implementation within LDAPv3-compliant directory servers.

Value Proposition

The Data Encoding Specification for the IC Full Service Directory Schema V1.0 defines detailed specifications for attributes that IC elements are expected to provide to the Intelligence Community Full Service Directory (IC FSD). Its function is to facilitate the availability, accuracy, and standardization of these attributes across the IC TS/SCI enterprise, building a consistent basis for capabilities including directory services, email functions, and attribute-based access control decisions. The specification defines:

  • IC-specific Schema and supporting objectClasses for IC Entities
  • Attributes, both standard and IC-defined, that must be managed by IC Elements
  • Controlled vocabulary for those attributes whose use requires standard values
  • Authentication requirements for the attributes
The primary audience for the specification includes those responsible for implementing and managing the capabilities that create, provide, modify, store, exchange, search, display, or further process IC FSD attributes.


Latest Approved Version

IdAM: Authorization Attribute Set

Chief Information Officer

IC CIO Enterprise Integration & Architecture

IdAM: Authorization Attribute Set

Overview

The IC Enterprise Authorization Attribute Exchange between IC Attribute Services, Authorization Attribute Set v1.0 codifies the minimum set of enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service (UAAS) architecture. It provides a common, consistent way to identify IC enterprise authorization attributes of IC persons produced by, stored within, or shared throughout the IC’s TS/SCI information domain.

The name, definition, cardinality, and controlled vocabulary for each attribute are defined in order to promote interoperability between UAAS-compliant attribute services established by participating IC Agencies. The set of authorization attributes described in the specification is designed for implementation within products and servers that are capable of supporting the Encrypted Mode option of the OASIS SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems, Committee Specification 01.

Value Proposition

IC Enterprise Authorization Attribute Exchange between IC Attribute Services, Authorization Attribute Set v1.0 establishes detailed requirements for enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service federation. Its function is to facilitate the availability, accuracy, and standardization of these attributes across the IC TS/SCI enterprise, building a consistent basis for the exchange of this information between IC Elements.


Defining the mandatory minimum set of IC enterprise authorization attributes and values for sharing through the IC UAAS federation supports consistent and assured information sharing across the enterprise. The IC UAAS supports Attribute-Based Access Control (ABAC) to promote on-demand access to information and other resources by IC users and services, and reduces authorization vulnerabilities by strengthening the access control decision process.


The primary audience for this document is the implementer and/or administrator who must configure an Attribute Service to meet the requirements for participation in the IC UAAS federation. The audience for this document also includes those responsible for implementing and managing the capabilities that create, provide, modify, store, exchange, search, display, or further process IC enterprise authorization attributes.


Latest Approved Version

Previous Version

CDR: Specification Framework

Chief Information Officer

IC CIO Enterprise Integration & Architecture

CDR: Specification Framework

Overview

This Content, Discovery and Retrieval (CDR) Specification Framework document provides guidance for ensuring consistency and interoperability in the development of CDR Service Specifications. Generally, it describes the structure and content for CDR Service Specifications including the description of their key characteristics and a decomposition of key behaviors in the context of various environmental and technical considerations.

This CDR Specification Framework document is intended to provide both CDR Service Specification developers/authors and CDR service developers/implementers guidance for developing and implementing CDR Service Specifications. Specifically, this Specification Framework describes the Interface models and related behavior for each Service Specification and how they should be codified. For CDR Service Specification developers/authors, the framework provides the structure and content guidance for how CDR Service Specifications should be documented. For CDR service developers/implementers, the framework provides the common implementation and behavior guidance that, coupled with a specific CDR Service Specification, enables the realization of a CDR service.

This specification supports Intelligence Community Directive 501 (ICD 501), Discovery, Dissemination or Retrieval of Information within the Intelligence Community, which establishes policies for (1) discovery, and (2) dissemination or retrieval of intelligence and intelligence-related information collected, or analysis produced by the Intelligence Community.

This specification framework is maintained by the IC Chief Information Officer via the Services Coordination Activity (SCA) and Content Discovery and Retrieval Integrated Product Team (CDR IPT).


Interface Encoding Specification Downloads


Latest Approved Version:

Previous Version:

Value Proposition

This CDR Specification Framework describes in greater detail the CDR Components and capabilities presented in the CDR Reference Architecture. It is meant to provide guidance in enough detail to enable interoperability among independent implementations without otherwise constraining the implementation itself. In this vein, this document describes inputs and outputs to each component in the context of the expected behavior that clarifies what is needed as inputs, outputs, and other effects that are expected to be produced. It does not, however, specify the details of the internal implementation processing.

