The Federal ICAM Backend Attribute Exchange (BAE) v2 specifications have reached release candidate final status, and are now available on IDManagement.gov (See below for direct links to the specification).
The FICAM BAE v2 is a standards based architecture and interface specification to securely obtain attributes of subjects (e.g. PIV and PIV-I card holders, federation members with a unique identifier), from authoritative sources, to make access control decisions and/or to do provisioning.
The BAE v2 specification set consists of:
- BAE v2 Overview
- Federal ICAM Governance for BAE v2
- SAML 2.0 Identifier and Protocol Profiles for BAE v2
- SAML 2.0 Metadata Profile for BAE v2
- SPML 2.0 Read-Only Profile for BAE v2
[Currently being developed and tested via a pilot]
- BAE v2 allows you to implement a "Pull Based" Identity and Access Control Architecture
- We deliberately made sure that the "SAML 2.0 Identifier and Protocol Profiles, and the SAML 2.0 Metadata Profile" for BAE v2 can stand on their own and has no dependencies on the FICAM and/or Government Agency Governance processes. This allows any organization (commercial or otherwise) to implement a pull based identity architecture using a standards based and tested approach.
- Multiple COTS vendors have already baked in support for the BAE v2 technical profiles into their products. User guides for how specific products can be configured to support BAE v2 are currently being developed and will be available shortly.
- An implementation of BAE v2 has been deployed in the DHS S&T IdM Testbed for a while now, which has been used for T&E, pilots, as well as interoperability testing with vendor implementations. Recently, as part of an MOU between FICAM and DHS S&T, this implementation has been designated as the FICAM Reference Implementation for BAE v2. DHS S&T IdM Testbed, in partnership with the FICAM Lab (which will manage the test metadata) will be working to support the enablement of the BAE environment for use by US Federal Government departments/agencies and others.
Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!
This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.