Information Exchange Framework Reference Architecture

Transcription

1 Date: November 2014 Information Exchange Framework Reference Architecture Initial Submission OMG Document Number: MARS/ Standard document URL: Normative Machine Consumable File(s): TBD This OMG document replaces the submission document (mars/ , Alpha). It is an OMG Adopted Beta specification and is currently in the finalization phase. Comments on the content of this document are welcome, and should be directed to by June 20, You may view the pending issues for this specification from the OMG revision issues web page The FTF Recommendation and Report for this specification will be published on September 26, If you are reading this after that date, please download the available specification from the OMG Specifications Catalog.

2 Copyright , Advanced Systems Management (ASMG) Group Ltd. Copyright , Thematix Partners LLC Copyright , Object Management Group, Inc. USE OF SPECIFICATION - TERMS, CONDITIONS & NOTICES The material in this document details an Object Management Group specification in accordance with the terms, conditions and notices set forth below. This document does not represent a commitment to implement any portion of this specification in any company's products. The information contained in this document is subject to change without notice. LICENSES The companies listed above have granted to the Object Management Group, Inc. (OMG) a nonexclusive, royaltyfree, paid up, worldwide license to copy and distribute this document and to modify this document and distribute copies of the modified version. Each of the copyright holders listed above has agreed that no person shall be deemed to have infringed the copyright in the included material of any such copyright holder by reason of having used the specification set forth herein or having conformed any computer software to the specification. Subject to all of the terms and conditions below, the owners of the copyright in this specification hereby grant you a fully-paid up, non-exclusive, nontransferable, perpetual, worldwide license (without the right to sublicense), to use this specification to create and distribute software and special purpose specifications that are based upon this specification, and to use, copy, and distribute this specification as provided under the Copyright Act; provided that: (1) both the copyright notice identified above and this permission notice appear on any copies of this specification; (2) the use of the specifications is for informational purposes and will not be copied or posted on any network computer or broadcast in any media and will not be otherwise resold or transferred for commercial purposes; and (3) no modifications are made to this specification. This limited permission automatically terminates without notice if you breach any of these terms or conditions. Upon termination, you will destroy immediately any copies of the specifications in your possession or control. PATENTS The attention of adopters is directed to the possibility that compliance with or adoption of OMG specifications may require use of an invention covered by patent rights. OMG shall not be responsible for identifying patents for which a license may be required by any OMG specification, or for conducting legal inquiries into the legal validity or scope of those patents that are brought to its attention. OMG specifications are prospective and advisory only. Prospective users are responsible for protecting themselves against liability for infringement of patents. GENERAL USE RESTRICTIONS Any unauthorized use of this specification may violate copyright laws, trademark laws, and communications regulations and statutes. This document contains information which is protected by copyright. All Rights Reserved. No part of this work covered by copyright herein may be reproduced or used in any form or by any means--graphic, Information Exchange Packaging Policy Vocabulary, Initial Submission ii

3 electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems-- without permission of the copyright owner. Copyright , Advanced Systems Management (ASMG) Group Ltd. Copyright , Object Management Group, Inc. Copyright , Defence Research and Development Canada, Centre for Security Sciences (CSS) USE OF SPECIFICATION - TERMS, CONDITIONS & NOTICES The material in this document details an Object Management Group specification in accordance with the terms, conditions and notices set forth below. This document does not represent a commitment to implement any portion of this specification in any company's products. The information contained in this document is subject to change without notice. LICENSES The companies listed above have granted to the Object Management Group, Inc. (OMG) a nonexclusive, royaltyfree, paid up, worldwide license to copy and distribute this document and to modify this document and distribute copies of the modified version. Each of the copyright holders listed above has agreed that no person shall be deemed to have infringed the copyright in the included material of any such copyright holder by reason of having used the specification set forth herein or having conformed any computer software to the specification. Subject to all of the terms and conditions below, the owners of the copyright in this specification hereby grant you a fully-paid up, non-exclusive, nontransferable, perpetual, worldwide license (without the right to sublicense), to use this specification to create and distribute software and special purpose specifications that are based upon this specification, and to use, copy, and distribute this specification as provided under the Copyright Act; provided that: (1) both the copyright notice identified above and this permission notice appear on any copies of this specification; (2) the use of the specifications is for informational purposes and will not be copied or posted on any network computer or broadcast in any media and will not be otherwise resold or transferred for commercial purposes; and (3) no modifications are made to this specification. This limited permission automatically terminates without notice if you breach any of these terms or conditions. Upon termination, you will destroy immediately any copies of the specifications in your possession or control. PATENTS The attention of adopters is directed to the possibility that compliance with or adoption of OMG specifications may require use of an invention covered by patent rights. OMG shall not be responsible for identifying patents for which a license may be required by any OMG specification, or for conducting legal inquiries into the legal validity or scope of those patents that are brought to its attention. OMG specifications are prospective and advisory only. Prospective users are responsible for protecting themselves against liability for infringement of patents. Information Exchange Packaging Policy Vocabulary, Initial Submission iii

