Office of Justice Assistance - Initiatives for Secure Information Sharing

The WIJIS Development Team has become a nationally recognized leader in the field of justice integration and information sharing by consistently pushing the edge of the envelope, designing fresh new applications that solve the most pressing issues facing the industry today. The following applications have been developed by the WIJIS Team and ensure privacy protection while maintaining transparency and accountability in a secure information sharing environment.

1) Cascading Disclosure Control Language

2) Federated Identity Management

For information on the specifications of these applications please visit www.wijiscommons.org or contact Program Director, Jim Pingel (608) 266-3323.

Cascading Disclosure Control Language

Why do we need disclosure control?

Electronic information sharing is fast becoming critically important for law enforcement entities around the world. However, the more we share information, the more various liabilities emerge, including legal jeopardy, privacy concerns, operational confidentiality, and issues of public policy.

These liabilities will cripple or terminate any information sharing initiatives that are unable to precisely and confidently control disclosure. Moreover, any successful disclosure control mechanism must be transparent to survive scrutiny and rule-based to remain affordable.

Transparency

A transparent system is one for which actions and behavior can be readily inspected. To the degree the inspection is obstructed by cost, inconvenience, or legal encumbrance (such as Nondisclosure Agreements), its transparency is diminished.

Transparency does not necessarily refer to public transparency, in which the reviewers are members of the public. Transparency is a simpler quality: that authorized observers can understand and verify what the system is doing.

Disclosure control that doesn't support transparency is not easily trusted and is very easily challenged, and when the challenges come, they may be hard to refute.

Rule-Based Control

Because disclosure policies can be very complex and variable, the only way to implement such policies is to either write them out in program code or to codify them as rules. Rules are machine-readable directives that can readily be maintained outside of the program code that executes them.

Rules are cheap, sturdy, flexible, and transparent. There is no need for ongoing re-coding projects to address the dynamic nature of disclosure policy. Rules make disclosure control affordable.

Cascading Disclosure Control Language (CDCL)

Clearly a transparent, high-confidence, rule-based solution, general in scope and independent of any one piece of software or data model, such as the Global Justice XML Data Model (GJXDM), is needed. WIJIS has begun conceptual work on such a solution. It's a technology called Cascading Disclosure Control Language (CDCL) and operates in the following manner:

1) At Runtime, the Engine references Rules uniformly complied into CDCL. The Engine uses only Rules that pertain to the Recipient, and that apply in the Execution Content

2) These Rules are applied individually to every information item in the Present Document.

3) The information is then filtered through the Rulesheet Deck to match the appropriate access level for the recipient user. When Rules specify conflicting Outcomes, they are resolved according to the Cascade.

4) In this manner, the output document is assembled on the fly; it may include all, some, or none of the originating document’s content.

The output document is guaranteed to be compliant with all of the rules in the Rulesheet Deck and can be safely released to the recipient user.

Benefits

It's cheaper to own. Changing the disclosure outcomes of the application is no longer a full-scale software project when using a rules-based approach.

It's sturdier. Since rulesheets are not part of the code, coding mistakes are not introduced into the system. Moreover, you do not even have to be a programmer to write rules. In fact, it’s best if you're not!

It supports transparency. It is orders of magnitude easier for any auditing entity (including the public) to verify the behavior of a set of CDCL rules than it is for them to analyze program code.

The increasing number of information resources available to Wisconsin criminal justice professionals provides many benefits, but is not without complications. The proliferation of unique user accounts on each different system, and of directories to manage them, consumes resources and poses security risks.

This problem is not unique to criminal justice, and WIJIS can draw upon a locally developed solution. The state Division of Enterprise Technology and the University of Wisconsin have been national leaders in developing a Federated Identity Management (FIM) approach to authenticating users from disparate information systems.

FIM can use existing user accounts for that purpose, leveraging the investments already made on their creation and management, and allowing organizations to maintain their current policies for establishing and sharing identities. At the same time as it establishes the links that allow “single sign-on” to occur, FIM also provides a security and encryption structure that protects against unauthorized intrusion at every potential point of access.

Users of systems with FIM will have fewer usernames and passwords to remember, creating a more user-friendly experience and reducing the risk of password compromise. And administrators may work more efficiently when existing user credentials are managed to establish secure access to their systems for the entire justice community.