300 likes | 316 Views
Privacy and Access Control Issues in Financial Enterprise Content Management with a Web Services Integration Environment. Kevin H.S. Kwok Dept. of Computer Science & Engineering, Chinese University of Hong Kong khskwok @ yahoo.com. Introduction.
E N D
Privacy and Access Control Issues in Financial Enterprise Content Management with a Web Services Integration Environment Kevin H.S. Kwok Dept. of Computer Science & Engineering, Chinese University of Hong Kong khskwok@yahoo.com
Introduction • Financial enterprise content refers to the pieces of information (in particular its Web sites), e.g., financial research, market commentary, calendar events, trading ideas, bond offerings, etc. • Published content • Contributes highly to customer relationship management (CRM) • Provides valuable advices for decision making of client investors, • Has a high impact on the image and professionalism of the enterprise • Is also used for internal decision making • A good FECMS can produce high return on investment and is a valuable asset of the enterprise
FECMS Overview • 4T’s – tagging, taxonomy, templating, tiering
Management Objects and Concerns 4 Goals - Management, Cost, Legal issues, and Value • Knowledge and organizational memory can be captured in enterprise content (M) • Replace semi-manual systems and integrated heterogeneous systems (MCV) • Replace current cost ineffective and bad time-to-market hardcopy publishing and delivery of content (CV) • Standardized enterprise-wide policies and business processes provide a mechanism for content creation and management functions (M) • Metadata (taxonomy) about the content (MV) • Integration with third-party FECMS or information sources to form a service grid (MV) • Help ensure compliance with relevant laws and regulations, e.g., approval policy and procedures (L) • Privacy and access control (MLV) • CRM (CV)
Challenges for FECMS • Global system integration • Content flow management • Privacy and Access Control Issues
Integration and Management • Global system integration • Content flow management • Heterogeneous existing systems and interfaces • Both within and among enterprises • Global system with multiple sites • A mechanism for analysts all over the world to contribute commentary and publish them • Intrinsic value of a commentary depreciates exponentially (therefore should be published in minutes • Contradicting requirements - editors and auditors have to check content publication against possibility of violation of laws and regulations, which vary across countries and states
Privacy and Access Control Issues • Information privacy - an individual’s right to determine how, when, and to what extent information about the self will be released to another person or to an organization • Concerned with the confidentiality of the sensitive information such as • personal identifiable information (PII) • health data • Privacy policies • describe an organization’s data practices • what information they collect from individuals (subjects) • for what purpose the information (objects) will be used • whether the organization provides access to the information • who are the recipients of any result generated from the information • how long the information will be retained • who will be informed in the circumstances of dispute
Privacy and Access Control Issues (cont) • Access Control • limiting access to information / resources only to authorized users, programs, processes, or other systems • on a need-to basis • according to the authentication of their identities and the associated privileges authorization • should be extended with an enterprise wide privacy policy for managing and enforcing of individual privacy preferences • U.S. Privacy Act of 1974
Privacy and Access Control Issues (cont) • Threats • Unauthorized disclosure, modification and destruction of information • Unauthorized utilization and misuse of resources • Interruption, unknown status and repudiation in workflow execution content access • Denial of service from stakeholders or resources • Corruption of stakeholders • Come from insiders and from the outsiders in each organization • Consequences • cause disasters to internal management decision • affect valuable external client investors • lead to severe damage of enterprise reputation • even legal responsibilities
Technologies Employed in Integration • Web Services and XML standards for integration • Simple Object Access Protocol (SOAP) • Universal Description, Discovery and Integration (UDDI) • Web Services Description Language (WSDL) • Advantages • standard technologies • wrapping of existing systems / sub-systems • both inter- and intra-enterprise integration • support both human and programmatic interfaces • firewall friendly open platform • synchronous (such as WS-Transaction) and asynchronous messaging • faster time to production • convergence of disparate business functionalities • significant reduction in total cost of development • easy to deploy business applications for trading partners
Technologies Employed in Privacy and Access Control • Enterprise Privacy Authorization Language (EPAL) • formalize privacy authorizations for actual enforcement • intra- or inter- enterprise • abstract data models and user-authentication from all deployment details • an interoperability language for defining enterprise privacy policies on data handling practices • fine-grained positive and negative authorization rights
Privacy and Access Control Requirements Elicitation • Identify the information entities to be protected • Identify the entitlement and protection that should be imposed on the stakeholders • By tracing the information flow of the information entities to be protected, identify the processes during which such protection should be enforced and hence the detailed protection policies as well as the required enhancement to existing system components • Identify any modification of the existing content flow or content management process required
Key information entities to be protected • The major concern of an FECMS is naturally the vast amount of content • Almost equally important are the personal information PII and profiles of content users (in particular customers) • Users’ activity records should also be protected because of privacy requirements. This is often inadequately handled in existing systems • Content and user taxonomies though mostly visible to the content management software systems should be maintained only by specialists.
