Managing Identity and Access in the Defence Environment


  1. Zeber, S.
  2. Magar, A.
Corporate Authors
Defence Research Establishment Ottawa, Ottawa ONT (CAN);Magar Security Architecture Inc, Ottawa ONT (CAN)
Information in the defence environment is managed across many separate networks and a variety of system resources by a diverse, often dynamic, population of users. The information is distributed across different classification levels and information at a particular classification level may be subject to further caveat separation restrictions. It is both a requirement and a challenge in this environment to ensure that the information and the system resources are used and managed to support operations effectively, but in compliance with established security policies. Enforcing security policies in this environment requires the capability to manage the identities and access privileges of users and administrators in a trusted manner. Two innovative technologies have recently evolved that, when used collaboratively, provide this capability in support of security policy enforcement. One is Public Key Infrastructure (PKI) technology, and the other is Privilege Management Infrastructure (PMI) technology. This paper presents the results of initial studies undertaken to determine how these two technologies can be combined in a content-based information security model to enable the enforcement of trusted multi-caveat separation and, eventually, multi-level security for this environment. TRUNCATED

Il y a un résumé en français ici.

Public Key Infrastructure;Public key systems;Digital Signatures;Network security;Access control;Access management;Authentication;Multi-level security;Privilege Management Infrastructure;Access rights;Information security;X.509;Certificates;Provisioning;Biometrics;Caveat separation;Smart cards;Sensitivity labeling;Content based information security
Report Number
DRDC-OTTAWA-TM-2002-056 — Technical Memorandum
Date of publication
01 Apr 2002
Number of Pages
Hardcopy;CD ROM

Permanent link

Document 1 of 1

Date modified: