(WIRLED PEAS)
description
Transcript of (WIRLED PEAS)
(WIRLED PEAS)World Information Resources,
Localized Environment Distribution:Personalized Emergency Alerting System
Presenter: Michelle Raymond [email protected]
WIRLED PEASEmergency
EventOccurs
GeneralInformationGathered
InformationReceipientIdentified
InformationDistilled
AlertConstructed
AlertPresentation
Generated
AlertPresented
WIRLED PEASEmergency
EventOccurs
InformationGathered
InformationReceipientIdentified
InformationDistilled
AlertConstructed
AlertPresentation
Generated
AlertPresented
(XACML)
(User Profile)
(CAP)
(Output Device)
(IDS)
Request: <Request>“<Request> is a top-level element in the XACML context
schema… …<Request> contains <Subject>, <Resource>, <Action> and <Environment> elements. There may be multiple <Subject> elements. Each child element contains a sequence of <xacml-context:Attribute> elements associated with the subject, resource, action and environment respectively.” – oasis-xacml-1.0.pdf
<Request> <Subject>… (Who/What is making the request?) <Subject>… (Who/What wants the results?) <Resource>… (In what is the requestor interested?) <Action>… (What is to be done with the resource?) <Environment>… (What else might effect the request?) </Request>
Request: <Attribute>“The <Attribute> element is the central abstraction of the
request context. It contains an attribute value and attribute meta-data. The attribute meta-data comprises the attribute identifier, the attribute issuer and the attribute issue instant. Attribute designators and attribute selectors in the policy MAY refer to attributes by means of this meta-data.” – oasis-xacml-1.0.pdf
<Attribute AttributeId="urn:peas:names:subject:subject-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>[email protected]</AttributeValue></Attribute>
Request: <Subject> [One to Many]
“<Subject> specifies information about a subject of the request context by listing a sequence of <Attribute> elements associated with the subject. One or more <Subject> elements are allowed.
A subject is an entity associated with the access request. • subject might represent the human user that initiated the
application from which the request was issued • subject might represent the application’s executable code that
created the request• subject might represent the entity that is to be the recipient of the
resource Attributes of each of these entities MUST be enclosed in a separate
<Subject> element.” – oasis-xacml-1.0.pdf
Subject Attributes for PEASurn:peas:names:subject: • subject-name (name of subject making request)• subject-id (id of subject making request)• authority (identifier of authority to make request)• receipient (intended receipient of returned data)• access-id (authorization id required by target)• access-code (authorization code)• access-parameter (authorization parameters)• access-roll (roll subject plays in obtaining data)• resource-relation (relation to the resource)
<Subject> <Attribute AttributeId="urn:peas:names:subject:subject-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>[email protected]</AttributeValue> </Attribute> <Attribute AttributeId="urn:peas:names:subject:authority" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>RSCustomer-342334553</AttributeValue> </Attribute> <Attribute AttributeId="urn:peas:names:subject:access-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>Ext342334553</AttributeValue> </Attribute> <Attribute AttributeId="urn:peas:names:subject:access-roll" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>AlertManager</AttributeValue> </Attribute></Subject>
<Subject> Example
Request: <Resource>• “<Resource> specifies information about the resource to
which access is requested, by listing a sequence of <Attribute> elements associated with the resource. It MAY include the resource content… …The <Resource> element MUST contain one and only one <Attribute> with an AttributeId of “urn:oasis:names:tc:xacml:1.0:resource:resource-id”. This attribute specifies the identity of the resource to which access is requested.” – oasis-xacml-1.0.pdf
<Resource> <Attribute AttributeId= "urn:oasis:names:tc:xacml:1.0:resource:resource-id“ DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue> http://rs.com/customer/rs435233557/vehicle/DM556842224 </AttributeValue> </Attribute></Resource>
<Resource> Example
Request: <Action>“<Action> specifies the requested action on the resource,
by listing a set of <Attribute> elements associated with the action.” – oasis-xacml-1.0.pdf
<Action> <Attribute AttributeId="urn:peas:names:userprofile:action:action-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>getLocation</AttributeValue> </Attribute></Action>
<Action> Example
Request: <Environment>“<Environment> contains a set of attributes of the
environment. These attributes MAY form part of the policy evaluation… …Environment attributes are attributes that are not associated with either the resource, the action or any of the subjects of the access request.” – oasis-xacml-1.0.pdf
<Environment> <Attribute AttributeId="urn:peas:names:environment:event-category“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>chemicalAccident</AttributeValue> </Attribute></Environment>
<Environment> Example
<Policy>“<Policy> is the smallest entity that SHALL be presented to the
Policy Decision Point for evaluation. The main components of this element are the <Target>, <Rule>
and <Obligations> elements and the RuleCombiningAlgId attribute.
