Identity, credential, and access management at NASA, from Zachman to attributes

To achieve the ultimate goal of attribute-based access control (ABAC), a robust architecture for Identity, Credential, and Access Management must first be established. The National Aeronautics and Space Administration (NASA) began formal development of its Identity, Credential, and Access Management Architecture using the Zachman Framework for Enterprise Architecture in June 2006. The Architecture provided the necessary structure to meet aggressive deadlines for issuance and use of the PIV smartcard. It also led to the development of NASA's Logical Access Control infrastructure to support not only PIV smartcards, but all authentication credentials in use at NASA. Use of the Zachman Framework has transformed the way that NASA looks at Logical Access Control, and has positioned NASA to provide robust attributed-based access control in the future. In this paper, we will discuss the Logical Access Control System (LACS) we are implementing at NASA, changes in the way NASA views Identity Trust and Level of Assurance, technical challenges to implementation, and our future vision for Identity, Credential, and Access Management.