4 GENERAL USE RESTRICTIONS Any unauthorized use of this specification may violate copyright laws, trademark laws, and communications regulations and statutes. This document contains information which is protected by copyright. All Rights Reserved. No part of this work covered by copyright herein may be reproduced or used in any form or by any means--graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems-- without permission of the copyright owner. DISCLAIMER OF WARRANTY WHILE THIS PUBLICATION IS BELIEVED TO BE ACCURATE, IT IS PROVIDED "AS IS" AND MAY CONTAIN ERRORS OR MISPRINTS. THE OBJECT MANAGEMENT GROUP AND THE COMPANIES LISTED ABOVE MAKE NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THIS PUBLICATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE OR OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY OR WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE OR USE. IN NO EVENT SHALL THE OBJECT MANAGEMENT GROUP OR ANY OF THE COMPANIES LISTED ABOVE BE LIABLE FOR ERRORS CONTAINED HEREIN OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, RELIANCE OR COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY ANY USER OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS MATERIAL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The entire risk as to the quality and performance of software developed using this specification is borne by you. This disclaimer of warranty constitutes an essential part of the license granted to you to use this specification. RESTRICTED RIGHTS LEGEND Use, duplication or disclosure by the U.S. Government is subject to the restrictions set forth in subparagraph (c) (1) (ii) of The Rights in Technical Data and Computer Software Clause at DFARS or in subparagraph (c)(1) and (2) of the Commercial Computer Software - Restricted Rights clauses at 48 C.F.R or as specified in 48 C.F.R of the DoD F.A.R. Supplement and its successors, or as specified in 48 C.F.R of the Federal Acquisition Regulations and its successors, as applicable. The specification copyright owners are as indicated above and may be contacted through the Object Management Group, 109 Highland Avenue, Needham, MA 02494, U.S.A. TRADEMARKS IMM, MDA, Model Driven Architecture, UML, UML Cube logo, OMG Logo, CORBA and XMI are registered trademarks of the Object Management Group, Inc., and Object Management Group, OMG, Information Exchange Packaging Policy Vocabulary, Initial Submission iv

5 Unified Modeling Language, Model Driven Architecture Logo, Model Driven Architecture Diagram, CORBA logos, XMI Logo, CWM, CWM Logo, IIOP, MOF, OMG Interface Language (IDL), and OMG SysML are trademarks of the Object Management Group. All other products or company names mentioned are used for identification purposes only, and may be trademarks of their respective owners. COMPLIANCE The copyright holders listed above acknowledge that the Object Management Group (acting itself or through its designees) is and shall at all times be the sole entity that may authorize developers, suppliers and sellers of computer software to use certification marks, trademarks or other special designations to indicate compliance with these materials. Software developed under the terms of this license may claim compliance or conformance with this specification if and only if the software compliance is of a nature fully matching the applicable compliance points as stated in the specification. Software developed only partially matching the applicable compliance points may claim only that the software was based on this specification, but may not claim compliance or conformance with this specification. In the event that testing suites are implemented or approved by Object Management Group, Inc., software developed using this specification may claim compliance or conformance with the specification only if the software satisfactorily completes the testing suites Information Exchange Packaging Policy Vocabulary, Initial Submission v

6 Table Contents TABLE CONTENTS LIST OF FIGURES LIST OF TABLES PREFACE VI X XII XVIII ABOUT THE OBJECT MANAGEMENT GROUP XVIII PART I 1 1 INFORMATION EXCHANGE FRAMEWORK REFERENCE ARCHITECTURE SCOPE ORGANIZATION OF THIS SPECIFICATION MOTIVATION IEF APPROACH IEF DELIVERED CAPABILITIES IEF OBJECTIVES IEF RA DESIGN PRINCIPLES 8 2 COMPLIANCE INTRODUCTION SELECTING A COMPLIANCE POINT COMPLIANCE POINTS File Sharing Instant Messaging Messaging Middleware Web Services 10 3 NORMATIVE REFERENCES 11 4 TERMS AND DEFINITIONS 12 5 SYMBOLS/ACRONYMS SYMBOLS 13 6 ADDITIONAL INFORMATION INTENDED AUDIENCE ACKNOWLEDGEMENTS ADDITIONAL MATERIALS 14 Information Exchange Packaging Policy Vocabulary, Initial Submission vi

7 6.4 REFERENCE ARCHITECTURE Introduction to IEF RA Philosophy MODELING CONVENTIONS 15 7 IEF REFERENCE ARCHITECTURE IEF OVERVIEW 16 8 EXTERNAL ACTORS 19 9 POLICY ADMINISTRATION POINT PAP IN AN INTER-AGENCY ENVIRONMENT PAP DESCRIPTION PAP Use Case Diagrams PAP Class Diagrams Sequence Diagrams POLICY DECISION POINT USE CASES Authorize Action Use Case Diagram PDP Use Case Diagram File PDP Use Case Diagram IM PDP Use Case Diagram Receiver Directed Messaging PDP Use Case Diagram Session Directed Messaging PDP Use Case Diagram CLASS DIAGRAMS Policy Decision Point Class Diagram SEQUENCE DIAGRAMS Policy Decision Point Sequence Diagram POLICY ENFORCEMENT POINTS PEP OVERVIEW PEP Components Class Diagram PEP Specialization Class Diagram PEP PEP Use Cases PEP Class Diagrams PEP Sequence Diagrams 84 Information Exchange Packaging Policy Vocabulary, Initial Submission vii