The <Target> element SHALL define the applicability of the <Policy> to a set of decision requests.
Rules included in the <Policy> element MUST be combined by the algorithm specified by the RuleCombiningAlgId attribute.
The <Obligations> element SHALL contain a set of obligations that MUST be fulfilled in conjunction with the authorization decision.” – oasis-xacml-1.0.pdf
<Policy>
<Policy PolicyId="urn:roadsidecompanion:names:external: sendlocation:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0: rule-combining-algorithm:deny-overrides"> <Target>… (applicability of policy to a set of requests) <Rule>… (a sequence of authorizations) <Rule>… (may or may not be applicable to the request) <Obligations>… (actions to be performed with the enforcement of the policy)</Policy>
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
5a. Subjectattributes
5b. Environment attributes
5c. Resource attributes
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
5a. Subjectattributes
5b. Environment attributes
5c. Resource attributes
6. attributes
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
5a. Subjectattributes
5b. Environment attributes
5c. Resource attributes
6. attributes
7. resource
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
5a. Subjectattributes
5b. Environment attributes
5c. Resource attributes
6. attributes
7. resource8. target, attribute,resource
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
5a. Subjectattributes
5b. Environment attributes
5c. Resource attributes
6. attributes
7. resource8. target, attribute,
resource9. decision
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
5a. Subjectattributes
5b. Environment attributes
5c. Resource attributes
6. attributes
7. resource
10. resource
8. target, attribute,
resource9. decision
PolicyAdministration
Point
PolicyDecision
Point
ContextHandler
PolicyInformation
Point
Subjects Environment
Resource
ObligationsService
AccessRequester
PolicyEnforcement
Point
1. policy or policy set
2. accessrequest
3. request
4. attributequery
5a. Subjectattributes
5b. Environment attributes
5c. Resource attributes
6. attributes
7. resource
10. resource
8. target, attribute,
resource9. decision
11. obligation
Response: <Response>“<Response> element is a top-level element in the XACML
context schema. <Response> encapsulates the authorization decision produced by the PDP. It includes a sequence of one or more results, with one <Result> element per requested resource.” – oasis-xacml-1.0.pdf
<Response ResourceId=…> (identifier of the resource from the request) <Decision>… (authorization decision: “permit”, “deny”,…) <Status>… (what if any errors occurred in processing) <Obligations>… (actions and their attributes to be performed) <Obligations>… (actions must be performed with decision)</Response>
PEAS Ruleurn:peas:names:rules:• chemical-accident:general-alert • chemical-accident:residents:general-alert• chemical-accident:residents:shelter-in-place-alert• chemical-accident:residents:evacuation-alert• chemical-accident:volunteers:placement-alert• shelter-in-place-alert• evacuation-alert
Standard User Profile<Subscriber>
<UserProfile><InformationContent> (content <InformationSource><AccessClearance>...
<AccessPath><InformationContext><ContextRoll><InformationSubject><SubjectLabel><ContactInformation><ContactDetail><ContactAddress>...<ApprovedContact><InformationContent>
Specialized User Profile<autoInformation vinNumber…> <manufacturer>… <model>… <year>… <color>… <licencePlate>…
<trackingMethods> <device id=… /> <device id=… />
<communicationDevices> <device id=… /> <parameter>…
<baseSchedule> <trip name=…> <scheduleApplication> <daysOfWeek>… <startTime>… <arrivalTime>… <route> <startAddress>… <endAddress>… <path>...
