1 / 64

(WIRLED PEAS)

(WIRLED PEAS). World Information Resources, Localized Environment Distribution: Personalized Emergency Alerting System. Presenter: Michelle Raymond michelle.raymond@honeywell.com. WIRLED PEAS. Emergency Event Occurs. General Information Gathered. Information Receipient

tait
Download Presentation

(WIRLED PEAS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. (WIRLED PEAS) World Information Resources, Localized Environment Distribution: Personalized Emergency Alerting System Presenter: Michelle Raymond michelle.raymond@honeywell.com

  2. WIRLED PEAS Emergency Event Occurs General Information Gathered Information Receipient Identified Information Distilled Alert Presented Alert Constructed Alert Presentation Generated

  3. WIRLED PEAS Emergency Event Occurs (XACML) Information Gathered (User Profile) Information Receipient Identified Information Distilled (IDS) Alert Presented (CAP) Alert Constructed Alert Presentation Generated (Output Device)

  4. Request: <Request> “<Request> is a top-level element in the XACML context schema… …<Request> contains <Subject>, <Resource>, <Action> and <Environment> elements. There may be multiple <Subject> elements. Each child element contains a sequence of <xacml-context:Attribute> elements associated with the subject, resource, action and environment respectively.” – oasis-xacml-1.0.pdf <Request> <Subject>… (Who/What is making the request?) <Subject>… (Who/What wants the results?) <Resource>… (In what is the requestor interested?) <Action>… (What is to be done with the resource?) <Environment>… (What else might effect the request?) </Request>

  5. Request: <Attribute> “The <Attribute> element is the central abstraction of the request context. It contains an attribute value and attribute meta-data. The attribute meta-data comprises the attribute identifier, the attribute issuer and the attribute issue instant. Attribute designators and attribute selectors in the policy MAY refer to attributes by means of this meta-data.” – oasis-xacml-1.0.pdf <Attribute AttributeId="urn:peas:names:subject:subject-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>LocReq@AlertMan.com</AttributeValue> </Attribute>

  6. Request: <Subject> [One to Many] “<Subject> specifies information about a subject of the request context by listing a sequence of <Attribute> elements associated with the subject. One or more <Subject> elements are allowed. A subject is an entity associated with the access request. • subject might represent the human user that initiated the application from which the request was issued • subject might represent the application’s executable code that created the request • subject might represent the entity that is to be the recipient of the resource Attributes of each of these entities MUST be enclosed in a separate <Subject> element.” – oasis-xacml-1.0.pdf

  7. Subject Attributes for PEAS urn:peas:names:subject: • subject-name (name of subject making request) • subject-id (id of subject making request) • authority (identifier of authority to make request) • receipient (intended receipient of returned data) • access-id (authorization id required by target) • access-code (authorization code) • access-parameter (authorization parameters) • access-roll (roll subject plays in obtaining data) • resource-relation (relation to the resource)

  8. <Subject> Example <Subject> <AttributeAttributeId="urn:peas:names:subject:subject-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>LocReq@AlertMan.com</AttributeValue> </Attribute> <AttributeAttributeId="urn:peas:names:subject:authority" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>RSCustomer-342334553</AttributeValue> </Attribute> <AttributeAttributeId="urn:peas:names:subject:access-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>Ext342334553</AttributeValue> </Attribute> <AttributeAttributeId="urn:peas:names:subject:access-roll" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>AlertManager</AttributeValue> </Attribute> </Subject>

  9. Request: <Resource> • “<Resource> specifies information about the resource to which access is requested, by listing a sequence of <Attribute> elements associated with the resource. It MAY include the resource content… …The <Resource> element MUST contain one and only one <Attribute> with an AttributeId of “urn:oasis:names:tc:xacml:1.0:resource:resource-id”. This attribute specifies the identity of the resource to which access is requested.” – oasis-xacml-1.0.pdf

  10. <Resource> Example <Resource> <AttributeAttributeId= "urn:oasis:names:tc:xacml:1.0:resource:resource-id“ DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue> http://rs.com/customer/rs435233557/vehicle/DM556842224 </AttributeValue> </Attribute> </Resource>

  11. Request: <Action> “<Action> specifies the requested action on the resource, by listing a set of <Attribute> elements associated with the action.” – oasis-xacml-1.0.pdf <Action> Example <Action> <Attribute AttributeId="urn:peas:names:userprofile:action:action-id“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>getLocation</AttributeValue> </Attribute> </Action>

  12. Request: <Environment> “<Environment> contains a set of attributes of the environment. These attributes MAY form part of the policy evaluation… …Environment attributes are attributes that are not associated with either the resource, the action or any of the subjects of the access request.” – oasis-xacml-1.0.pdf <Environment> Example <Environment> <Attribute AttributeId="urn:peas:names:environment:event-category“ DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>chemicalAccident</AttributeValue> </Attribute> </Environment>

