1

Privacy and Access Control Issues in Financial Enterprise Content Management with a

Web Services Integration Environment

Kevin H.S. Kwok Dept. of Computer Science &

Engineering, Chinese University of Hong

Kongkhskwok@yahoo.com

Dickson K. W. CHIUSenior Member, IEEE

kwchiu@acm.org, dicksonchiu@ieee.org

Patrick C. K. HUNGFaculty of Business and Information Technology,

University of Ontario Institute of Technology

Patrick.Hung@uoit.ca

FECMS-2

Introduction Financial enterprise content refers to the pieces

of information (in particular its Web sites), e.g., financial research, market commentary, calendar events, trading ideas, bond offerings, etc.

Published content Contributes highly to customer relationship

management (CRM) Provides valuable advices for decision making of client

investors, Has a high impact on the image and professionalism of

the enterprise Is also used for internal decision making

A good FECMS can produce high return on investment and is a valuable asset of the enterprise

FECMS-3

FECMS Overview

4T’s – tagging, taxonomy, templating, tiering

ContentPublishing

Engine

Content Creators

ContentReception

Engine

Content EditorialEngine

GlobalRepository

ManagementSystem

Content

Auto-forwardedContent

Content

SubscriptionData

User Profiles

Content

Web / WAP PortalProgrammatic interface for

Institutional clients

ContentUsers

Email / SMSto subscribers

Fax, conventionalmail, etc

Content

EditedContentTaxonomy

External ContentProviders

External ContentDistributors

ContentReception

Engine

ContentPublishing

Engine

Content EditorialEngine

Taxonomy

Taxonomy

FECMS-4

Management Objects and Concerns

4 Goals - Management, Cost, Legal issues, and Value Knowledge and organizational memory can be captured in

enterprise content (M) Replace semi-manual systems and integrated

heterogeneous systems (MCV) Replace current cost ineffective and bad time-to-market

hardcopy publishing and delivery of content (CV) Standardized enterprise-wide policies and business

processes provide a mechanism for content creation and management functions (M)

Metadata (taxonomy) about the content (MV) Integration with third-party FECMS or information sources to

form a service grid (MV) Help ensure compliance with relevant laws and regulations,

e.g., approval policy and procedures (L) Privacy and access control (MLV) CRM (CV)

FECMS-5

Challenges for FECMS Global system integration Content flow management Privacy and Access Control Issues

FECMS-6

Integration and Management Global system integration Content flow management

Heterogeneous existing systems and interfaces Both within and among enterprises Global system with multiple sites A mechanism for analysts all over the world to

contribute commentary and publish them Intrinsic value of a commentary depreciates

exponentially (therefore should be published in minutes

Contradicting requirements - editors and auditors have to check content publication against possibility of violation of laws and regulations, which vary across countries and states

FECMS-7

Privacy and Access Control Issues Information privacy - an individual’s right to determine

how, when, and to what extent information about the self will be released to another person or to an organization

Concerned with the confidentiality of the sensitive information such as

personal identifiable information (PII) health data

Privacy policies describe an organization’s data practices what information they collect from individuals (subjects) for what purpose the information (objects) will be used whether the organization provides access to the information who are the recipients of any result generated from the

information how long the information will be retained who will be informed in the circumstances of dispute

FECMS-8

Privacy and Access Control Issues (cont)

Access Control limiting access to information / resources only

to authorized users, programs, processes, or other systems

on a need-to basis according to the authentication of their

identities and the associated privileges authorization

should be extended with an enterprise wide privacy policy for managing and enforcing of individual privacy preferences

U.S. Privacy Act of 1974

FECMS-9

Privacy and Access Control Issues (cont)

Threats Unauthorized disclosure, modification and destruction of

information Unauthorized utilization and misuse of resources Interruption, unknown status and repudiation in workflow

execution content access Denial of service from stakeholders or resources Corruption of stakeholders Come from insiders and from the outsiders in each

organization Consequences

cause disasters to internal management decision affect valuable external client investors lead to severe damage of enterprise reputation even legal responsibilities

FECMS-10

Technologies Employed in Integration

Web Services and XML standards for integration Simple Object Access Protocol (SOAP) Universal Description, Discovery and Integration (UDDI) Web Services Description Language (WSDL)

Advantages standard technologies wrapping of existing systems / sub-systems both inter- and intra-enterprise integration support both human and programmatic interfaces firewall friendly open platform synchronous (such as WS-Transaction) and

asynchronous messaging faster time to production convergence of disparate business functionalities significant reduction in total cost of development easy to deploy business applications for trading partners