Common Alerting Protocol“Each CAP Alert Message consists of:
an <alert> segment, which may contain: one or more <info> segments, each of which may include
one or more <area> segments. Under most circumstances CAP messages with a
<msgType> value of “Alert” SHOULD include at least one <info> element.” – emergency-CAP-1.0.pdf
CAP: <alert>“The <alert> segment provides basic information about the
current message: • its purpose, • its source and • its status, as well as • unique identifier for the current message and • links to any other, related messages. An <alert> segment may be used alone for message
acknowledgements, cancellations or other system functions, but most <alert> segments will include at least one <info> segment.” – emergency-CAP-1.0.pdf
CAP: <info>“The <info> segment describes an anticipated or actual event in terms
of its – urgency (time available to prepare), – severity (intensity of impact) and – certainty (confidence in the observation or prediction),
as well as providing both categorical and textual descriptions of the subject event. It may also provide instructions for appropriate response by message recipients and various other details (hazard duration, technical parameters, contact information, links to additional information sources, etc.) Multiple <info> segments may be used to describe differing parameters (e.g., for different probability or intensity “bands”) or to provide the information in multiple languages.” – emergency-CAP-1.0.pdf
CAP: <resource>“The <resource> segment provides an optional reference to
additional information related to the <info> segment within which it appears in the form of a digital asset such as an image or audio file.” – emergency-CAP-1.0.pdf
CAP: <area>“The <area> segment describes a geographic area to which
the <info> segment in which it appears applies.Textual and coded descriptions (such as postal codes) are
supported, but the preferred representations use geospatial shapes (polygons and circles) and an altitude or altitude range, expressed in standard latitude / longitude / altitude terms in accordance with a specified geospatial datum.” – emergency-CAP-1.0.pdf
User Interaction GenerationFeaturesFeaturesProduces usable displaysfor the given alert on the set of appropriate devices - Domain-independent - Batch Generation of UIs- Client-Server Architecture- Open Modeling Standards- Open Presentation Standards
IDS
Engi
neID
S En
gine Domain
ObjectsUserData
Device Capabilities
CommunicationCommunicationRequirementRequirement
EmergencyInformation
UI PresentationsUI Presentations
InformationInformationPresentationPresentation
ReasonerReasoner
EmergencyEmergencyResponseResponse
PlansPlans
PresentationPresentationElementsElements
XMLSchemaUI XML
Device XSLT
User and User and GroupGroup
ProfilesProfiles
Alerts andAlerts andDistributionDistributionTemplatesTemplates
Comm-Comm-unicationunicationDevicesDevices
Interaction Design System
UI PresentationsUI Presentations
InformationInformationPresentationPresentation
ReasonerReasoner
PresentationPresentationElementsElements
XMLSchemaUI XML
Device XSLT
Open StandardsOpen Standards Presentation Presentation Element Library: Element Library:
• Display object functionality• Display object usability
characteristics
IDS Presentation ReasonerIDS Presentation Reasoner enables:enables:
• User Interface Optimization • Distribution Algorithm
Application• Communication Capabilities
Analysis
IDS Information ReasonerIDS Information Reasoner enables:enables:
• Human-Centered Design Optimization
• Domain Alerting Rule Basis• Information Filtering/Fusion
based on User and Group Profiles
IDS
Engi
neID
S En
gine
DomainObjects
UserData
Device Capabilities
EmergencyInformation
CommunicationCommunicationRequirementRequirement
EmergencyEmergencyResponseResponse
PlansPlans
User and User and GroupGroup
ProfilesProfiles
Alerts andAlerts andDistributionDistributionTemplatesTemplates
Comm-Comm-unicationunicationDevicesDevices
Interaction Design System
User Relationships and Communication Sources
Subscriber: Alice Ada
Subscriber: Sandy Troy School
School
Business Bldg.
Highrise Condos
North Metro
Subscriber: Tim Jones
Paul Ada-Jones
Lily Santos
Kal Troy
has d
augh
terhas son
has grandson
has spouse has neighbor
created by Alicecreated by Sandyother user’s links
Nursing HomeRoy Ada
has father
KEY
User Roles and Communication Sources
Subscriber: Alice Ada
Subscriber: Sandy Troy School
School
Business Bldg.
