The Backend Attribute Exchange (BAE) enables the exchange of identity and entitlement information about their respective users, enabling information systems to make access control decisions on data and services. This ensures inter-organization information sharing across organizational boundaries, maintains the sovereignty between organizations, and eliminates the redundant process of one organization managing and maintaining users of another organization.

Approach

In 2008, the Identity Management (IdM) Testbed partnered with the U.S. Department of Defense (DoD) Defense Manpower Data Center (DMDC) in Monterey, CA to collaborate on a proof-of-concept implementation of the BAE specification. The objective of this implementation was to validate the BAE approach, gain valuable implementation experience, and provide implementation feedback to stakeholders. In 2010, S&T conducted a pilot demonstration of the BAE with the National Security Agency (NSA) and the Defense Information Security Agency (DISA) to support the mission requirements of the homeland security/emergency response community and Northern Command (NORTHCOM) information sharing environments.

S&T efforts of the BAE profile were successfully transitioned to the Identity Credentialing and Access Management (ICAM) Subcommittee for other agencies to implement (2011) and posted on the Federal ICAM website at: http://www.idmanagement.gov/documents/SAML_V2_IP_Profiles.pdf

Contact

Email: SandT-Cyber-Liaison@hq.dhs.gov