Kevin H.S. Kwok Dept. of Computer Science & Engineering, Chinese University of Hong Kong
description
Transcript of Kevin H.S. Kwok Dept. of Computer Science & Engineering, Chinese University of Hong Kong
1
Privacy and Access Control Issues in Financial Enterprise Content Management with a
Web Services Integration Environment
Kevin H.S. Kwok Dept. of Computer Science &
Engineering, Chinese University of Hong
Dickson K. W. CHIUSenior Member, IEEE
[email protected], [email protected]
Patrick C. K. HUNGFaculty of Business and Information Technology,
University of Ontario Institute of Technology
FECMS-2
Introduction Financial enterprise content refers to the pieces
of information (in particular its Web sites), e.g., financial research, market commentary, calendar events, trading ideas, bond offerings, etc.
Published content Contributes highly to customer relationship
management (CRM) Provides valuable advices for decision making of client
investors, Has a high impact on the image and professionalism of
the enterprise Is also used for internal decision making
A good FECMS can produce high return on investment and is a valuable asset of the enterprise
FECMS-3
FECMS Overview
4T’s – tagging, taxonomy, templating, tiering
ContentPublishing
Engine
Content Creators
ContentReception
Engine
Content EditorialEngine
GlobalRepository
ManagementSystem
Content
Auto-forwardedContent
Content
SubscriptionData
User Profiles
Content
Web / WAP PortalProgrammatic interface for
Institutional clients
ContentUsers
Email / SMSto subscribers
Fax, conventionalmail, etc
Content
EditedContentTaxonomy
External ContentProviders
External ContentDistributors
ContentReception
Engine
ContentPublishing
Engine
Content EditorialEngine
Taxonomy
Taxonomy
FECMS-4
Management Objects and Concerns
4 Goals - Management, Cost, Legal issues, and Value Knowledge and organizational memory can be captured in
enterprise content (M) Replace semi-manual systems and integrated
heterogeneous systems (MCV) Replace current cost ineffective and bad time-to-market
hardcopy publishing and delivery of content (CV) Standardized enterprise-wide policies and business
processes provide a mechanism for content creation and management functions (M)
Metadata (taxonomy) about the content (MV) Integration with third-party FECMS or information sources to
form a service grid (MV) Help ensure compliance with relevant laws and regulations,
e.g., approval policy and procedures (L) Privacy and access control (MLV) CRM (CV)
FECMS-5
Challenges for FECMS Global system integration Content flow management Privacy and Access Control Issues
FECMS-6
Integration and Management Global system integration Content flow management
Heterogeneous existing systems and interfaces Both within and among enterprises Global system with multiple sites A mechanism for analysts all over the world to
contribute commentary and publish them Intrinsic value of a commentary depreciates
exponentially (therefore should be published in minutes
Contradicting requirements - editors and auditors have to check content publication against possibility of violation of laws and regulations, which vary across countries and states
FECMS-7
Privacy and Access Control Issues Information privacy - an individual’s right to determine
how, when, and to what extent information about the self will be released to another person or to an organization
Concerned with the confidentiality of the sensitive information such as
personal identifiable information (PII) health data
Privacy policies describe an organization’s data practices what information they collect from individuals (subjects) for what purpose the information (objects) will be used whether the organization provides access to the information who are the recipients of any result generated from the
information how long the information will be retained who will be informed in the circumstances of dispute
FECMS-8
Privacy and Access Control Issues (cont)
Access Control limiting access to information / resources only
to authorized users, programs, processes, or other systems
on a need-to basis according to the authentication of their
identities and the associated privileges authorization
should be extended with an enterprise wide privacy policy for managing and enforcing of individual privacy preferences
U.S. Privacy Act of 1974
FECMS-9
Privacy and Access Control Issues (cont)
Threats Unauthorized disclosure, modification and destruction of
information Unauthorized utilization and misuse of resources Interruption, unknown status and repudiation in workflow
execution content access Denial of service from stakeholders or resources Corruption of stakeholders Come from insiders and from the outsiders in each
organization Consequences
cause disasters to internal management decision affect valuable external client investors lead to severe damage of enterprise reputation even legal responsibilities
FECMS-10
Technologies Employed in Integration
Web Services and XML standards for integration Simple Object Access Protocol (SOAP) Universal Description, Discovery and Integration (UDDI) Web Services Description Language (WSDL)
Advantages standard technologies wrapping of existing systems / sub-systems both inter- and intra-enterprise integration support both human and programmatic interfaces firewall friendly open platform synchronous (such as WS-Transaction) and
