Washington Integrated Justice Information Board

1
Justice Information Network Data Exchange
(JINDEX) Security and Business Requirements
Washington Integrated Justice Information Board
December 20, 2005
Scott Bream Department of Information Services
2
Issues

• Decision to move PCH/CACH application to
  production warranted review of security and
  authentication requirements.
• Production security requirements are more
  rigorous than pilot security requirements.
• Need to provide additional identifiers will
  require modification to King and Yakima County
  applications.
• Need to provide multiple authentication
  requirements over time will require need for
  constant re-coding and will prevent JINDEX from
  scaling.

3
Pilot Authentication Requirements

• Assumed that consuming entities (King and Yakima
  Counties) would be responsible and liable for
  allowing only authorized users access.
• King and Yakima Counties would be required to
  pass only their agency identifiers to back-end
  providers.
• Trust from consuming entities would be preserved
  through encrypted messaging between trusted
  servers.
• JINDEX will act primarily as a messaging switch,
  passing through the required credentials.

4
Pilot Authentication Model
King County
Yakima County
5
Provider-Driven Production Authentication Model

• Based on production requirements established by
  WSP and AOC.
• Requires input of end-user identifier in addition
  to consuming entity identifier.
• Creates need for King and Yakima Counties to
  modify applications.
• Becomes more complex as application grows.
• Not consistent with scalable, highly secure,
  re-usable Web Services best practices.

6
Provider-Driven Production Authentication Model
WSP ACCESS User Agreement
AOC User Agreement
King County
Burien Police
Burien Police ORI
Burien Police RACF
Seattle Police
WSP ACCESS User Agreement
Seattle Police ORI
Seattle Police RACF
AOC User Agreement
Yakima County
Yakima Police
Yakima Police ORI
Yakima Police RACF
City of Othello
WSP ACCESS User Agreement
Othello PD ORI
Othello PD RACF
AOC User Agreement
7
Input and Discussion
Washington State Patrol and Administrative Office
of the Courts will provide input on
authentication requirements and impacts on code
and scalability.
8
Possible JINDEX Authentication Model

• Assumes that consuming entities would be
  responsible and liable for allowing only
  authorized users access.
• Envisions creation of a centralized registration
  service for each consuming entity that identifies
  those data-providers to which they have been
  granted access.
• Would change the role of the JINDEX from simple
  message broker to trusted agent.
• Will require the creation of new JINDEX services
  outside the scope of the current contract with
  Online Business Systems.

9
Possible Centralized Authentication Model
King County
WSP
AOC
DOL
WSP
DOL User Agreement
AOC
Yakima County
DOL
WSP ACCESS Add-User Agreement
AOC Add-User Agreement
DOL Add-User Agreement
10
Questions?
Scott Bream, DIS scott_at_dis.wa.gov (360) 902-3460