Secure Information Sharing Using Attribute Certificates and Role Based Access Control

In this paper, we explore the issues involved with the design and rapid deployment of large scale secure information sharing (SIS) systems for coordination involved with multiple agencies. Procedures and tools were developed for setting up quickly the public key infrastructure (PKI) and privilege management infrastructure (PMI) for the multi-agency SIS systems. A multi-agency SIS testbed based on LDAP servers and web servers was built to explore the use of the attribute certificate, public key digital certificate, and role-based access control for secure access and efficient authorization. LDAP servers were enhanced to accept attribute certificates. The LDAP module for the apache web server was extended to submit the LDAP query based on the subject field of the client certificate, and to authorize the web access based on the attribute certificate return from a LDAP server. Preliminary performance of the SIS prototype shows that the techniques and tools developed can rapidly set up the PKI and PMI for a large scale multi-agency, web-based, SIS system and support secure web accesses based on the effective role-based access control and authorization. The main contribution of our paper is the development of framework that makes use PKI, RBAC, PMI, and webservices for information sharing based on authentication, authorization, and access. The framework and the software packages developed can be used to support the critical information and communication needs of a joint task force assembled for unexpected natural disasters, nuclear/chemical accidents, or terrorist attacks.