Highrise Condos
North Metro
Subscriber: Tim Jones
Paul Ada-Jones
Lily Santos
Kal Troy
fist level
contact
second level contact
external contact
subscriber roleassigned role
communication grp.
Nursing Home
Roy Ada
first le
vel contact
Alert Src.
KEY
tenant contactresident
contact
WIRLED PEASEmergency
EventOccurs
InformationGathered
InformationReceipientIdentified
InformationDistilled
AlertConstructed
AlertPresentation
Generated
AlertPresented
(XACML)
(User Profile)
(CAP)
(Output Device)
(IDS)
Train Derailment Sensor Triggered
A train derailed near the North Rail Yard. Several cars contain anhydrous ammonia. A railroad derailment sensor is triggered and broadcast to the North Rail Yard Office.
Hazmat Sensor Detection Triggered
A railroad bio-chemical sensor detects ammonia and broadcasts the information to the North Rail Yard Office. At the office, an automated system sends out pre-designed alerts for each sensordetection to the pre-defined list of recipients.
Automatic Alerts SentALERT from: North Rail Yard
To: Emergency Response Team“Train Derailment onTrack 4, Section 172"
. <more>
ALERT from: North Rail YardTo: Emergency Response Team“Ammonia Hazmat Detection
on Track 4, Section 173".
<more>
At the North Rail Yard Office, an automated system sends out pre-designed alerts for each sensor detection to the pre-defined list of recipients.
OR
Automatic Combined Alerts Sent
ALERT from: North Rail YardTo: Emergency Response Team“Ammonia Hazmat Detection
post Train Derailmenton Track 4, Section 172"
<more>
At the North Rail Yard Office, an automated system sends out information combination alerts to the pre-defined list of recipients.
Requests for Wind Direction
Two sources request data on the wind conditions. TheMeteorology Station Alerting System determines requests pertain to the same incident. The Station runs a single analysis and send the response to both requesting parties.
City HazmatDepartment
Railroad EmergencyResponse Team
Satellite MeteorologyStation
Reque
stRequest
Response for Wind Direction
The Meteorology Station Update gives basic text information and points to a Resource containing aURL, where special weather maps have been placed.
Wind direction: North West, 285 .Wind speed: 16 miles per hour.Humidity: 65%Temperature: 70 F.
Forecast: Wind shifting to more from the North within the next hour. Windspeed to reduce to 10 miles per hourwithin the next 2 hours.
weather maps(www.met.mn.us/resp0721)
Hazmat Plume Analysis
Models of the chemical plume over time are constructed. These images can be used as content within alerts or as input to more complex alert construction tools.
15 minutes
30 minutes
45 minutes
60 minutes
composite
A Variety of Buildings and Organizations Involved in the Situation
Situation Maps
Situation Maps
Examples of Schools Effected by the Emergency
Situation Maps
Instructions Help User’s Decide on Course of Action
Situation Maps
Business Building that can Cut Outside Air Intake
Situation Maps
The Eldercare System Evacuation Plan
Situation Maps
Alert Received Depends on the Location of the Residence
Text-message on a cell phone for the local resident
ALERT from: City Hazmat Office,To: Incident Area Residents "Take Immediate Action: Railroad Ammonia Leak“
A train derailed at 1:52 this <more>
Instructions: If you are home,close all windows and turn offthe heat or air conditioner.Move to the most protected partof you home and await furtherinstructions. Do not leave your <back> <more>
access for 'Maps of the affectedarea and potential windmovement' go to "http://public.meteorology.org/reports/2005-05-12/0022/"
<back> <more>
A train derailed at 1:52 thisafternoon, releasing a hazardouschemical near your neighborhood.Railroad and City EmergencyResponders are containing the spill.<back> <more>
instructions. Do not leave yourhome. It is safer inside than ina moving vehicle..If you have graphical websiteaccess for 'Maps of the affected<back> <more>
Community Text Alert Presentation
Alert as a popup message on resident’s computer screens
Web Popup Alert Presentation