FECMS-11

Technologies Employed in Privacy and Access Control

Enterprise Privacy Authorization Language (EPAL) formalize privacy authorizations for actual

enforcement intra- or inter- enterprise abstract data models and user-

authentication from all deployment details an interoperability language for defining

enterprise privacy policies on data handling practices

fine-grained positive and negative authorization rights

FECMS-12

FECMS Architecture and Security

Content Creation Web Service

Content Delivery Engine Content Delivery

Engine

Content Reception Engine

Content Publishing Engine

Content Editorial Engine

Web Services

UDDI

UDDI

External Content Users

Fax, Conventional Mail, etc

Global Repository Management

System

UDDIUDDI

UDDI

Intranet

Internet

DMZ

UDDI

Firewall

Firewall

Web Services

UDDIPublic UDDI

Registry

Private UDDI Registry

Web Service

s

Web Services

Web ServicesWeb

Services

InternalContent Users

UDDI

HTTP

SMTP / SMS

InstitutionalUsersExternal Content

Providers

External ContentDistributors

Content Creators

Major Privacy and Access Control

Content

EditedContent

Auto-forwardedContent

User ProfilesTaxonomy

Content

Web (HTML) / WAP (WML) Portal

Web Service for Institutional clients

Email (SMTP) / SMS to subscribers

Content

Web (HTML) Portal Subscription DataTaxonomy

Web Services

Taxonomy

FECMS-13

Enterprise Content Conceptual Model

Generated Content

Received Content

*

*

*

*

generates

Category

Content User

*

*

*

*

subscribed toExternal Content Provider

*

*

*

*

provides

External Tag*

*

*

*uses

Global Tagaccording to

Access Control

1

*

1

*

belongs to

Mapping

*

1

*

1

*1

*1 ** **

1

*

1

*

Local Tag

Created Content

Content

1..*1..*

11access

Content Creator(from Use Case View)* 1*

+Content Composer

1create

**

+Content Editor

edit

*

+Content Audi tor

*

audit

**

+Content Approver

approve

Enterprise Units

uses

FECMS-14

Privacy and Access Control Requirements Elicitation

Identify the information entities to be protected

Identify the entitlement and protection that should be imposed on the stakeholders

By tracing the information flow of the information entities to be protected, identify the processes during which such protection should be enforced and hence the detailed protection policies as well as the required enhancement to existing system components

Identify any modification of the existing content flow or content management process required

FECMS-15

Key information entities to be protected

The major concern of an FECMS is naturally the vast amount of content

Almost equally important are the personal information PII and profiles of content users (in particular customers)

Users’ activity records should also be protected because of privacy requirements. This is often inadequately handled in existing systems

Content and user taxonomies though mostly visible to the content management software systems should be maintained only by specialists.

FECMS-16

Privacy and access control strategies

Reception of contents into an FECMS should be adequately monitored and controlled

Sophisticated content access control should be exercised over content creators and supervisors, according to content flow and process requirements

Based on the ‘need-to-know’ principle role-based access control technology by matching users’

roles and authorization with the classification of content items.

Inference of tags should be supported in matching for ease of flexibility specification (e.g., subscription to Asia => China and HK, Stock => warrants)

PII Access control should be strictly restricted to the user himself and to user managers

taxonomies’ protection - tight control for only specialists’ access

FECMS-17

Content Reception Engine

Publish and Subscribe mechanism

Separation of Active Rule / Analytical Module

Event-Condition-Action (ECA) Rules

Re-classify received content

Forward a selection of received / generated content to relevant analysts and Content Creators

Forward selected content for immediate publishing

FECMS-18

Content Reception Engine Protection

Strict verification and authorization before accepting new Content Providers

Security tokens (for sessions) - Security Assertions Markup Language (SAML)

Web Services Security (WS-Security) - message integrity, confidentiality, and single message authentication

condition = “Designated_Specialists = FALSE”> Provides authorized to provide only certain types of content

(based on tags) Sources maliciously flooding the system may even be totally

rejected Quarantine contents from problematic providers: specialists’

examination only Content items of sensitive topics (say, politics and major market

changes) are forwarded to and only accessible to designated specialists for approval

FECMS-19

EPAL example <ALLOW

user-category = “Content_Provider”data-category = “Any_Content”purpose= “Distribution”operation = “publish”condition = “Authorization_Clearance = TRUE”>

<DENYuser-category = “Content_Users”data-category = “Politics_Content”purpose= “Any”operation = “access”condition = “Designated_Specialists = FALSE”>

FECMS-20

Content Editorial Engine

Typical Content Flow A Content Author creates

a piece of content, determines its tier and tags

Content sent to Content Editor for revision.

