N-Dex User Access
Accessing the N-DEx system.
1. Document Purpose
The purpose of this document is to provide criminal justice agencies with an informational overview of the various methods for accessing the N-DEx system.
2. User Access
Historically, access to CJIS systems has been handled through a state message switch at each CJIS systems agency (CSA). Each state agrees to be responsible for the security of and access to CJIS systems by signing a user agreement with the CJIS Division. In turn, the state has agreements with the local agencies requiring them to adhere to all CJIS Division and state polices. With improvements in information sharing as well as technological advancements, new ways of accessing CJIS systems have become available. Currently there are two methods for accessing the N-DEx system.
Portal connections allow users full functionality of the N-DEx system. Users connecting through this method have the ability to do searches as well as take advantage of other N-DEx capabilities such as visualization, subscription, and notification and collaboration.
2.1.1 Law Enforcement Online (LEO)
N-DEx users with a LEO account can access the N-DEx portal through a link on the LEO homepage. The process for obtaining access through LEO is further described in the link below.
2.1.2 Access to N-DEx Portal via Hyperlink Agency System
For this method of access, N-DEx trusts the identity provided by the requesting agency’s system. As a trusted identity provider, users log into their system and click a link from their portal and access the N-DEx portal without being required to present another username/password combination. Instead, the agency identity provider will provide an assertion indicating the user is valid and should be granted access to the N-DEx system and receive the full capabilities and services the N-DEx system offers.
This capability is only implemented in configurations that comply with all CJIS technical, physical, and personnel security policies. The prerequisites for an agency to use this connection are:
- A network infrastructure
- An ability to create a mechanism to allow users access (SAML assertion)
- A predefined set of attributes passed securely to N-DEx
- An ability to comply with CJIS security policy
2.1.3 Advantages and Disadvantages of Portal Connection
- Users can view N-DEx data directly from the N-DEx portal with their existing account.
- Users will be able to access all N-DEx tools that are available within the system, e.g., visualization, subscription, collaboration.
- Access can be managed and easily granted based on best practices.
- Users will have to perform separate queries of their system and N-DEx as each system will provide standalone results.
2.2 Logical Entity eXchange Specifications-Search and Retrieve
N-DEx users now have the ability to have their system query N-DEx and return the search results into their application. This functionality is provided via the N-DEx Logical Entity eXchange Specifications-Search and Retrieve (LEXS-SR) interface. This method utilizes web services which are machine-to-machine message-based interfaces. The web services between N-DEx and a remote partner site, i.e., region or state system, will utilize the LEXS-SR standard exchange. Agencies wanting their users to search and retrieve N-DEx data while utilizing their system’s proprietary services and capabilities have that option utilizing the LEXS-SR standard exchange. The LEXS-SR provides a method to share information for discovery and analysis between two systems. The rerequisite for connecting to N-DEx via LEXS-SR is having the ability to create an xml LEXS-SR message with defined tags recognized by the N-DEx system and the infrastructure to support it.
2.2.1 Advantages and Disadvantages of LEXS-SR Connection
- Many users are comfortable with their existing interface for investigative analysis work.
- Agencies can set up their IT systems to query N-DEx via web services and incorporate the search results into their home portal.
- Access can be managed and easily granted based on existing best practices.
- There is no access to subscription, notification, and collaboration capabilities.
- Data returned is a subset of what is actually in N-DEx, so a user wishing to perform more in-depth analysis would have to access the N-DEx System via the N-DEx portal.
- Tracking of queries must be pulled from both systems’ audit logs.
- Additional work may be required by an agency to display the results within their system’s interface.
3.0 Establishing a Connection
Criminal justice agencies should contact the N-DEx liaison specialist for further information and to determine which connection will be most beneficial to their users.