Wednesday Sep 26, 2012

Oracle Solutions supporting ICAM deployments

The ICAM architecture has become the predominant security architecture for government organizations.  A growing number of federal, state, and local organizations are in various stages of using Oracle ICAM solutions.  The relevance of ICAM has clearly extended beyond the Federal ICAM mandates to any government program that must enable standards based interoperability like health exchanges and public safety.  The state government endorsed version of ICAM was just released with the NASCIO SICAM Roadmap.

ICAM solutions require an integrated security architecture.  The major new release in August of Oracle Identity Management 11gR2 focuses on a platform approach to identity management.  This makes it easier for government organizations to acquire and implement a comprehensive ICAM solution, rather than individual products.  The following analysts reports describe the value of the Oracle Solutions:

  • According to The Aberdeen Group:  “Organizations can save up to 48% deploying a platform of  (identity management) solutions when compared to deploying point solutions”
  • IDC Product Flash, July 2012:  “Oracle may have hit the home run grand slam in identity management recently with the announcement of Oracle Identity Management 11g R2."
For additional information on the Oracle ICAM solutions, attend the Webcast on October 10, 2012:  ICAM Framework for Enabling Agile, Service Delivery.

Visit the Oracle Secure Government Resource Center for information on enterprise security solutions that help government safeguard information, resources and networks.

Wednesday Sep 19, 2012

NASCIO Releases Updated State Identity Credential Access Management (SICAM) Documentation

To date, Oracle's SecureGov discussions around the NASCIO State Identity Credential Access Management (SICAM) Roadmap have addressed different "draft" and "working" versions of the framework.  Today, NASCIO released their first version of the document for download on their "Publications" page.[Read More]

Wednesday Jan 04, 2012

Reducing SPAM on Identity Registration Services

The combination of Oracle's Identity Manager 11g and testing for real-human input (via CAPTCHA-type technology), provides a secure interface for agencies to implement trusted self-service user registration.[Read More]

Thursday Oct 27, 2011

SICAM: Privacy and the Golden Record

Addressing the privacy considerations associated with the use of the "Golden Record" in a SICAM architecture.[Read More]

Saturday Sep 03, 2011

SICAM: SICAM Component Architecture

When I first started contributing State Identity Credential Access Management (SICAM) content last year, I didn’t get too far into the discussion before trying to spell out what the key value props are for organizations heading down that path. Meeting conditional funding requirements, complying with state/federal mandates, eliminating benefits fraud, streamlining process…all those initiatives benefit from SICAM’s single, trusted view of identity. That notion of a “single view of the individual”, that “this Jane Doe is the right Jane Doe, the same Jane Doe as I look from system to system and department to department”, is sometimes referred to as the “Golden Record” for that person. The need for data quality and identity resolution makes Master Data Management (MDM) a necessary component in a SICAM architecture.

Figure:  SICAM Component Architecture

The component architecture is really born more out of policy requirements than technology dependencies. Taking one more look at my comments on Public Sector policy drivers for SICAM, we can see how each of these components works into the mix:

  • MDM provides the aforementioned identity resolution, data quality, and single-view of individuals (in many ways like a primary key/foreign key relationship, only here between systems and identity repositories.)
  • Once we understand our relationship to (or “single view” of) an individual we leverage any number of Credentialing techniques to communicate and assure that relationship in the form of a token or artifact.[i] Depending on the level of trust in any given identity, or required for authentication, different credentials (certificates, smart cards, one time passwords, knowledge based authentication, etc.) can provide different levels of identity assurance that scale to the different security needs and requirements of grant initiatives, compliance mandates, and reporting specifications.
  • Identity and Access Management tools manage and honor those identities and credentials in a manner that allows interoperability across systems and domains without impeding their use in systems of origin.
  • Service Oriented Architecture (SOA) provides the common standards and infrastructure for rapid deployment and consumption of interoperable services across departments, agencies, states, municipalities, etc.
  • One of the primary drivers for adopting a SICAM infrastructure is to enable a collaborative Business Intelligence reporting platform.[ii] SICAM acts as an interoperability layer that allows departments to report on (often regulated and sensitive) data without co-mingling and sharing of raw backend data that would violate compliance mandates and law.[iii]
  • And finally a Portal Interface for presentation.

Typically my writings are on the Identity Management and Security side of the SICAM equation, but over the next couple of posts I’d like to delve into some important discussions around the MDM area of the component architecture. Recently I’ve had several great discussions in the field around the legal, privacy, and security ramifications of the MDM/Identity Resolution piece of SICAM that are worth sharing. With this discussion of SICAM components as background, I’ll delve in next time with some frequent questions and considerations around the care and feeding of the “SICAM Golden Record.”

[i] See NIST’s Special Publication 800-103 for an Ontology of Identity Credentials

[ii] See data sharing and reporting requirements for initiatives like Education’s State Longitudinal Data Systems (SLDS) grants and Health and Human Service’s National Health Information Network (NHIN)

[iii] Again, drawing from SLDS and NHIN, student performance data and personal health information are strictly regulated by the Family Educational Rights and Privacy Act (FERPA) and the Health Information Technology for Economic and Clinical Health Act (HITECH, see also HIPAA) respectively.

Monday Jun 27, 2011

NSTIC Next Steps

Today and tomorrow, we'll see our next steps in the National Strategy for Trusted Identities in Cyberspace (NSTIC) governance roadmap as NIST hosts the NSTIC Privacy Workshop at the MIT Media Lab in Cambridge, MA.  I’m here live but the proceedings are already underway and you can tune in remotely to the webcast here. Questions can also be lobbed in via the Tweetosphere at #NSTIC.

Thursday Jun 09, 2011

NSTIC Notes (UPDATE) - Commerce NOI Hits the Street

Update to NSTIC Notes about the first NSTIC Governance Workshop:  Summary of Dept of Commerce Notice of Inquiry (NOI)[Read More]

Monday Oct 11, 2010

SICAM: Crafting the Standard Behind Statewide Citizen Services

SICAM:  Extending valuable citizen services remains the core mission for State and Local governments. But as Public Sector initiatives and requirements change, those services also need to be more transparent, proactive, and secure. Against that backdrop, the move is on to standardize several components underneath the services that form our Public Sector relationships with the Citizen and Businesses.[Read More]

Identity and Access Management topics related to Federal, State and Local government agencies


« July 2016