250 likes | 412 Views
NIEM and Content Policy. XML Exchange Development. Deploy. Requirements. NIEM. Mo del Data. Test. NIEM and Content Policy briefing. Build Exchange. Generate Dictionary. David Webber - Public Sector NIEM Team, April 2013.
E N D
NIEM and Content Policy XML Exchange Development Deploy Requirements NIEM Model Data Test NIEM and Content Policy briefing Build Exchange Generate Dictionary David Webber - Public Sector NIEM Team, April 2013
The following is not intended to outline Oracle general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. DisclaimerNotice 2013,
Executive Overview Managing information privacy and access policies has become a critical need and technical challenge. The desired solution should be ubiquitous, syntax neutral but a simple and lightweight approach that meets the legal policy requirements though the application of clear, consistent and obvious assertions.Today we have low-level tools that developers know how to implement with, and we have legal documents created by lawyers, but then there is a chasm between these two worlds. 3 2013,
Approach The solution we are introducing will: Enable business information analysts to apply and manage the policy profiles Provide a clear separation between content and policy artifacts Allow reuse of policies across content instances Provide a clear declarative assertions based method, founded on policy approaches developed by the business rules technologies community Leveraging open software standards and tools 4 2013,
DNI exchange level mission requirements This is the domain of NIEM and exchange services • Marking validation to ensure controlled values and business rules are followed. • Cross-domain discovery, access, and dissemination capabilities based on access policy logic that leverages electronic security markings along with other key metadata about users, services, clearances, and access environments. • Source: http://www.dni.gov/index.php/about/organization/chief-information-officer/information-security-marking-metadata 5 2013,
DNI document rendering requirements This can be handled as entirely separate layer per local users handling of content • User interfaces and processing logic that helps users and services to reliably assign and manipulate information security markings at the portion and document level. • Automated rendering of electronic portion markings, security banners, classification authority blocks, and other security control markings in accordance with the IC's classification and control marking system and associated executive orders, statutes, and DNI policies. 6 2013,
Important Considerations • Embedding security markings in content can compromise that content and make it a target • Keeping policy separate from content makes the application flexible and consistent • Document instances do not reveal aspects of their content while allowing dynamic application of policy rules • Rules based approaches can be much more predictable and flag content that security markings alone cannot • NIEM facilitates this approach by providing consistent content semantics 7 2013,
Application Scenario Overview Policy Rules 1 User Profiles Portal User Dashboard 5 2 3 Request Response Case Management Output Templates Output Templates Output Templates Output Templates Information Requests Requested Information Output Templates Output Templates Registry Services Case Documents XML Users see only information permitted by their role and policy profile (digest and detail levels) 4 Apply Policy Rules to Requested Case Content 8 2013,
The 8 “D”s and NIEM NIEM IEPD Process Repeatable, Reusable Process (Exchange Specification Lifecycle) *IEPD - Information Exchange Package Documentation Design Develop Deploy Document Dictionaries Discovery Differentiate Diagnose 9 2013,
SAR conceptual components • SAR v1.5 components • NIEM core dictionary • LEXS 3.1.4 dictionary LEXS components referenced dictionaries NIEM core components XML XML XML New structure components based on NIEM + SAR + new Definitions stored as syntax neutral canonical XML Example - Suspicious Activity Report V2.0 Dictionary Collection DRAFT Namespaces of dictionary components CAM Editor project for NIEM http://www.cameditor.org 2013,
Differentiate CAM Editor project for NIEM – http://www.cameditor.org • This step includes building in deployment specific details and rules and usage policy determinations • Add additional XPath rules for local integration needs • Constrain code lists to local use • Limit and restrict content based on policy and role of exchange partners • Contextually exclude structure components based on rules • Create other integration artifacts for middleware such as policy control, partner certificates and security configuration • Can configure these aspects through the CAM template editor and using middleware tools 11 2013,
SAR Visual Template + Rule Assertions Rules Assertions associate and control access privacy to specific content areas in the SAR details structure Visual metaphor allows policy analysts to verify directly SAR – Suspicious Activity Report 12 2013,
Deploy, Diagnose and Document • Once structure information exchange is complete need to test and verify it by generating realistic XML examples • Validate those against the exchange template • Share working examples with exchange partners • Share documentation (IEPD) • Generate NIEM IEPD artifacts including • Business component usage report with rules and definitions • Code list details and content checks • UML models • Spreadsheets of Policy Rules 13 2013,
Policy Templates and Profiles Technology Requirements 2013,
Use Case – SAR Case Management • Three levels of information access • Citizen level reporting - SAR statistics • Local law enforcement officials - case review • State and Federal - case management and coordination • This means three profiles: • Profile 1 - Registry query - statistics results • Profile 2 - Local staff • Profile 3 - Regional staff 15 2013,
Using Policy Templates Traditional NIEM approach focuses on the information exchange data handling Uses XSD schema to define content structure and metadata Need is for a bridge between the NIEM schema, the XML information instances and the XACML rule assertion language Approach is based on visual content structure templates with declarative rule assertions 16 2013,
Approach in a Nutshell 1 S C H E M A D E P L O Y E D 4 NIEM IEPD XACML Engine P O L I C I E S Output Templates Output Templates Exchange Structures 3 XACML Generation Tool 2 XACML XML Script Policy Assertion Template Rule Assertions Rules Asserted to Nodes in the Exchange Structure via simple XPath associations 17 2013,
Policy Granularity 18 2013,
Rule and Context Metadata Properties of the access rules and environment. • Actions. • Conditions • Subject. • Resource. • Policy. • Obligations. 2013,
Privacy and Security Architectures Express policies in a structured language (e.g., XML) Identify requesters Compare data collection and release purposes Enforce retention rules Notify data owners and subscribers Verify compliance 2013,
Mapping to Data Standards Electronic Policy Statements 2013,
Policy Authoring Language • A mechanism to specify policy rules in unambiguous terms • XML Access Control Markup Language (XACML) • Machine-readable • Supports federated and dynamic policies 2013,
Policy Templates and Profiles Summary and Review 2013,
Key Messages Dramatically simpler policies adoption Can be rapidly developed with existing tools Can be visually inspected and verified by policy analysts Enables use of dynamic contextual policies Leverages UML and semantic modelling Supports international standards work 24 2013,
CAMeditor.ORG Project Statistics • SNAPSHOT OF PROJECT ACTIVITIES120,000 CAMeditor.org page visits to date • 165+ countries have downloaded tools; • 27% of visitors are from U.S.; • 750+ downloads weekly • 1000+ video training minutes viewed monthly • 8 languages now available ‹#› 2013,