News Articles 2015

News Articles 2015

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Overview

This IC/DoD enterprise encoding specification defines requirements and provides guidelines for the realization of the Content Discovery and Retrieval (CDR) Retrieve Component as a web service using both the REST style and SOAP bindings, hereafter termed a Retrieve service. This component provides a common interface and behavioral model for IC and DoD content collections, enabling content consumers to retrieve relevant content resources from disparate collections across the IC/DoD Enterprise. The content of this specification describes a Retrieve service’s interface and other aspects in detail, providing enough information for Retrieve service providers and implementers to create CDR-compliant Retrieve services.

The Retrieve Component, as defined by the Intelligence Community/Department of Defense (IC/DoD) CDR Specification Framework, serves as a “pull” mechanism to access the information resource.

The REST Retrieve Component relies on mechanisms that are already well established in the internet infrastructure:
The SOAP Retrieve specification covers the following aspects of a SOAP-based Retrieve Component:
  • Service Interface defines the base SOAP constructs to expressing inputs, outputs, and faults
  • Implementation provides additional implementation guidance beyond the behavior and interface guidance
  • Reference Documentation provides references to other CDR and community artifacts (i.e., CDR Reference Architecture)
The Retrieve Component supports the retrieval for a specified resource from a Content Collection. The Retrieve Component, as defined, can only support returning a resource directly to the requestor. It cannot redirect output to a component other than the requestor. In addition, no special handling instructions (e.g., routing) may be specified.

This specification supports Intelligence Community Directive 501(ICD 501), Discovery, Dissemination or Retrieval of Information within the Intelligence Community, which establishes policies for (1) discovery, and (2) dissemination or retrieval of intelligence and intelligence-related information collected, or analysis produced by the Intelligence Community.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package. This specification is maintained by the IC Chief Information Officer via the Services Coordination Activity (SCA) and Content Discovery and Retrieval Integrated Product Team (CDR IPT).


Value Proposition

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community and Department of Defense Enterprise(IC/DoD). Features of this specification are to:
  • Enable retrieval of an identified content resource from the Content Collection in which it is stored.
  • Initiate delivery of the retrieved resource to the requestor or to a designated alternate location using the Deliver Component.

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Overview

This IC/DoD enterprise encoding specification defines requirements and provides guidelines for the realization of the Content Discovery and Retrieval (CDR) Brokered Search Component as a web service using both the SOAP messaging protocol and the RESTful OpenSearch [OS] standard (intended to provide minimal requirements for implementing an OpenSearch search broker), hereafter termed a Brokered Search service. The Brokered Search Component serves as the primary mechanism to 1) facilitate the distribution of queries to applicable/relevant Search Components and content collections. These Search Components expose and 2) aggregate the results returned individually into a single uniform results set. The content of this specification provides enough information for Broker Search Component providers and implementers to create CDR-compliant Brokered Search Components, the specification describes a Brokered Search Component’s behavior, interface, and other aspects in detail.

The Brokered Search Component uses the basic functionality described by the Search Component for a single search. Additional inputs and outputs are defined as needed to support the four activities that underpin Brokered Search capabilities: brokered search coordination, source identification, search component invocation, and federation results processing. A Search component’s results are resource metadata rather than actual content resources. In the context of Search, resource metadata generally refers to a subset of a resource’s available metadata, not the entire underlying record. The Search Component returns metadata about a resource, which may sometimes describe the underlying resource (e.g., an image), while other times representing a sub-set of the data that makes up a resource (e.g., a collection of attributes). In some cases, the metadata returned from an instantiation of the Search function and the Retrieve function, which returns a resource itself, may happen to be the same, though this is considered an edge condition. Some of the information contained within each Search result may provide the information necessary for a consumer to retrieve or otherwise use a resource.

This specification supports Intelligence Community Directive 501(ICD 501), Discovery, Dissemination or Retrieval of Information within the Intelligence Community, which establishes policies for (1) discovery, and (2) dissemination or retrieval of intelligence and intelligence-related information collected, or analysis produced by the Intelligence Community.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package. This specification is maintained by the IC Chief Information Officer via the Services Coordination Activity (SCA) and Content Discovery and Retrieval Integrated Product Team (CDR IPT).

Value Proposition

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community and Department of Defense Enterprise(IC/DoD). Features of the Brokered Search Specification are to:

  • Facilitate the distribution of queries to applicable/relevant Search Components and content collections these Search Components expose.
  • Aggregate the results returned individually into a single, uniform results set which is returned to the Consumer Component.