Approved by Content Approver.

If Content Editor suspects violation of laws / regulations, content is sent to a Content Auditor. Before the Content Auditor’s approval, customers from those countries cannot receive or read it.

FECMS-21

Content Editorial Engine Protection

Need-to-know principle Capability matching of personnel to content tags Content in progress may be incomplete and error prone - only

accessible to the author before approval Content Creator cannot update content items submitted for

editing, unless editors request for their amendments because the content editor is possibly updating it

Content auditors can change or remove all content items classify under their capabilities plus regional restrictions

Supervisor override read access all content items under their subordinates’ work unless

otherwise classified update access should require managerial approval manager of a department can access all content items under work

for that department Update access rights of reassign work of a rerouted content

item

FECMS-22

Content Publishing EngineContent is sent to the user

via email, SMS, and/or ICQ

as specified by interactive users at subscription time.

Web Services to the access point as specified by programmatic (usually institutional) users.

Indirectly through external Content Distributors Data & Content

Warehouse Admin. Module

Content Search Module

Content Publication Engine

Content Delivery Module

Web / WAP Access

Con

tent

Web Service Application Logics

XSL ProcessorContent Access Portal

Web Services Programmatic

Access

Public UDDIRegistry

InstitutionalUsersInteractive

Users

AdministrativeUsers

Admin. Access

Content Reception Engine

ContentEditorialEngine

ContentDistributors

Global RepositoryMgmt Sys

SMS, email,

ICQ, etc.

Major Access Control

XSL

FECMS-23

Content Publishing Engine Protection

RBAC matching users’ roles and authorization with the

classification of content items Simple tiering is not enough subscription payment regional locale (because of legal requirements) a more refined customer segmentation

Different parts of content may have different access control (summaries are lower)

Users’ classification change Remove conflicting subscription categories Check authorization before the distribution of every

content item

FECMS-24

Global Repository Management System

Provides backing support for user information and consistent global taxonomy

Maintains users’ access to various global and regional Web sites as a single entity

Keep minimal vital information Improve performance and reliability, replication

techniques (cf. Oracle) Protection

strict authorization and through software systems only Users are allowed to view and update their profiles after

authentication broker or financial advisor (and the advisor‘s supervisors)

of a user can read access a user’s profile and update it only upon authorization

update access rules when supervisors assign temporary or alternate brokers or financial advisors

Secrecy of content users’ usage data

FECMS-25

System Integration with Web Services

Maintain autonomous sub-systems in various units of the enterprise

XML-based standards A convenient architecture to support both

human (B2C) and programmatic interfaces (B2B)

Unified platform for both inter- and intra- organizational interfaces

FECMS-26

Example: publish-and-subscribe through Web Services

An institutional user submitting a request to the updateSubscription Web Service of a Content Publishing Engine (parameters: categories of required content, the address of its own reception Web Services access point)

The institution user has to implement a Web Service conforming to the specification of the receiveContent service of the Content Reception Engine.

The Content Publishing Engine verifies the request and relays successful request to the Global Repository Management System.

When new content arrives at the Content Publication Engine, the engine queries the Global Repository Management System through its getSubscribedUsers Web Service, with the tier and tags of the new content as parameters.

If the institutional user is included in the list, the Content Delivery Module of the Content Publication Engine will invoke the user-specified Web Service accordingly to deliver the piece of content.

FECMS-27

Technical Advantages

Complex FECMS decomposed into a set of highly coherent but loosely coupled sub-systems

Easier for security analysis and identify flaws in content management processes

Highly scalable and interoperable Web Services allow no practical limitations in implementation

platform For legacy systems, wrappers may be built around them Gradual migration into FECMS possible Generic architecture for other service oriented industries -

software houses may develop packages with our approach External Web Service interfaces are simple – possible for SME

to participate content exchange

FECMS-28

Conclusions Studied the requirements and technical

problems of ECM in financial industry A practical enterprise content model and

architecture Identified key privacy and access control

requirements and policy Design of FECMS components for effective

and timely content flow management Use of Web Services / EPAL for inter- and

intra- enterprise FECMS integration.

FECMS-29

Future Work

Application of Semantic Web technologies in content management, flow, and distribution

Watermarking to reinforce document management policies by supporting non-repudiation in the document distribution protocol (HICSS36)

The application of an advanced workflow management system in FECMS, such as ADOME-WFMS

Using the concept of flows and alerts in workflow based information integration (HICSS37)

In depth study of relations to CRM (HICSS36) Document service negotiation