Dynamic AccessID Network & Toolkit
Use Case for Zero Trust Orchestration
By Ron Martin, Federal Identity, Credential and Access Management expert
This network and toolkit is approved under the United States Department of Homeland Security, Science and technology’s Small Business Innovation Research (SBIR) program to improve Identity Credential Access Management (ICAM) used by crisis and emergency managers. The SBIR Topic title is ICAM On- The-Fly.
The Incident Commanders (ICs) must have the confidence that all first responders outside of the IC’s jurisdiction have the requisite certifications needed to support the IC’s event requirements. Currently, there is no nationwide authoritative source to verify and authenticate first responder credentials. The Dynamic AccessID Network & Toolkit will establish this reliable source. The Dynamic AccessID Toolkit is the first open specification and process that will enable the IC to verify and authenticate identities and certifications at the incident scene.
The Federal Identity, Credential and access management (ICAM) construct establishes the framework where personal and non-personal identities will be captured and federated into the Dynamic AccessID Network. The resultant digital identity and a derived credential will then be used ‘on-the-fly’ by first responders and enable them to share crucial information during an emergency. The Dynamic Federation capability is the authoritative source the first responder community will use. Some of the challenges faced by first responders were outlined in DHS Project Report 5 and is the focus of this effort. They are 1) cooperation between first responder communities, 2) the establishment of a consent-related trust mechanism, 3) third party card/credential integration, and 4) specific onboarding of applications for first responder communities.
The Dynamic Crisis Catalog Service to onboard systems acts as an authentication policy enforcement point, and the systems provide authorization, policy decision, and information points. The Incident Manager will be able to dynamically establish an AccessID Network specifically to manage these communications to onboard both participants and systems relevant to crisis communications. The dynamic nature of this network is designed to offer rapid deployment of necessary infrastructure (i.e., ad hoc) as well as to minimize the risk to the systems outside of the incident parameters by reducing its attack surface.