 

Latest Approved Versions


Previous Versions

 

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Overview

This Access Control Encoding Specification for Information Security Markings (ISM.ACES) defines detailed implementation guidance for providing access to documents based on ISM data. This Access Control Encoding Specification (ACES) defines the use of combinational logic between data and user/entity attributes. This logic is intended to be used in the decisional process of access control decisions based on XML elements and attributes that represent ISM data concepts and the associated user attributes.

The Access Control Encoding ISM specification (ISM.ACES.V1) furthers IC Enterprise goals by codifying mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions. Historically, access control decisions have been made in local environments based on local interpretations of agreements and policies resulting in decisions that are not uniform across the entire enterprise. ACES OC hope to reduce the need for such local interpretations and further the goal of improving data exchanges and processing of information by documenting and encoding the enterprise interpretation. ACES OC provide both abstract and concrete guidance for making access control decisions. The generic abstract guidance is intended to be used in various contexts for making informed access decision logic, but it is the goal of ACES ISM is to also provide concrete guidance in appendixes or separate annexes for certain contexts.

The presence of ISM data attributes within a data asset specifies that the data asset is controlled by the rules in this ACES and any contextually relevant annexes of this document. This ACES has no need to express information beyond what is already expressed in the ISM attributes. As such, no specific NTK Profile is necessary. This specification describes the mapping of dissemination related data attributes to a user's/person's attributes or a NPE's accreditation that are determined to be sufficient for access and can be used to make informed available and accurate dissemination decisions.

This is the first release of the specification and therefore provides no backward capability.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).

Technical Specification Downloads

Latest Approved Version



Previous Versions Currently Mandated in the Baseline [ER2 and DISR]


Retired Versions


  • None

Mission Requirements


This specification depends upon the following specifications:  XML Data Encoding Specification for Need-To-Know (NTK.XML.V8+) version 8 or higher

This specification defines & baselines Access Control Encoding for OC (Originator Controlled) and establishes allowable use of encoding logic values between data and user/entity attributes for the IC Enterprise.

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710,and ICPM) - 2007-200-2 among others.

This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.

This specification supports common understanding and use of access control encoding for originator controlled mappings to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Overview

This Access Control Encoding Specification for Information Security Markings (ISM.ACES) defines detailed implementation guidance for providing access to documents based on ISM data. This Access Control Encoding Specification (ACES) defines the use of combinational logic between data and user/entity attributes. This logic is intended to be used in the decisional process of access control decisions based on XML elements and attributes that represent ISM data concepts and the associated user attributes.

The Access Control Encoding ISM specification (ISM.ACES.V1) furthers IC Enterprise goals by codifying mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions. Historically, access control decisions have been made in local environments based on local interpretations of agreements and policies resulting in decisions that are not uniform across the entire enterprise. ACES OC hope to reduce the need for such local interpretations and further the goal of improving data exchanges and processing of information by documenting and encoding the enterprise interpretation. ACES OC provide both abstract and concrete guidance for making access control decisions. The generic abstract guidance is intended to be used in various contexts for making informed access decision logic, but it is the goal of ACES ISM is to also provide concrete guidance in appendixes or separate annexes for certain contexts.

The presence of ISM data attributes within a data asset specifies that the data asset is controlled by the rules in this ACES and any contextually relevant annexes of this document. This ACES has no need to express information beyond what is already expressed in the ISM attributes. As such, no specific NTK Profile is necessary. This specification describes the mapping of dissemination related data attributes to a user's/person's attributes or a NPE's accreditation that are determined to be sufficient for access and can be used to make informed available and accurate dissemination decisions.

This is the first release of the specification and therefore provides no backward capability.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).

Technical Specification Downloads

Latest Approved Version



Previous Versions Currently Mandated in the Baseline [ER2 and DISR]


Retired Versions


  • None

Mission Requirements


This specification depends upon the following specifications:  XML Data Encoding Specification for Need-To-Know (NTK.XML.V8+) version 8 or higher

This specification defines & baselines Access Control Encoding for OC (Originator Controlled) and establishes allowable use of encoding logic values between data and user/entity attributes for the IC Enterprise.

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710,and ICPM) - 2007-200-2 among others.

This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.

This specification supports common understanding and use of access control encoding for originator controlled mappings to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.