Privacy and access control strategies • Reception of contents into an FECMS should be adequately monitored and controlled • Sophisticated content access control should be exercised over content creators and supervisors, according to content flow and process requirements • Based on the ‘need-to-know’ principle • role-based access control technology by matching users’ roles and authorization with the classification of content items. • Inference of tags should be supported in matching for ease of flexibility specification (e.g., subscription to Asia => China and HK, Stock => warrants) • PII Access control should be strictly restricted to the user himself and to user managers • taxonomies’ protection - tight control for only specialists’ access
Content Reception Engine • Publish and Subscribe mechanism • Separation of Active Rule / Analytical Module • Event-Condition-Action (ECA) Rules • Re-classify received content • Forward a selection of received / generated content to relevant analysts and Content Creators • Forward selected content for immediate publishing
Content Reception Engine Protection • Strict verification and authorization before accepting new Content Providers • Security tokens (for sessions) - Security Assertions Markup Language (SAML) • Web Services Security (WS-Security) - message integrity, confidentiality, and single message authentication • condition = “Designated_Specialists = FALSE”> • Provides authorized to provide only certain types of content (based on tags) • Sources maliciously flooding the system may even be totally rejected • Quarantine contents from problematic providers: specialists’ examination only • Content items of sensitive topics (say, politics and major market changes) are forwarded to and only accessible to designated specialists for approval
EPAL example • <ALLOW user-category = “Content_Provider” data-category = “Any_Content” purpose= “Distribution” operation = “publish” condition = “Authorization_Clearance = TRUE”> • <DENY user-category = “Content_Users” data-category = “Politics_Content” purpose= “Any” operation = “access” condition = “Designated_Specialists = FALSE”>
Content Editorial Engine Typical Content Flow • A Content Author creates a piece of content, determines its tier and tags • Content sent to Content Editor for revision. • Approved by Content Approver. • If Content Editor suspects violation of laws / regulations, content is sent to a Content Auditor. Before the Content Auditor’s approval, customers from those countries cannot receive or read it.
Content Editorial Engine Protection • Need-to-know principle • Capability matching of personnel to content tags • Content in progress may be incomplete and error prone - only accessible to the author before approval • Content Creator cannot update content items submitted for editing, unless editors request for their amendments because the content editor is possibly updating it • Content auditors can change or remove all content items classify under their capabilities plus regional restrictions • Supervisor override • read access all content items under their subordinates’ work unless otherwise classified • update access should require managerial approval • manager of a department can access all content items under work for that department • Update access rights of reassign work of a rerouted content item
Content Publishing Engine Content is sent to the user via • email, SMS, and/or ICQ as specified by interactive users at subscription time. • Web Services to the access point as specified by programmatic (usually institutional) users. • Indirectly through external Content Distributors
Content Publishing Engine Protection • RBAC • matching users’ roles and authorization with the classification of content items • Simple tiering is not enough • subscription payment • regional locale (because of legal requirements) • a more refined customer segmentation • Different parts of content may have different access control (summaries are lower) • Users’ classification change • Remove conflicting subscription categories • Check authorization before the distribution of every content item
Global Repository Management System • Provides backing support for user information and consistent global taxonomy • Maintains users’ access to various global and regional Web sites as a single entity • Keep minimal vital information • Improve performance and reliability, replication techniques (cf. Oracle) • Protection • strict authorization and through software systems only • Users are allowed to view and update their profiles after authentication • broker or financial advisor (and the advisor‘s supervisors) of a user can read access a user’s profile and update it only upon authorization • update access rules when supervisors assign temporary or alternate brokers or financial advisors • Secrecy of content users’ usage data
System Integration with Web Services • Maintain autonomous sub-systems in various units of the enterprise • XML-based standards • A convenient architecture to support both human (B2C) and programmatic interfaces (B2B) • Unified platform for both inter- and intra- organizational interfaces
Example: publish-and-subscribe through Web Services • An institutional user submitting a request to the updateSubscription Web Service of a Content Publishing Engine (parameters: categories of required content, the address of its own reception Web Services access point) • The institution user has to implement a Web Service conforming to the specification of the receiveContent service of the Content Reception Engine. • The Content Publishing Engine verifies the request and relays successful request to the Global Repository Management System. • When new content arrives at the Content Publication Engine, the engine queries the Global Repository Management System through its getSubscribedUsers Web Service, with the tier and tags of the new content as parameters. • If the institutional user is included in the list, the Content Delivery Module of the Content Publication Engine will invoke the user-specified Web Service accordingly to deliver the piece of content.
Technical Advantages • Complex FECMS decomposed into a set of highly coherent but loosely coupled sub-systems • Easier for security analysis and identify flaws in content management processes • Highly scalable and interoperable • Web Services allow no practical limitations in implementation platform • For legacy systems, wrappers may be built around them • Gradual migration into FECMS possible • Generic architecture for other service oriented industries - software houses may develop packages with our approach • External Web Service interfaces are simple – possible for SME to participate content exchange
Conclusions • Studied the requirements and technical problems of ECM in financial industry • A practical enterprise content model and architecture • Identified key privacy and access control requirements and policy • Design of FECMS components for effective and timely content flow management • Use of Web Services / EPAL for inter- and intra- enterprise FECMS integration.
Future Work • Application of Semantic Web technologies in content management, flow, and distribution • Watermarking to reinforce document management policies by supporting non-repudiation in the document distribution protocol (HICSS36) • The application of an advanced workflow management system in FECMS, such as ADOME-WFMS • Using the concept of flows and alerts in workflow based information integration (HICSS37) • In depth study of relations to CRM (HICSS36) • Document service negotiation