Federal / Department of Defense (Fed/DoD) Case Studies

federaldodcasestudyround02

Trusted Authorization Policy Engine (TAPE)

For Planning Systems Inc. (PSI), acquired by QinetiQ USA in 2006. Trusted Authorization Policy Engine (TAPE) is a modern authorization service that provides attribute based access control (ABAC) decisions for user access to resources within a network domain that it protects. Decisions are based on attributes of subjects, resources, environments and standardized access policies. TAPE’s feature set includes:

tapefeature01
Authorization decision engine
tapefeature02
Policy management through dedicated graphical user interface (GUI)
tapefeature03
System management through dedicated GUI and/or command line interface (CLI); includes system configuration and control, audit log management and patch management
tapefeature04
Auditing and review capabilities
TAPEdiagramSample01

federaldodsecondlevelmenu02

What was the challenge?

InfoTech was approached by Planning Systems Inc. (PSI) to create a system that enables an organization to secure and monitor access to their enterprise resources, by identifying who is trying to access and what are they’re allowed to see. As more of PSI’s systems were transitioning to the web, PSI required a different method than their legacy systems to authenticate and authorize its users.

federaldodsecondlevelmenu04

How InfoTech approached the challenge

InfoTech developed a system that provides authorization decisions based on user characteristics as well as environmental conditions – method also known as Attribute Base Access Control (ABAC). For example, if the security clearance of the user is greater than or equal to the security level of the resource requested and the current day is a working day, then allow access to the resource – otherwise deny access.

tapeourapproach01
We created a web-based user interface allowing administrators to create rules using a menu driven and visually enhanced interface to simplify the creation of complex rules.
tapeourapproach02
Our team implemented full auditing capabilities to log and report access activities.

federaldodsecondlevelmenu05

Benefits of TAPE

tapebenefit01
Cross-domain / cross-community authorization service for multiple environments.
tapebenefit02
Enables risk-adaptable policies (i.e., the ability to react to changing conditions in the environment).
tapebenefit03
Mediates transactions within and between networks at different security levels.
tapebenefit04
Brokers and resolves policies from multiple sources (e.g. Coalitions).
tapebenefit05
A uniform and standardized decision interface to multiple enforcement points in the enterprise (e.g., provides high level processing for gateways and filters).

federaldodsecondlevelmenu06

Technologies

metcasttechnology01
HTTP / HTTPS and web services
tapetechnology01
Apache Ant
tapetechnology02
Apache Tomcat
tapetechnology03
Haskell
tapetechnology04
MySQL
tapetechnology05
Java

federaldodsecondlevelmenu07

Project Status

metcaststatus01

Time

Delivered on time

metcaststatus02

Budget

Delivered on budget

federaldodsecondlevelmenu08

Contract Type

metcastcontract01
Sub-contract to PSI (Navy client)
metcastcontract02
Fixed Cost

federaldodsecondlevelmenu09

Sample Screenshots

tapescreenshot01

Policy Administration Point : User / Resources Attributes

Administrators can browse and manipulate the attributes used to create the conditions that specify if a user has the right to access a certain resource. Attributes can be defined for subjects, resources and environments.

User Resources Attributes
tapescreenshot02

Policy Administration Point : Access Control Policies

Administrators can browse and manipulate the rules that specify if a user has the right to access certain resources. A rule is simply a set of conditions. A rule is true if all its conditions are true. The screen provides an easy-to-use tree view of all the rules in the database.

Access Control Policies
tapescreenshot03

TAPE Internal Configuration

The administrator controls TAPE’s internal configuration. The internal configuration consists of system settings (e.g. operation mode), log settings (e.g. size, filters) and the policy to be used when making authorization decisions. This screen also provides a test function. It allows administrators to test a new/updated access policy before making it operational.

Tape Internal Configuration

InfoTech Solutions for Business 14 June,2013

Comments are closed.

About Us

InfoTech Solutions for Business, Inc. (InfoTech) is a privately owned software house and system integration company. We have a variety of products including, financial research systems, software to manage direct response media campaigns and labor management software. We also have a variety of practices including, IT outsourcing, hosting and cloud services, custom application development, social media development and application development for the Federal Government / Department of Defense. Headquartered in midtown Manhattan, NYC, with satellite offices in the U.S. only, InfoTech is a Microsoft Certified Partner and GSA approved contractor with multiple credentials and certifications. The company’s clients include some of the most prestigious banks, media companies, government agencies, and small to mid-size companies representing a wide range of industries.

more details

Hire

more positions

CONTACT US

InfoTech Solutions for Business © 2024 All Rights Reserved.

Admin

contactus01

Apply For A Position

Your Name

Your Resume

Email Address

Your Phone

Currently Employed?

Currently EmployedNot Employed

Company Name (Current/Prior)

Your LinkedIn URL

Your GitHub URL

Your Website

Other URL

Subject

Message

[recaptcha your-recaptcha]

×
MENU