Subscribe to ODNI news via emailSubscribe via RSStumblr offtwitter off 2Like ODNI on FacebookView ODNI photos on FlickrVisit ODNI’s YouTube Channelscribd off

Organization

Web Service Security High Level Guidance

Wednesday, March 04, 2015

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Web Services Security

Overview

The High Level Guidance for Web Services Security (WSS-HLG) provides guidance to solutions architects and developers on how to consistently approach circumstances for which security solutions are required. This document focuses on security fundamentals essential to designing and building secure solutions that involve web services focusing on approaches for access control, use of assertions, security markings, confidentiality, integrity, and non-repudiation. The WSS-HLG provides solution approaches at a high level, intended to provide an understanding of information security fundamentals essential to such solutions, for the purpose of building both secure and interoperable approaches that are consistent across the IC.

The High Level Guidance for Web Services Security (WSS-HLG) provides important guidance for building and integrating with web services solutions in an interoperable, secure, and consistent manner. As there is a great number of standards, technical mechanisms, and capabilities that can be used for building web services security solutions, it is important that solutions architects understand the tradeoffs, risks, and benefits of approaches. It is critical, from a security and interoperability perspective, that security mechanisms are applied in a consistent manner, and this document provides needed guidance in the areas of access control, assertion passing, security markings, confidentiality, integrity, and non-repudiation.

The intended audience of this information guidance document is project managers, software architects, network architects, and developers who develop and integrate with web services. This document provides guidance in areas that will be important in satisfying security requirements and information security goals in a secure and interoperable manner.


Latest Approved Version

Web Service Security High Level Guidance V1 (WSS-HLGV1) 10-April-13


Pre-publication Review

Friday, April 18, 2014

Chief Information Officer

Pre-publication Review

The purpose of pre-publication review is to prevent unauthorized disclosure of information and ensure the mission of the ODNI and the foreign relations and security of the United States are not adversely affected by public disclosure.

All information meant to be made available in a public forum must be submitted for review prior to release.

The obligation applies to current and former ODNI staff, including cadre, detailees, and contractors, who have access to classified information. There are two categories of material that must be reviewed:

Non-Official: Anything published or presented in your personal capacity. Examples include resumes, books, op-eds, personal blogs

Official: Anything created as part of your official duties on behalf of the ODNI. Examples include speeches, newsletters, official web pages, outreach documents, brochures.

The Pre-Pub Team coordinates with other IC agencies, as appropriate, and provides a single consolidated response to the requester.

The Review Process

1. Create material using:

    • UNCLASSIFIED sources only
    • No anonymous sources
    • Source citations within the document (not a list at the end)


2. For official publication or presentation, ensure your management chain has concurred, and any internal component review process for substance has been completed.

3. Submit your request via email for Pre-Pub Review (you will receive an automatic reply confirming your request). When doing so be sure to:

    • Include any previous review approvals you have received for your submission (i.e., from ODNI Pre-Pub or other Agency Pre-Pub group)
    • Provide all sourcing for cited materials that are not easily accessible via the Internet (failure to include all source material may delay your request)

4. Protect the publication from release until the ODNI Pre-Pub Team completes its review.  In other words, do not send to editors or academics for peer reviews until the review is complete.

5. Upon approval from ODNI Pre-Pub, you are cleared to publish or present.



Pre-Pub Documents


Contact Information

This email address is being protected from spambots. You need JavaScript enabled to view it.

Atom Data Encoding Specification for Content Discovery and Retrieval Result Sets (DOD)

Tuesday, December 17, 2013

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Atom Data Encoding Specification for Content Discovery and Retrieval Result Sets (DOD)

Overview

The Content Discovery & Retrieval (CDR) framework enables the use of results sets in service responses. As various service specifications leverage the Atom 1.0 feed syndications format, guidelines must be created to ensure consistent usage across CDR Search REST and SOAP specifications. In addition to the general guidelines for the use of Atom as described at http://www.atomenabled.org and in Atom 1.0 specification itself, this document extends the base specification to support information requirements in the CDR Search component. The guidance provided in this document focuses largely on the use of Atom 1.0 feed syndication format itself and the general format of commonly used extensions.

This specification supports Intelligence Community Directive 501(ICD 501), Discovery, Dissemination or Retrieval of Information within the Intelligence Community, which establishes policies for (1) discovery, and (2) dissemination or retrieval of intelligence and intelligence-related information collected, or analysis produced by the Intelligence Community.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package. This specification is maintained by the IC Chief Information Officer via the Services Coordination Activity (SCA) and Content Discovery and Retrieval Integrated Product Team (CDR IPT).

Encoding Specification Downloads

Latest Approved Versions:

Value Proposition

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community and Department of Defense Enterprise(IC/DoD). Features of this specification are to:

  • To provide guidance on leveraging Atom 1.0 as a result set for both the CDR REST and SOAP Search specifications
  • Support the implementation of both the IC/DoD Content Discovery & Retrieval SOAP [CDR-SS] and REST [CDR-RS] Interface Specifications for CDR Search.

Access Rights and Handling

Tuesday, April 23, 2013

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Access Rights and Handling

Overview

This XML Data Encoding Specification for Access Rights and Handling (ARH.XML) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode ARH data.

Information sharing within the national intelligence enterprise will increasingly rely on information assurance metadata (including enterprise data headers) to allow interagency access control, automated exchanges, and appropriate protection of shared intelligence. A structured, verifiable representation of security metadata bound to the intelligence data is required in order for the enterprise to become inherently "smarter" about the information flowing in and around it. Such a representation, when implemented with other data formats, improved user interfaces, and data processing utilities, can provide part of a larger, robust information assurance infrastructure capable of automating some of the management and exchange decisions today being performed by human beings.

 
The Intelligence Community (IC) has standardized the various classification and control markings established for information sharing within the Information Security Markings (ISM) and Need-To-Know (NTK) XML specifications of the Intelligence Community Enterprise Architecture (ICEA) Data Standards. The IC Access Requirements and Handling XML specification combines elements of the ISM and NTK specifications and extends them to access rights management and handling needs.

Current Version



Previous Version



IC-Enterprise Data Header

Tuesday, April 23, 2013

Chief Information Officer

IC CIO Enterprise Integration & Architecture

IC-Enterprise Data Header

Overview

This XML Data Encoding Specification for Enterprise Data Header (EDH.XML) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode EDH data.
 

Information sharing within the national intelligence enterprise will increasingly rely on information assurance metadata (including enterprise data headers) to allow interagency access control, automated exchanges, and appropriate protection of shared intelligence. A structured, verifiable representation of security metadata bound to the intelligence data is required in order for the enterprise to become inherently "smarter" about the information flowing in and around it. Such a representation, when implemented with other data formats, improved user interfaces, and data processing utilities, can provide part of a larger, robust information assurance infrastructure capable of automating some of the management and exchange decisions today being performed by human beings.


The Intelligence Community (IC) has standardized the various classification and control markings established for information sharing within the Information Security Markings (ISM), Need-To-Know (NTK), and Access Rights and Handling (ARH) XML specifications of the Intelligence Community Enterprise Architecture (ICEA) Data Standards. The IC Enterprise Data Header XML specification further expands on this body of work, adapting and extending it as necessary to meet mission-unique needs. By specifying a data object's header information required for exchange on the IC Enterprise, EDH ensures a secure method of information sharing and discovery, supporting use cases such as the IC Cloud.

Current Version


Previous Version



You are leaving DNI.gov

You have selected to open
http://www.anotherwebsite.com

If you would like to not see this alert again, please click the
"Do not show me this again" check box below