asynchronous messaging faster time to production convergence of disparate business functionalities significant reduction in total cost of development easy to deploy business applications for trading partners
FECMS-11
Technologies Employed in Privacy and Access Control
Enterprise Privacy Authorization Language (EPAL) formalize privacy authorizations for actual
enforcement intra- or inter- enterprise abstract data models and user-
authentication from all deployment details an interoperability language for defining
enterprise privacy policies on data handling practices
fine-grained positive and negative authorization rights
FECMS-12
FECMS Architecture and Security
Content Creation Web Service
Content Delivery Engine Content Delivery
Engine
Content Reception Engine
Content Publishing Engine
Content Editorial Engine
Web Services
UDDI
UDDI
External Content Users
Fax, Conventional Mail, etc
Global Repository Management
System
UDDIUDDI
UDDI
Intranet
Internet
DMZ
UDDI
Firewall
Firewall
Web Services
UDDIPublic UDDI
Registry
Private UDDI Registry
Web Service
s
Web Services
Web ServicesWeb
Services
InternalContent Users
UDDI
HTTP
SMTP / SMS
InstitutionalUsersExternal Content
Providers
External ContentDistributors
Content Creators
Major Privacy and Access Control
Content
EditedContent
Auto-forwardedContent
User ProfilesTaxonomy
Content
Web (HTML) / WAP (WML) Portal
Web Service for Institutional clients
Email (SMTP) / SMS to subscribers
Content
Web (HTML) Portal Subscription DataTaxonomy
Web Services
Taxonomy
FECMS-13
Enterprise Content Conceptual Model
Generated Content
Received Content
*
*
*
*
generates
Category
Content User
*
*
*
*
subscribed toExternal Content Provider
*
*
*
*
provides
External Tag*
*
*
*uses
Global Tagaccording to
Access Control
1
*
1
*
belongs to
Mapping
*
1
*
1
*1
*1 ** **
1
*
1
*
Local Tag
Created Content
Content
1..*1..*
11access
Content Creator(from Use Case View)* 1*
+Content Composer
1create
**
+Content Editor
edit
*
+Content Audi tor
*
audit
**
+Content Approver
approve
Enterprise Units
uses
FECMS-14
Privacy and Access Control Requirements Elicitation
Identify the information entities to be protected
Identify the entitlement and protection that should be imposed on the stakeholders
By tracing the information flow of the information entities to be protected, identify the processes during which such protection should be enforced and hence the detailed protection policies as well as the required enhancement to existing system components
Identify any modification of the existing content flow or content management process required
FECMS-15
Key information entities to be protected
The major concern of an FECMS is naturally the vast amount of content
Almost equally important are the personal information PII and profiles of content users (in particular customers)
Users’ activity records should also be protected because of privacy requirements. This is often inadequately handled in existing systems
Content and user taxonomies though mostly visible to the content management software systems should be maintained only by specialists.
FECMS-16
Privacy and access control strategies
Reception of contents into an FECMS should be adequately monitored and controlled
Sophisticated content access control should be exercised over content creators and supervisors, according to content flow and process requirements
Based on the ‘need-to-know’ principle role-based access control technology by matching users’
roles and authorization with the classification of content items.
Inference of tags should be supported in matching for ease of flexibility specification (e.g., subscription to Asia => China and HK, Stock => warrants)
PII Access control should be strictly restricted to the user himself and to user managers
taxonomies’ protection - tight control for only specialists’ access
FECMS-17
Content Reception Engine
Publish and Subscribe mechanism
Separation of Active Rule / Analytical Module
Event-Condition-Action (ECA) Rules
Re-classify received content
Forward a selection of received / generated content to relevant analysts and Content Creators
Forward selected content for immediate publishing
FECMS-18
Content Reception Engine Protection
Strict verification and authorization before accepting new Content Providers
Security tokens (for sessions) - Security Assertions Markup Language (SAML)
Web Services Security (WS-Security) - message integrity, confidentiality, and single message authentication
condition = “Designated_Specialists = FALSE”> Provides authorized to provide only certain types of content
(based on tags) Sources maliciously flooding the system may even be totally
rejected Quarantine contents from problematic providers: specialists’
examination only Content items of sensitive topics (say, politics and major market
changes) are forwarded to and only accessible to designated specialists for approval
FECMS-19
EPAL example <ALLOW
user-category = “Content_Provider”data-category = “Any_Content”purpose= “Distribution”operation = “publish”condition = “Authorization_Clearance = TRUE”>
<DENYuser-category = “Content_Users”data-category = “Politics_Content”purpose= “Any”operation = “access”condition = “Designated_Specialists = FALSE”>
FECMS-20
Content Editorial Engine
Typical Content Flow A Content Author creates
a piece of content, determines its tier and tags
Content sent to Content Editor for revision.