  13. <Policy> “<Policy> is the smallest entity that SHALL be presented to the Policy Decision Point for evaluation. The main components of this element are the <Target>, <Rule> and <Obligations> elements and the RuleCombiningAlgId attribute. The <Target> element SHALL define the applicability of the <Policy> to a set of decision requests. Rules included in the <Policy> element MUST be combined by the algorithm specified by the RuleCombiningAlgId attribute. The <Obligations> element SHALL contain a set of obligations that MUST be fulfilled in conjunction with the authorization decision.” – oasis-xacml-1.0.pdf

  14. <Policy> <Policy PolicyId="urn:roadsidecompanion:names:external: sendlocation:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0: rule-combining-algorithm:deny-overrides"> <Target>… (applicability of policy to a set of requests) <Rule>… (a sequence of authorizations) <Rule>… (may or may not be applicable to the request) <Obligations>… (actions to be performed with the enforcement of the policy) </Policy>

  15. Policy Enforcement Point Access Requester Obligations Service Context Handler Policy Decision Point Resource Policy Information Point 1. policy or policy set Policy Administration Point Subjects Environment

  16. Policy Enforcement Point Access Requester Obligations Service 2. access request Context Handler Policy Decision Point Resource Policy Information Point 1. policy or policy set Policy Administration Point Subjects Environment

  17. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request Context Handler Policy Decision Point Resource Policy Information Point 1. policy or policy set Policy Administration Point Subjects Environment

  18. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request Context Handler Policy Decision Point Resource 4. attribute query Policy Information Point 1. policy or policy set Policy Administration Point Subjects Environment

  19. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request Context Handler Policy Decision Point Resource 4. attribute query 5c. Resource attributes Policy Information Point 1. policy or policy set 5b. Environment attributes 5a. Subject attributes Policy Administration Point Subjects Environment

  20. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request Context Handler Policy Decision Point Resource 6. attributes 4. attribute query 5c. Resource attributes Policy Information Point 1. policy or policy set 5b. Environment attributes 5a. Subject attributes Policy Administration Point Subjects Environment

  21. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request Context Handler Policy Decision Point 7. resource Resource 6. attributes 4. attribute query 5c. Resource attributes Policy Information Point 1. policy or policy set 5b. Environment attributes 5a. Subject attributes Policy Administration Point Subjects Environment

  22. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request 8. target, attribute, resource Context Handler Policy Decision Point 7. resource Resource 6. attributes 4. attribute query 5c. Resource attributes Policy Information Point 1. policy or policy set 5b. Environment attributes 5a. Subject attributes Policy Administration Point Subjects Environment

  23. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request 8. target, attribute, resource Context Handler Policy Decision Point 7. resource Resource 9. decision 6. attributes 4. attribute query 5c. Resource attributes Policy Information Point 1. policy or policy set 5b. Environment attributes 5a. Subject attributes Policy Administration Point Subjects Environment

  24. Policy Enforcement Point Access Requester Obligations Service 2. access request 3. request 10. resource 8. target, attribute, resource Context Handler Policy Decision Point 7. resource Resource 9. decision 6. attributes 4. attribute query 5c. Resource attributes Policy Information Point 1. policy or policy set 5b. Environment attributes 5a. Subject attributes Policy Administration Point Subjects Environment

  25. Policy Enforcement Point Access Requester Obligations Service 11. obligation 2. access request 3. request 10. resource 8. target, attribute, resource Context Handler Policy Decision Point 7. resource Resource 9. decision 6. attributes 4. attribute query 5c. Resource attributes Policy Information Point 1. policy or policy set 5b. Environment attributes 5a. Subject attributes Policy Administration Point Subjects Environment

  26. Response: <Response> “<Response> element is a top-level element in the XACML context schema. <Response> encapsulates the authorization decision produced by the PDP. It includes a sequence of one or more results, with one <Result> element per requested resource.” – oasis-xacml-1.0.pdf <Response ResourceId=…> (identifier of the resource from the request) <Decision>… (authorization decision: “permit”, “deny”,…) <Status>… (what if any errors occurred in processing) <Obligations>… (actions and their attributes to be performed) <Obligations>… (actions must be performed with decision) </Response>

  27. PEAS Rule urn:peas:names:rules: • chemical-accident:general-alert • chemical-accident:residents:general-alert • chemical-accident:residents:shelter-in-place-alert • chemical-accident:residents:evacuation-alert • chemical-accident:volunteers:placement-alert • shelter-in-place-alert • evacuation-alert