Virtual Coverage

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Virtual Coverage

Overview

This XML Data Encoding Specification for Virtual Coverage (VIRT.XML) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode virtual coverage data. This Data Encoding Specification (DES) defines the XML elements and attributes, associated structures and relationships, mandatory and cardinality requirements, and permissible values for representing VIRT data concepts using XML.

This specification is applicable to the Intelligence Community (IC) and information produced by, stored, or shared within the IC. This DES may have relevance outside the scope of intelligence; however, prior to applying outside of this defined scope, the DES should be closely scrutinized and differences separately documented and assessed for applicability.

This specification applies to the IC, as defined by the National Security Act of 1947, as amended; and such other elements of any other department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence (DNI) and the head of the department or agency concerned, as an element of the IC. Joint and Coalition forces may use this specification but it is not required.

This specification is maintained by the IC Chief Information Officer via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT).



Current Version


Mission Requirements

Information sharing within the national intelligence enterprise will increasingly rely on describing virtual locations in shared intelligence. A structured, verifiable representation of virtual coverage to the intelligence data is required in order for the enterprise to become inherently "smarter" about the information flowing in and around it. Such a representation, when implemented with other data formats, improved user interfaces, and data processing utilities, can provide part of a larger, robust information assurance infrastructure capable of automating some of the management and exchange decisions today being performed by human beings.

The Intelligence Community (IC) has standardized the various classification and control markings established for information sharing within the Information Security Markings (ISM) and Need-To-Know (NTK) XML specifications of the Intelligence Community Enterprise Architecture (ICEA) Data Standards. The Virtual Coverage XML specification combines elements of the ISM and NTK specifications and extends them to virtual coverage needs.

Multi Audience Collections

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Multi Audience Collections

Overview

This IC enterprise data encoding specification defines XML elements and attributes, associated structures and relationships, mandatory and cardinality requirements, permissible values, and constraint rules for packaging specific types of electronic information resources that are tailored for select audiences and grouped together for exchange. Examples of this type of information resource may be something as familiar as a tearlined cable message, each tearline of which is tailored for a specific audience based on classification, or as complex as a packaging together of many customized variants of the same textual product for dissemination on JWICS.

The types of electronic information resources that can be packaged with MAT.XML currently includes: 1) textual information resources conformant with PUBS.XML, and 2) information resource metadata records conformant to IRM.XML. Textual information resources consist primarily of text supplemented by interspersed non-textual information. Examples include assessments, studies, estimates, compilations, reports, and other document-oriented information.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT).


Current Approved Version:
  • Multi Audience Collection (MAC.XML), Version 1 (14 Jan 13)  |  (Light Version)

Mission Requirements


This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 203, 206, 208, and 501, among others. These policies cover topics such as "write for maximum utility", "responsibility to provide", and "information sharing".

 Broad information sharing within the intelligence enterprise can be facilitated by the creation, identification, packaging, and sharing of information resources tailored by the producer to support different audiences (e.g., variants). This tailoring is commonly based on, among other things, characteristics of the information, such as classification or topical interest.

The creation of multiple classification variants (e.g., TOP SECRET, SECRET, and UNCLASSIFIED versions of the same intelligence product) and sharing of those variants across secure network channels allows a producer to communicate more information to intended and unintended consumers across the broader information sharing enterprise in a way that reliably protects classified information and intelligence sources and methods.

The existence of variants today is quite common across the intelligence enterprise. This is a routine practice in cable message traffic in which tearlines, delimited blocks of text, are used to capture each variant which are then separated (often manually) prior to delivery. Producers also routinely create intelligence product variants for their different customers, but these are typically created as different documents which are stored, managed, and delivered separately.

MAT introduces a packaging structure for these separately tagged variants that allows for the efficient exchange, if not also storage, of these related variants in a form that is bound and managed together. Binding the variants together reduces the confusion that exists today when a consumer searches the enterprise and finds multiple versions of the same product and cannot discern the relationship between the products; thereby leading to a possible source of circular intelligence reporting.

Additionally, if one producer packages and shares all of the versions of a product they have created in the form of a MAT on JWICS, then other producers and consumers would not only better appreciate what other variants exist and where they may have been shared, but they would also be able to share appropriate variants with other downstream consumers who are also supporting our intelligence mission.

You are leaving DNI.gov

You have selected to open
http://www.anotherwebsite.com

If you would like to not see this alert again, please click the
"Do not show me this again" check box below