IT:AD:6A

Summary

IT:AD:5A is well known security term, derived from the Air Force, but misses a couple of key concerns: Auditing and Appropriate filtering out attributes depending on authorisation.

IT:AD:7A supercedes this principle.

Principle

The goal is to provide access to systems and their data.

  • Anytime (ie: afterhours, and reduce downtimes).
  • Anywhere (ie: from within and outside of corporate firewalls)
    • Meets Accessible Values, And Accessibility Qualities
  • Anyhow (ie: any device, that does not require special plugins, client certs, etc.)
  • Anyone (ie: available to any system or person – anonymous or identified – but will be filtered Appropriately based on Authorisation)
    • Meets Protective Qualities
  • Appropriate (ie: provide filtered projections which strip out sensitive data)
    • Implements Clemency Values
    • Meets Resilience Qualities
  • Audited (ie: all – including Views – operations are audited, as well as monitored and automatically alert as required).
    • Meets Accountable Values,
    • Meets Accountability Qualities

Notes

Note that IT:AD:5A's Authorisation is dropped in favour of Appropriate. Although Authorisation is maybe more common – possibly due to its ease of implementation – it remains a crude binary state (you are either have the required role or not). Whereas an Appropriate response can be more nuanced: it might always provides an query response regardless of role, but project more or less Attributes based on an authorisation assessment.

For example:

PersonID : GuidPublicMoniker: textDisplayName: textFirstName: textLastName: textNationalID: textDOB : dateEnrolled:boolPublic API Projection 1ID : GuidPublicMoniker: textDisplayName: textNationalID: textDOB(): intCore and sensitivedata is sharedwith other certifiedagenciesPublic API Projection 2ID : GuidPublicMoniker: textDisplayName: textDOB(): intCore data -- excludingsensitive bits --is shared withother agenciesand authorisedusersPublic API Projection 3Enrolled:boolDOB(): intNo sensitive data isshared