  28. Standard User Profile <Subscriber> <UserProfile> <InformationContent> (content <InformationSource> <AccessClearance>... <AccessPath> <InformationContext> <ContextRoll> <InformationSubject> <SubjectLabel> <ContactInformation> <ContactDetail> <ContactAddress>... <ApprovedContact> <InformationContent>

  29. Specialized User Profile <baseSchedule> <trip name=…> <scheduleApplication> <daysOfWeek>… <startTime>… <arrivalTime>… <route> <startAddress>… <endAddress>… <path>... <autoInformation vinNumber…> <manufacturer>… <model>… <year>… <color>… <licencePlate>… <trackingMethods> <device id=… /> <device id=… /> <communicationDevices> <device id=… /> <parameter>…

  30. Common Alerting Protocol “Each CAP Alert Message consists of: an <alert> segment, which may contain: one or more <info> segments, each of which may include one or more <area> segments. Under most circumstances CAP messages with a <msgType> value of “Alert” SHOULD include at least one <info> element.” – emergency-CAP-1.0.pdf

  31. CAP: <alert> “The <alert> segment provides basic information about the current message: • its purpose, • its source and • its status, as well as • unique identifier for the current message and • links to any other, related messages. An <alert> segment may be used alone for message acknowledgements, cancellations or other system functions, but most <alert> segments will include at least one <info> segment.” – emergency-CAP-1.0.pdf

  32. CAP: <info> “The <info> segment describes an anticipated or actual event in terms of its • urgency (time available to prepare), • severity (intensity of impact) and • certainty (confidence in the observation or prediction), as well as providing both categorical and textual descriptions of the subject event. It may also provide instructions for appropriate response by message recipients and various other details (hazard duration, technical parameters, contact information, links to additional information sources, etc.) Multiple <info> segments may be used to describe differing parameters (e.g., for different probability or intensity “bands”) or to provide the information in multiple languages.” – emergency-CAP-1.0.pdf

  33. CAP: <resource> “The <resource> segment provides an optional reference to additional information related to the <info> segment within which it appears in the form of a digital asset such as an image or audio file.” – emergency-CAP-1.0.pdf

  34. CAP: <area> “The <area> segment describes a geographic area to which the <info> segment in which it appears applies. Textual and coded descriptions (such as postal codes) are supported, but the preferred representations use geospatial shapes (polygons and circles) and an altitude or altitude range, expressed in standard latitude / longitude / altitude terms in accordance with a specified geospatial datum.” – emergency-CAP-1.0.pdf

  35. User Interaction Generation Features Produces usable displays for the given alert on the set of appropriate devices - Domain-independent - Batch Generation of UIs - Client-Server Architecture - Open Modeling Standards - Open Presentation Standards Emergency Response Plans User and Group Profiles Alerts and Distribution Templates Comm- unication Devices Domain Objects User Data Emergency Information Device Capabilities IDS Engine Communication Requirement Information Presentation Reasoner Presentation Elements XML Schema UI XML Device XSLT UI Presentations

  36. Interaction Design System Interaction Design System • IDS Information Reasonerenables: • Human-Centered Design Optimization • Domain Alerting Rule Basis • Information Filtering/Fusion based on User and Group Profiles Emergency Response Plans User and Group Profiles Alerts and Distribution Templates Comm- unication Devices Domain Objects User Data Emergency Information Device Capabilities • IDS Presentation Reasonerenables: • User Interface Optimization • Distribution Algorithm Application • Communication Capabilities Analysis Communication Requirement Information Presentation Reasoner Presentation Elements IDS Engine • Open StandardsPresentation Element Library: • Display object functionality • Display objectusability characteristics XML Schema UI XML Device XSLT UI Presentations

  37. North Metro Nursing Home Roy Ada Highrise Condos has father Lily Santos has neighbor has spouse Subscriber: Alice Ada Business Bldg. Subscriber: Tim Jones has son School has grandson Paul Ada-Jones has daughter KEY School created by Alice created by Sandy other user’s links Subscriber: Sandy Troy Kal Troy User Relationships and Communication Sources

  38. North Metro Nursing Home Roy Ada Highrise Condos resident contact first level contact tenant contact Lily Santos Subscriber: Alice Ada external contact Business Bldg. Subscriber: Tim Jones fist level contact School second level contact Paul Ada-Jones KEY School subscriber role assigned role communication grp. Subscriber: Sandy Troy Kal Troy Alert Src. User Roles and Communication Sources

  39. WIRLED PEAS Emergency Event Occurs (XACML) Information Gathered (User Profile) Information Receipient Identified Information Distilled (IDS) Alert Presented (CAP) Alert Constructed Alert Presentation Generated (Output Device)

  40. Train Derailment Sensor Triggered A train derailed near the North Rail Yard. Several cars contain anhydrous ammonia. A railroad derailment sensor is triggered and broadcast to the North Rail Yard Office.

More Related