8 11.3 FILE SHARING PEP File Share Use Cases File PEP Class Diagrams File PEP Sequence Diagrams INSTANT MESSAGING PEP Instant Messaging Use Cases Instant Messaging Class Diagrams IM PEP Class Diagram Sequence Diagrams SESSION DIRECTED MESSAGING PEP Session Directed Messaging Use Cases Class Diagrams Session Directed Messaging PEP Class Diagram Sequence Diagrams RECEIVER DIRECTED MESSAGING PEP DATA PACKAGING AND PROCESSING SERVICES OPTIONAL REQUIREMENTS MESSAGE PACKAGING AND PROCESSING SERVICE USE CASE DIAGRAMS Package Structured Message Use Case Diagram Assemble Information Package Use Case Diagram Assemble Releasable Data Set Use Case Diagram Process Structured Information Element Use Case Diagram Package Structured Message Use Case Diagram CLASS DIAGRAMS SEQUENCE DIAGRAMS COMMON SERVICES USE CASES Authorize User Use Case Diagram Encrypt Information Element Use Case Diagram Decrypt Information Element Use Case Diagram CLASS DIAGRAMS Authorization Class Diagram Cryptography Class Diagram 217 Information Exchange Packaging Policy Vocabulary, Initial Submission viii

9 Identity Management Class Diagram Logging Class Diagram Marking Class Diagram Secure Asset Container Class Diagram SEQUENCE DIAGRAMS POLICY VOCABULARIES 240 ANNEX F: BIBLIOGRAPHY (INFORMATIONAL) 1 ANNEX G TERMS AND ACRONYMS (INFORMATIONAL) 1 GENERAL TERMS AND DEFINITIONS 1 ACRONYMS 9 ANNEX H CONFORMANCE WITH RFP 1 Mandatory Requirements 1 OPTIONAL REQUIREMENTS 5 Information Exchange Packaging Policy Vocabulary, Initial Submission ix

10 List of Figures Figure 1 -Concept Use Case Diagram Figure 2 -Administer Policy Environment Use Case Diagram Figure 3 -Policy Administration Use Case Diagram Figure 4 -Policy Management Use Case Diagram Figure 5 -Authorize Action Use Case Diagram Figure 6 -PDP Administration Use Case Diagram Figure 7 - PDP Use Case Diagram Figure 8 -File PDP Use Case Diagram Figure 9 -IM PDP Use Case Diagram Figure 10 -Receiver Directed Messaging PDP Use Case Diagram Figure 11 -Session Directed Messaging PDP Use Case Diagram Figure 12 -Send Use Case Diagram Figure 13 -Receive Use Case Diagram Figure 14 -Access File Share Use Case Diagram Figure 15 -Manage Protected File Use Case Diagram Figure 16 -Copy File Use Case Diagram Figure 17 -Create File Use Case Diagram Figure 18 -Cut File Use Case Diagram Figure 19 -Delete File Use Case Diagram Figure 20 -List Files Use Case Diagram Figure 21 -Move File Use Case Diagram Figure 22 -Open File Use Case Diagram Figure 23 -Paste File Use Case Diagram Figure 24 -Rename File Use Case Diagram Figure 25 -Save File Use Case Diagram Figure 26 -List and Join Chat Use Case Diagram Figure 27 -Receive IM Use Case Diagram Figure 28 -Send IM Use Case Diagram Information Exchange Packaging Policy Vocabulary, Initial Submission x

11 Figure 29 -Send Session Directed Message Use Case Diagram Figure 30 -Receive Message Use Case Diagram Figure 31 -Send Session Directed Message Use Case Diagram Figure 32 -Receive Use Case Diagram Figure 33 -Package Structured Message Use Case Diagram Figure 34 -Assemble Information Package Use Case Diagram Figure 35 -Assemble Releasable Data Set Use Case Diagram Figure 36 -Process Structured Information Element Use Case Diagram Figure 37 -Package Structured Message Use Case Diagram Figure 38 -Authorize User Use Case Diagram Figure 39 -Bind Markings to Information Element Use Case Diagram Figure 40 -Encrypt Information Element Use Case Diagram Figure 41 -Decrypt Information Element Use Case Diagram Information Exchange Packaging Policy Vocabulary, Initial Submission xi

