Access Management , Identity & Access Management , Next-Generation Technologies & Secure Development

Solving the Identity and Access Problem Across Domains

Solving the Identity and Access Problem Across Domains

Government agencies increasingly have a mandate to control access to their data and applications; not by firewalling their assets from view, but by managing access to properly authenticated individuals at the appropriate level of assurance. Yet while there is a large potential population of users holding strong credentials like CAC and PIV cards, integrating these identities into application and data access policies can be a challenge. Furthermore, we live in an increasingly multi-channel world, where the same data may be access through a web application, on a mobile device, or through encrypted email. How can an organization solve the cross-domain identity and access control problem?

See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion

In this session you will learn:

  • Where to look for cross-domain data flow problems
  • Strategies for managing identities and provisioning access
  • How to craft access policies
  • How to enforce policy in a multi-channel scenario


The US Government has invested heavily over the years in identity and access management, including the DoD CAC program and expansion with HSPD-12 to include PIV and PIV-I credentials. The vision of the Federal Bridge CA includes the creation of an interoperable policy framework that allows applications within one domain to obtain some level of trust concerning credentials issued by an independently controlled network of issuing authorities in other domains. But with the scope of this project comes a level of complexity and a range of enabling technologies that may seem daunting.

At the same time, the need for agencies to paradoxically both control and share information has increased dramatically. Forces from the consumer internet world are also reshaping the way individuals think about accessing information, so the basic model of managing user access to application-managed information has now expanded to include multiple synchronous and asynchronous access channels. An application may be enabled to distribute information through encrypted email, or may provide a secure API to allow applications in other domains to create mash-ups including data from multiple sources.

But there is a pragmatic way to address this complexity. By focusing on the specific needs of individual applications and agencies, and by taking a policy-centered approach, organizations can reliably and comprehensibly provide access to their data without getting lost in the complexities of the enabling technologies. By separating policy and information flow from underlying technology standards, a durable future-proof infrastructure can be created. Binding to a wide range of current and emerging technical standards then does not require reworking the implementation approach

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.