White House data strategy calls for standardized metadata and identity authentication
A newly released White House strategy for federal information sharing lists among its top priorities adoption of metadata standards and the further extension of the Federal Identity Credential and Access Management framework.
The strategy (.pdf) does not replace the 2007 National Strategy for Information Sharing, the new document says; the NSIS continues to provide the framework for information sharing and to direct its efforts in the areas of counterterrorism, homeland security and weapons of mass destruction.
The new document does define policy objectives, however, including the promotion of finer-grained access controls through promotion of data-level tagging, also known as metadata. Today, most information authorization models are defined at the network or application level, but network consolidation and shared service adoption means that access controls should be applied to the data itself, the strategy says.
Tagging would benefit data discovery and access, but it can also enable enforcement of access decisions based on the relevancy of the data to the mission of the person who seeks it by comparing user attributes (such as workplace or security clearance) to the data.
The strategy is firmly in the camp of federated access to multiple databases, stating that centralized repositories may only "yet remain appropriate in some limited cases." A decentralized approach lets the originator of the data directly maintain and update it, the strategy says, promising "increased speed in sharing and high levels of information fidelity." Among the lesser priorities identified by the strategy is a reference architecture that would permit a consistent approach across government to data discovery and correlation.
It also calls for as a high priority interoperable authentication, decrying the use of unique authentication services across the federal government. The Federal Identity Credential and Access Management framework, the strategy says, must be extended and implemented "across all security domains."
In addition, the government will create an information sharing agreement template containing legal and policy requirements, the strategy says. Interagency agreements to share data are often long in coming as issues of access and handling are hashed out; a template that includes issues resolution would streamline the process, it adds.
Similarly, departments and agencies should adopt a consistent approach to privacy, civil rights and civil liberties projections, it says.
Information, the strategy says, is "a national asset." Federal agencies have an "unprecedented ability to gather, store, and use information," it says.
"Correspondingly they have an obligation to make that information available to support national security missions," the strategy adds.
- download the "National Strategy For Information Sharing and Safeguarding" (.pdf)
DHS official attempted to block NCTC data mining effort
DHS cost model shows benefit of data architecting
DoD adopts NIEM, will no longer support UCore development
ISE not yet sharing enough data, says GAO