12 List of Tables Table 1 - Concept Use Case Diagram Descriptions Table 2 External Actors Table 3 - Administer Policy Environment Use Case Diagram Descriptions Table 4 - Policy Administration Use Case Diagram Descriptions Table 5 - Policy Management Use Case Diagram Descriptions Table 6 Policy Administration Point Class Diagram Descriptions Table 7 Policy Administration Point Class Diagram - Interface Descriptions Table 8 Policy Administration Point Class Diagram - Association Descriptions Table 9 Identity Attribute Administration Point Class Diagram Descriptions Table 10 Identity Attribute Administration Point Class Diagram - Interface Descriptions Table 11 Identity Attribute Administration Point Class Diagram - Association Descriptions Table 12 - Policy Administration Point Sequence Diagram - Message Descriptions Table 13 - Authorize Action Use Case Diagram Descriptions Table 14 - PDP Administration Use Case Diagram Descriptions Table PDP Use Case Diagram Descriptions Table 16 - File PDP Use Case Diagram Descriptions Table 17 - IM PDP Use Case Diagram Descriptions Table 18 - Receiver Directed Messaging PDP Use Case Diagram Descriptions Table 19 - Session Directed Messaging PDP Use Case Diagram Descriptions Table 20 Policy Decision Point Class Diagram Descriptions Table 21 Policy Decision Point Class Diagram - Interface Descriptions Table 22 Policy Decision Point Class Diagram - Association Descriptions Table 23 - Policy Decision Point Sequence Diagram - Message Descriptions Table 24 PEP Components Class Diagram Descriptions Table 25 PEP Components Class Diagram - Interface Descriptions Table 26 PEP Components Class Diagram - Association Descriptions Table 27 PEP Specialization Class Diagram Descriptions Table 28 PEP Specialization Class Diagram - Interface Descriptions Information Exchange Packaging Policy Vocabulary, Initial Submission xii

13 Table 29 PEP Specialization Class Diagram - Association Descriptions Table 30 - Send Use Case Diagram Descriptions Table 31 - Receive Use Case Diagram Descriptions Table 32 PEP Class Diagram Descriptions Table 33 PEP Class Diagram - Interface Descriptions Table 34 PEP Class Diagram - Association Descriptions Table 35 - Send Sequence Diagram - Message Descriptions Table 36 - Receive Sequence Diagram - Message Descriptions Table 37 - Access File Share Use Case Diagram Descriptions Table 38 - Manage Protected File Use Case Diagram Descriptions Table 39 - Copy File Use Case Diagram Descriptions Table 40 - Create File Use Case Diagram Descriptions Table 41 - Cut File Use Case Diagram Descriptions Table 42 - Delete File Use Case Diagram Descriptions Table 43 - List Files Use Case Diagram Descriptions Table 44 - Move File Use Case Diagram Descriptions Table 45 - Open File Use Case Diagram Descriptions Table 46 - Paste File Use Case Diagram Descriptions Table 47 - Rename File Use Case Diagram Descriptions Table 48 - Save File Use Case Diagram Descriptions Table 49 File PEP Class Diagram Descriptions Table 50 File PEP Class Diagram - Interface Descriptions Table 51 File PEP Class Diagram - Association Descriptions Table 52 - Copy File Sequence Diagram - Message Descriptions Table 53 - Create File Sequence Diagram - Message Descriptions Table 54 - Cut File Sequence Diagram - Message Descriptions Table 55 - Delete File Sequence Diagram - Message Descriptions Table 56 - List Files Sequence Diagram - Message Descriptions Table 57 - Move File Sequence Diagram - Message Descriptions Table 58 - Open File Sequence Diagram - Message Descriptions Information Exchange Packaging Policy Vocabulary, Initial Submission xiii

14 Table 59 - Paste File Sequence Diagram - Message Descriptions Table 60 - Retrieve File Sequence Diagram - Message Descriptions Table 61 - Save File Sequence Diagram - Message Descriptions Table 62 - List and Join Chat Use Case Diagram Descriptions Table 63 - Receive IM Use Case Diagram Descriptions Table 64 - Send IM Use Case Diagram Descriptions Table 65 IM PEP Class Diagram Descriptions Table 66 IM PEP Class Diagram - Interface Descriptions Table 67 IM PEP Class Diagram - Association Descriptions Table 68 - List Chat Rooms Sequence Diagram - Message Descriptions Table 69 - Join Chat Room Sequence Diagram - Message Descriptions Table 70 - Send IM Sequence Diagram - Message Descriptions Table 71 - Send Special Message Sequence Diagram - Message Descriptions Table 72 - Receive IM Sequence Diagram - Message Descriptions Table 73 - Receive Special Message Sequence Diagram - Message Descriptions Table 74 - Send Session Directed Message Use Case Diagram Descriptions Table 75 - Receive Message Use Case Diagram Descriptions Table 76 Session Directed Messaging PEP Class Diagram Descriptions Table 77 Session Directed Messaging PEP Class Diagram - Interface Descriptions Table 78 Session Directed Messaging PEP Class Diagram - Association Descriptions Table 79 - Send Message To Session Sequence Diagram - Message Descriptions Table 80 - Receive Message Sequence Diagram - Message Descriptions Table 81 - Send Session Directed Message Use Case Diagram Descriptions Table 82 - Receive Use Case Diagram Descriptions Table 83 Receiver Directed Messaging PEP Class Diagram Descriptions Table 84 Receiver Directed Messaging PEP Class Diagram - Interface Descriptions Table 85 Receiver Directed Messaging PEP Class Diagram - Association Descriptions Table 86 - Send Receiver Directed Messaging Sequence Diagram - Message Descriptions Table 87 - Receive Message Sequence Diagram - Message Descriptions Table 88 - Package Structured Message Use Case Diagram Descriptions Information Exchange Packaging Policy Vocabulary, Initial Submission xiv

