IT:AD:5A is well known security term, derived from the Air Force, but misses a couple of key concerns: Auditing and Appropriate filtering out attributes depending on authorisation.

IT:AD:7A supercedes this principle.

The goal is to provide access to systems and their data.

* Anytime (ie: afterhours, and reduce downtimes). * Anywhere (ie: from within and outside of corporate firewalls)

  • Meets Accessible Values, And Accessibility Qualities

* Anyhow (ie: any device, that does not require special plugins, client certs, etc.) * Anyone (ie: available to any system or person – anonymous or identified – but will be filtered Appropriately based on Authorisation)

  • Meets Protective Qualities

* Appropriate (ie: provide filtered projections which strip out sensitive data)

  • Implements Clemency Values
  • Meets Resilience Qualities

* Audited (ie: all – including Views – operations are audited, as well as monitored and automatically alert as required).

  • Meets Accountable Values,
  • Meets Accountability Qualities

Note that IT:AD:5A's Authorisation is dropped in favour of Appropriate. Although Authorisation is maybe more common – possibly due to its ease of implementation – it remains a crude binary state (you are either have the required role or not). Whereas an Appropriate response can be more nuanced: it might always provides an query response regardless of role, but project more or less Attributes based on an authorisation assessment.

For example:

PersonID : GuidPublicMoniker: textDisplayName: textFirstName: textLastName: textNationalID: textDOB : dateEnrolled:boolPublic API Projection 1ID : GuidPublicMoniker: textDisplayName: textNationalID: textDOB(): intCore and sensitivedata is sharedwith other certifiedagenciesPublic API Projection 2ID : GuidPublicMoniker: textDisplayName: textDOB(): intCore data -- excludingsensitive bits --is shared withother agenciesand authorisedusersPublic API Projection 3Enrolled:boolDOB(): intNo sensitive data isshared

  • /home/skysigal/public_html/data/pages/it/ad/6a/home.txt
  • Last modified: 2023/11/04 03:20
  • by