Approved by Content Approver.
If Content Editor suspects violation of laws / regulations, content is sent to a Content Auditor. Before the Content Auditor’s approval, customers from those countries cannot receive or read it.
FECMS-21
Content Editorial Engine Protection
Need-to-know principle Capability matching of personnel to content tags Content in progress may be incomplete and error prone - only
accessible to the author before approval Content Creator cannot update content items submitted for
editing, unless editors request for their amendments because the content editor is possibly updating it
Content auditors can change or remove all content items classify under their capabilities plus regional restrictions
Supervisor override read access all content items under their subordinates’ work unless
otherwise classified update access should require managerial approval manager of a department can access all content items under work
for that department Update access rights of reassign work of a rerouted content
item
FECMS-22
Content Publishing EngineContent is sent to the user
via email, SMS, and/or ICQ
as specified by interactive users at subscription time.
Web Services to the access point as specified by programmatic (usually institutional) users.
Indirectly through external Content Distributors Data & Content
Warehouse Admin. Module
Content Search Module
Content Publication Engine
Content Delivery Module
Web / WAP Access
Con
tent
Web Service Application Logics
XSL ProcessorContent Access Portal
Web Services Programmatic
Access
Public UDDIRegistry
InstitutionalUsersInteractive
Users
AdministrativeUsers
Admin. Access
Content Reception Engine
ContentEditorialEngine
ContentDistributors
Global RepositoryMgmt Sys
SMS, email,
ICQ, etc.
Major Access Control
XSL
FECMS-23
Content Publishing Engine Protection
RBAC matching users’ roles and authorization with the
classification of content items Simple tiering is not enough subscription payment regional locale (because of legal requirements) a more refined customer segmentation
Different parts of content may have different access control (summaries are lower)
Users’ classification change Remove conflicting subscription categories Check authorization before the distribution of every
content item
FECMS-24
Global Repository Management System
Provides backing support for user information and consistent global taxonomy
Maintains users’ access to various global and regional Web sites as a single entity
Keep minimal vital information Improve performance and reliability, replication
techniques (cf. Oracle) Protection
strict authorization and through software systems only Users are allowed to view and update their profiles after
authentication broker or financial advisor (and the advisor‘s supervisors)
of a user can read access a user’s profile and update it only upon authorization
update access rules when supervisors assign temporary or alternate brokers or financial advisors
Secrecy of content users’ usage data
FECMS-25
System Integration with Web Services
Maintain autonomous sub-systems in various units of the enterprise
XML-based standards A convenient architecture to support both
human (B2C) and programmatic interfaces (B2B)
Unified platform for both inter- and intra- organizational interfaces
FECMS-26
Example: publish-and-subscribe through Web Services
An institutional user submitting a request to the updateSubscription Web Service of a Content Publishing Engine (parameters: categories of required content, the address of its own reception Web Services access point)
The institution user has to implement a Web Service conforming to the specification of the receiveContent service of the Content Reception Engine.
The Content Publishing Engine verifies the request and relays successful request to the Global Repository Management System.
When new content arrives at the Content Publication Engine, the engine queries the Global Repository Management System through its getSubscribedUsers Web Service, with the tier and tags of the new content as parameters.
If the institutional user is included in the list, the Content Delivery Module of the Content Publication Engine will invoke the user-specified Web Service accordingly to deliver the piece of content.
FECMS-27
Technical Advantages
Complex FECMS decomposed into a set of highly coherent but loosely coupled sub-systems
Easier for security analysis and identify flaws in content management processes
Highly scalable and interoperable Web Services allow no practical limitations in implementation
platform For legacy systems, wrappers may be built around them Gradual migration into FECMS possible Generic architecture for other service oriented industries -
software houses may develop packages with our approach External Web Service interfaces are simple – possible for SME
to participate content exchange
FECMS-28
Conclusions Studied the requirements and technical
problems of ECM in financial industry A practical enterprise content model and
architecture Identified key privacy and access control
requirements and policy Design of FECMS components for effective
and timely content flow management Use of Web Services / EPAL for inter- and
intra- enterprise FECMS integration.
FECMS-29
Future Work
Application of Semantic Web technologies in content management, flow, and distribution
Watermarking to reinforce document management policies by supporting non-repudiation in the document distribution protocol (HICSS36)
The application of an advanced workflow management system in FECMS, such as ADOME-WFMS
Using the concept of flows and alerts in workflow based information integration (HICSS37)
In depth study of relations to CRM (HICSS36) Document service negotiation