15 Table 89 - Assemble Information Package Use Case Diagram Descriptions Table 90 - Assemble Releasable Data Set Use Case Diagram Descriptions Table 91 - Process Structured Information Element Use Case Diagram Descriptions Table 92 - Package Structured Message Use Case Diagram Descriptions Table 93 Data Assembly Service Class Diagram Descriptions Table 94 Data Assembly Service Class Diagram - Interface Descriptions Table 95 Data Assembly Service Class Diagram - Association Descriptions Table 96 Data Packaging Service Class Diagram Descriptions Table 97 Data Packaging Service Class Diagram - Interface Descriptions Table 98 Data Packaging Service Class Diagram - Association Descriptions Table 99 - Authorize User Use Case Diagram Descriptions Table Bind Markings to Information Element Use Case Diagram Descriptions Table Encrypt Information Element Use Case Diagram Descriptions Table Decrypt Information Element Use Case Diagram Descriptions Table 103 Authorization Class Diagram Descriptions Table 104 Authorization Class Diagram - Interface Descriptions Table 105 Authorization Class Diagram - Association Descriptions Table 106 Cryptography Class Diagram Descriptions Table 107 Cryptography Class Diagram - Interface Descriptions Table 108 Cryptography Class Diagram - Association Descriptions Table 109 Identity Management Class Diagram Descriptions Table 110 Identity Management Class Diagram - Interface Descriptions Table 111 Identity Management Class Diagram - Association Descriptions Table 112 Logging Class Diagram Descriptions Table 113 Logging Class Diagram - Interface Descriptions Table 114 Logging Class Diagram - Association Descriptions Table 115 Marking Class Diagram Descriptions Table 116 Marking Class Diagram - Interface Descriptions Table 117 Marking Class Diagram - Association Descriptions Information Exchange Packaging Policy Vocabulary, Initial Submission xv

16 Information Exchange Packaging Policy Vocabulary, Initial Submission xvi

17 Information Exchange Packaging Policy Vocabulary, Initial Submission xvii

18 Preface About the Object Management Group Founded in 1989, the Object Management Group, Inc. (OMG) is an open membership, not-for-profit computer industry standards consortium that produces and maintains computer industry specifications for interoperable, portable, and reusable enterprise applications in distributed, heterogeneous environments. Membership includes Information Technology vendors, end users, government agencies, and academia. OMG member companies write, adopt, and maintain its specifications following a mature, open process. OMG's specifications implement the Model Driven Architecture (MDA ), maximizing Return on Investment (ROI) through a full-lifecycle approach to enterprise integration that covers multiple operating systems, programming languages, middleware and networking infrastructures, and software development environments. OMG's specifications include: UML (Unified Modeling Language ); CORBA (Common Object Request Broker Architecture); CWM (Common Warehouse Metamodel); and industry-specific standards for dozens of vertical markets. More information on the OMG is available at OMG Specifications As noted, OMG specifications address middleware, modeling and vertical domain frameworks. All OMG Specifications are available from the OMG website at: Specifications are organized by the following categories: Business Modeling Specifications Middleware Specifications CORBA/IIOP Data Distribution Services Specialized CORBA IDL/Language Mapping Specifications Modeling and Metadata Specifications UML, MOF, CWM, XMI UML Profile Modernization Specifications Platform Independent Model (PIM), Platform Specific Model (PSM), Interface Specifications CORBAServices CORBAFacilities Information Exchange Packaging Policy Vocabulary, Initial Submission xviii

19 OMG Domain Specifications CORBA Embedded Intelligence Specifications CORBA Security Specifications All of OMG's formal specifications may be downloaded without charge from our website. (Products implementing OMG specifications are available from individual suppliers.) Copies of specifications, available in PostScript and PDF format, may be obtained from the Specifications Catalog cited above or by contacting the Object Management Group, Inc. at: OMG Headquarters 109 Highland Ave, Needham, MA USA Tel: Fax: Certain OMG specifications are also available as ISO standards. Please consult Typographical Conventions The type styles shown below are used in this document to distinguish programming statements from ordinary English. However, these conventions are not used in tables or clause headings where no distinction is necessary. Times/Times New Roman - 10 pt.: Standard body text. Helvetica/Arial - 10 pt. Bold: OMG Interface Language (OMG IDL) and syntax elements. Courier - 10 pt. Bold: Programming language elements. Helvetica/Arial - 10 pt: Exceptions. NOTE: Terms that appear in italics are defined in the glossary. Italic text also represents the name of a document, specification, or other publication. Issues The reader is encouraged to report any technical or editing issues/problems with this specification to Information Exchange Packaging Policy Vocabulary, Initial Submission xix

20

21 Part I Information Exchange Framework Reference Architecture, Initial Submission 1

22 1 Information Exchange Framework Reference Architecture 1.1 Scope The Information Exchange Framework (IEF) is an OMG initiative to develop a family of specifications for policy-driven, data-centric information sharing and safeguarding (ISS) services. These services target the automation of key policy decision and enforcement points to enable responsible information sharing across a broad range of business and operational scenarios. The IEF Reference Architecture (RA) will be used to guide the overall IEF effort, broaden general understanding of domain requirements, and guide the development of information sharing and safeguarding (ISS) solutions. The IEF RA is primarily targeting operational environments that require the ability to share information within and beyond agency boundaries and are often challenged by rapid, unpredictable changes in operational contexts (e.g., threat, risk, roles & responsibilities, scale, scope, and severity). These include: 1. Military (coalition and Civilian-Military) operations; 2. National Security; 3. Public Safety; 4. Crisis Management; 5. Border Security; 6. Emergency Management; 7. Peace Keeping; and 8. Humanitarian Assistance. Although these environments are the primary focus on the specification, most of the features equally support the transactional domains of a broad range of public and private sector organizations that require: 1. The ability to exchange information in a secure and trusted manner with clients, partners and subcontractors; 2. The ability to selectively share elements of an information holding with individuals and agencies in conformance with legislation regulation and policy, e.g.: a. Healthcare: Electronic Health Records (EHR); b. Finance: Banking and Insurance records; c. Justice: Criminal Case File; d. Government Programs; e. Customs and Immigration. 3. The ability to log and audit the exchange of information holdings. The IEF will adopt domain agnostic vocabulary that can easily translate to ISS in all of these domains. It will defines concepts for expressing rules governing: 1. The packaging (assemble and format) of information for release; 2. The processing (parse, process and store) of received messages or datasets; 3. The disseminations of releasable information to users (Individuals; Organizations; Role; Performer, Community or Topic; Systems; applications; or service) based on their authorizations to access specific information elements. 2 Information Exchange Framework Reference Architecture, Initial Submission

23 1.2 Organization of this Specification This specification includes seven Clauses and nine Seven: Clause 1: Provides an overview of the specification, including: Scope; Objectives; Within the Context of the Information Exchange Framework; Problem Statement; Support for Policy-driven Data-centric Information Sharing and Safeguarding; and IEF Concept. Clause 2: Defines the compliance points for the IEF RA. Clause 3: Identifies Normative References for this specification. Clause 4: Identifies Terms and their s used in various parts of the specification. This Clause does not include concepts and properties comprising the IEF RA. Clause 5: Identifies any special Symbols/Acronyms used in the development of this specification. Clause 6: Provides Additional Information about this specification. Clause 7: Provides an Overview of the IEF Reference Architecture. Clause 8: Policy Decision Point (PDP) Clause 9: Policy Administration Point (PAP) Clause 10:Policy Enforcement Points Clause 11:Policy-based Packaging Services Clause 12: Supporting Services Annex A: Annex C: Annex D: Annex E: Annex F: Clause 13: User Services Annex G: Required Discussion Points Annex H: Describes how the specification elements address the RFP requirements. 1.3 Motivation Numerous after-action and news reports on events such as SARS, the 2007 London subway bombing, the 1998 Ice Storm (eastern Canada and Northern New York State), Haiti, Afghanistan, Katrina, and 9/11 events have documented the challenges faced by even the most technologically advanced agencies to effectively and efficiently interoperate with partners. Equally prevalent are the reports documenting the growing need for agencies to increase the quantity and quality of information they share with partners when responding to an emergency or crisis situation; e.g.: Today, information sharing is critical to almost every institution. There is no more critical need for information sharing than during an international crisis, when international coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, natural disaster, combat operations, or terrorist incidents, international coalitions have an immediate need for information. These coalitions are formed with international cooperation, where each participating country offers whatever resources it can muster to support the given crisis. These situations can occur suddenly, simultaneously, and without warning. Often times, participants are Information Exchange Framework Reference Architecture, Initial Submission 3

24 coalition partners in one crisis and adversaries in another, rising difficult security issues with respect to information sharing. 1 Each participating agency requires the ability to rapidly establish pre-planned or ad hoc ISS capabilities to enable: Shared situational awareness; Collaboration (e.g., operational planning and intelligence); Coordination; and Command-and-Control. Operational users tend to emphasize the need to share; and to maximize the volume, variety and quality of information discoverable and accessible by authorized users and partners. They recognize information is vital to the formation, quality, and timeliness of decisions, as well as, the creation of decision advantage (/decision superiority). Conversely, Security and Privacy Officers, representing data owners, stewards, and custodians, apply and emphasize need-to-know practices and principles; to ensure that only users with the appropriate credentials, authorizations and need are provided access to designated information elements. These need-to-know practices result in the development and deployment of multiple selfcontained enclaves based on security level and warning terms, or caveats, such as Eyes Only, Canadian- US, and NATO. These enclaves are logically and physically separated; isolated in terms of policies, applications, platforms, networks, infrastructures, and information stores. In addition to being expensive to develop, maintain, and deploy, these enclaves are silos that are often detrimental to information provision, i.e., the realization of shared situational awareness, collaboration, coordination, and decision making. Conversely, need-to-share has introduced additional risks into information management environments. An increasing number of participants are being authorized to access security enclaves. Once a participant is authorized to enter an enclave, they are provided access to a wide range of information elements. Conventional access control solutions do not typically provide sufficient fidelity and flexibility in the application of policy/rules. They do not apply policies/rules to the actual content of individual information elements or provide defense-in-depth, i.e., layering safeguards based on the value of key data elements (e.g., security and privacy tags) within the instances of the information element. Recent security incidents illustrate the limitations of conventional access control solutions and their inability to exert sufficient control over and protect critical information assets: As part of the response to the 9/11 attacks, the US determined that increased information sharing between departments and their infrastructure was necessary to prevent future terrorist activity. The perception of departments information stores as hardened silos was seen as a barrier to effective security response. As a result, a new culture of openness was in effect at the Sensitive Compartmented Information Facility (SCIF). In this environment, Bradley Manning was able to use unrestricted and uncontrolled access to information to disclose large amounts of sensitive data. 2 1 Charles E. Phillips, Jr. et al, SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies, Pages 87-96, Information Exchange Framework Reference Architecture, Initial Submission

25 Edward Snowden's role as a systems administrator provided easy access to classified National Security Agency documents sitting in a file-sharing location on the spy agency's intranet portal. As a contracted NSA systems administrator with top-secret Sensitive Compartmented Information (SCI) clearance, Snowden could access the intranet site and move especially sensitive documents to a more secure location without triggering security incident alarms. 3 SLt. Delisle has admitted to selling secret information to the Russians over a 4 ½-year period jeopardizing Canada s ability to protect itself, as well as its standing with key partner nations. Canadian officials concede they do not know precisely what SLt. Delisle gave the Russians between 2007 and They re drawing inferences from material they intercepted just before arresting him. 4 While the two priorities sharing and safeguarding are often seen as mutually exclusive, in reality they are mutually reinforcing. Information systems that strengthen protections and the fidelity of controls for sensitive information help build trust within the user and stakeholder communities. This trust will provide data owners and custodians with the confidence to: Increase operational effectiveness Improve information sharing capability Increase information safeguarding capability Reduce operational costs Reduce management costs Reduce acquisition costs 1.4 IEF Approach The IEF defines a framework for delivering defense-in-depth solutions that address a broad range of information sharing and safeguarding requirements. The framework will include specifications defining the requirements for: A reference Architecture (this document); Formal Information Sharing and Safeguarding Policy Vocabularies; Data Centric Policy Decision and Enforcement Points; Policy Administrations Points; and Policy Development, Management and Dissemination Tools. These specifications will enable the development of information management and security measures targeting the responsible sharing of information in accordance with policy and commensurate with the sensitivity of the data being accessed or shared. The IEF Reference Architecture (this document) defines an integration layer for off-the-shelf products and services that will enable the enforcement of ISS policy at the data level rather than the networks, platforms systems and applications Information Exchange Framework Reference Architecture, Initial Submission 5

26 1.5 IEF Delivered Capabilities The IEF seeks to deliver a policy-driven data centric solution using a set of layered defense-in-depth safeguards to achieve responsible information sharing solutions. Where available, the IEF will align and integrate existing open standards and specifications for data centric practices, tools, technologies, and protocols. Where necessary, the IEF Working Group will promote the development of specifications that fill gaps in the IEF standards portfolio. The IEF Reference Architecture will provide specifications for policy driven, data-centric ISS solutions delivered as a set of shared infrastructure, integrating off-the-shelf products and services, that can rapidly tailored to the planning and spontaneous operational needs. The IEF separates the development and maintenance of policy/rules from the specific systems and services (i.e., policy decision and enforcement points) that enforce them. This separation will enable users to: Evolve ISS policy/rules independent of services and infrastructure; Specify and acquire ISS services and infrastructure without specifying the operational use cases; Re-host ISS policies to multiple ISS services and infrastructures; and Evolve and instantiate ISS policy in response to changing business and operational requirements. The capabilities provided users with the flexibility and agility to rapidly extend or enhance policy (/policy models) and accommodate: Changing mandates, roles and responsibilities; Changing mission and operational context; Evolving threats and risks; Evolving institutional policy; and Advancements in technology. By providing a model driven approach to policy development that facilitates the integration of ISS policy into segment, operational and enterprise architectures. The integration of ISS policy model into architecture frameworks and tools will: Align ISS policy models related architectural artifacts (operational topologies and deployments, platforms, systems, interfaces and data and information elements). Develop traceability to policy instruments (e.g., legislation, regulation, service Level Agreements (SLS), Memorandum of Understanding (MoU) and Operating Procedures); Provide information needed to effectively and efficiently validate, verify, and certify operational configurations and deployments. The integration of ISS policy development into architecture will promote retention of institutional knowledge and an overall reduction in overall life-cycle costs. 6 Information Exchange Framework Reference Architecture, Initial Submission

27 1.6 IEF Objectives The IEF will provide the ability and capacity for people, processes, and systems to work together efficiently and ensure that the right information is available to the right people or system at the right time. This will require solutions that: Policy-driven Data-centric Achieve Dynamic Interoperability Flexibility, Adaptability, and Agility Architecture Alignment Integration Overlay Defense-in-Depth Self-Defending Vendor Agnostic Reuse of Existing Standards and Specifications Provide a fully traceable path from information sharing an d safeguarding policy to the rules executed by decision and enforcement points in the information systems and services the execute them IEF policy decision and enforcement points operate on the data for each instance of the information and data elements being assessed for release. Solution have the ability to operate on data over time. As the context of the operation and the states of its associated systems change, ensure that systems have the ability to integrate assumptions and constraints affecting their information interchanges. Enable the rapid re-use and repurposing of policy and data patterns for both planned and spontaneous operations; and enable run-time changes to active policy environments. The IEF will define strategies that enable users to integrate IEF elements into business and system architecture views. Provide strategies, techniques and tools that enable users to translate institutional policy (policy instruments) into human consumable and machine-readable rules; the former enabling a manual process and the latter enabling automation of policy governing the sharing and safeguarding of information assets. Operate as an overlay to existing systems and infrastructure. Integrate elements manner that to safeguard individual data and information assets based on their sensitivities. Employ internal elements to safeguard its own data and information elements (e.g., policies, instructions and logs). Define specification that vendors can use to developed off-theshelf integration layers of complete ISS solutions. Integrate existing and evolving specifications and standards to define and implement of IEF component. The Platform Specific Models will represent the assignment of specific standards and specifications to the components (e.g., DDS for data Information Exchange Framework Reference Architecture, Initial Submission 7

28 1.7 IEF RA Design Principles The Key principles of the IEF and its support Environment. dissemination) and interfaces (e.g., XAMCL for exchange of policies). Support Environment (e.g., Policy Authoring Environment): Define strategies, practices and tools that: Enables rapid development and deployment of ISS Policy. Align and integrate ISS policy into an organizations segment, mission and enterprise architectures. Enable the automated translation of policy models into human consumable and machinereadable rules. Provide users with the data needed for: o Governance; o o o o Modeling and simulation; Auditing (e.g., security and privacy): Design, Real-time Monitoring, and Forensic; Retention of Institutional Memory; and Lower life-cycle costs Policy Environment: Define Policy Vocabularies that: Offer multiple Policy Language Implementations (e.g., XACML, SAML, and RulesML); Offer Modeling Language Profiles (e.g., UML); Are Domain Vocabulary agnostic; Enable multiple marking (tags, labels or metadata) schemes; and Enable automated translation between policy models, languages and executable rules; Enable the speciation of policies/rules that are enforced at the data level Policy ownership/control rests with the owner/steward of the data asset. IEF Services: Define Services that: Separate the definition of policies (/rules/instructions) from the services employed to enforce them, which will in turn provide users: o With greater control over their data and policy environment; o With the ability to re-host ISS policies to multiple vendor solutions; o With the ability evolve and align policies for specific operational/mission requirements; and o With the ability host multiple policy and data environments on a sheared infrastructure. Ingest policies at run-time without the requirements to disable running services. 8 Information Exchange Framework Reference Architecture, Initial Submission

29 That enable users to manage and administer Policies in running services. Enforcement of ISS policies/rules at the data level, enabling: o Defence-in-Depth strategies rather than perimeter protection ISS Solutions; o Greater fidelity in privacy and security decisions; o Data level redaction and the selective sharing of information using common message structures (e.g., NIEM). General: Reuse existing standards where and whenever possible Vendor neutral specifications, yielding: o Option to reuse existing infrastructure o Multiple heterogeneous implementation options o Leverage existing open-standards. Information Exchange Framework Reference Architecture, Initial Submission 9

30 2 Compliance 2.1 Introduction The Information Exchange Reference Architecture defines five (5) separate information sharing and safeguarding service patterns. Each pattern forms a separate compliance point. An implementer may select to implement one of more of the service patterns. 2.2 Selecting a Compliance Point The IEPPV is a vocabulary specification. It defines a set of concepts that combine to express the rules governing packaging, processing and dissemination of information. The compliance points allow the implementers to select the level of message complexity they need to support. CP1 through CP2c build on the concepts defined in the previous levels. CP-3 provides a set of concepts that enable users to assign information elements to specific information dissemination services. 2.3 Compliance Points To be express compliance to this specification, an implementer must implement all mandatory features of: 1. Policy Administration Point (Clause 9); 2. Policy Decision Point (Clause 10); 3. Common Elements (Clause xx) and 4. At least on following Policy Enforcement Points: a) File Share; b) Electronic Mail ( ); c) Instant Messaging (IM); d) Messaging Middleware; and e) Web Services File Sharing Instant Messaging Messaging Middleware Web Services 10 Information Exchange Framework Reference Architecture, Initial Submission

31 3 Normative References XACML IEPPV Information Exchange Framework Reference Architecture, Initial Submission 11

32 4 Terms and s The focus of this specification is the development of a formal. 12 Information Exchange Framework Reference Architecture, Initial Submission

33 5 Symbols/Acronyms 5.1 Symbols There are no additional symbols defined for this specification. All symbols used in this specification are based on standard UML. Information Exchange Framework Reference Architecture, Initial Submission 13