1 / 33

Policy Control Profiles with GRA and NIEM

Policy Control Profiles with GRA and NIEM. James Cabral, David Webber, Farrukh Najmi, July 2012. Executive Overview.

cyma
Download Presentation

Policy Control Profiles with GRA and NIEM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy Control Profiles with GRA and NIEM James Cabral, David Webber, Farrukh Najmi, July 2012

  2. Executive Overview Managing information privacy and access policies has become a critical need and technical challenge.  The desired solution should be ubiquitous, syntax neutral but a simple and lightweight approach that meets the legal policy requirements though the application of clear, consistent and obvious assertions.Today we have low-level tools that developers know how to implement with, and we have legal documents created by lawyers, but then there is a chasm between these two worlds. 2

  3. Legal and rules technologies The RuleML community has long understood this and developed and is developing new and improved methods and solutions.  The challenge is in taking these approaches and being able to apply these to NIEM XML based information sources in a high level conceptual way that is accessible to information analysts and general NIEM practitioners, rather than the provence of specialized XML-programmers only.  Then we also need these techniques to be broadly applicable, using existing open public software standards and tools so we can enable the widest possible adoption within the NIEM community. 3

  4. Approach The solution we are introducing will: • Provide a clear declarative assertions based method, founded on policy approaches developed by the rules community, • Leveraging open software standards and tools and • Enabling business information analysts to apply and manage the policy profiles Show illustrative design time and run time examples by: • Visually assigning exchange components and rule assertions • Show applying this to retrieval of documents stored with registry and repository services. 4

  5. Electronic Policy Statements Application Scenario Overview 1 Policy Rules User Profiles Portal User Dashboard 2 5 3 Response Request Case Management Output Templates Output Templates Output Templates Output Templates Requested Information Information Requests Output Templates Output Templates Registry Services Case Documents XML Users see only information permitted by their role and policy profile 4 Apply Policy Rules to Requested Case Content 5

  6. Presentation agenda • Part 1 • Problem introduction and policy methods overview • Part 2 • Design time technical walkthrough of rule assertions example • Part 3 • Run time deployment with registry services

  7. Policy Methods Overview Part 1 – Problem Introduction

  8. Use Case – SAR Case Management • Three levels of information access • Citizen level reporting - SAR statistics • Local law enforcement officials - case review • State and Federal  - case management and coordination • This means three profiles: • Profile 1 - Registry query - statistics results • Profile 2 - Local staff • Profile 3 - Regional staff SAR – Suspicious Activity Report 8

  9. Electronic Policy Statements Policy Granularity 9

  10. Rule and Context Metadata Properties of the access rules and environment. • Actions. • Conditions. • Subject. • Resource. • Policy. • Obligations. Electronic Policy Statements

  11. Privacy and Security Architectures Privacy and Security Architectures • Express policies in a structured language (e.g., XML) • Identify requesters • Compare data collection and release purposes • Enforce retention rules • Notify data owners and subscribers • Verify compliance

  12. Privacy and Security Architectures Mapping to Data Standards Electronic Policy Statements

  13. Privacy and Security Architectures Policy Authoring Language • A mechanism to specify policy rules in unambiguous terms • XML Access Control Markup Language (XACML) • Machine-readable • Supports federated and dynamic policies

  14. Privacy and Security Architectures XACML Architecture http://en.wikipedia.org/wiki/XACML

  15. Privacy and Security Architectures XACML Statements

  16. Privacy and Security Architectures Encoding Rules Into XACML

  17. Design Time Rule Assertions Concepts Part 2 – DESIGN Time Walkthrough

  18. Using Policy Templates • Traditional NIEM approach focuses on the information exchange data handling • Uses XSD schema to define content structure and metadata • Need is for a bridge between the NIEM schema, the XML information instances and the XACML rule assertion language • Approach is based on visual content structure templates with declarative rule assertions 18

  19. Approach in a Nutshell 1 S C H E M A NIEM IEPD D E P L O Y E D 4 XACML Engine P O L I C I E S Output Templates Output Templates Exchange Structures 3 XACML Generation Tool 2 Policy Assertion Template XACML XML Script Rule Assertions Rules Asserted to Nodes in the Exchange Structure via simple XPath associations 19

  20. SAR Visual Template + Rule Assertions Rules Assertions associate and control access privacy to specific content areas in the SAR details structure Visual metaphor allows policy analysts to verify directly 20

  21. NIEM / GRA Operational Scenario 1 CAM Editor Visual Designer 2 S C H E M A NIEM IEPD P O L I C I E S Rule Assertions Output Templates Output Templates Exchange Templates NIEM data flows 5 3 Information Exchange Information Exchange INTERFACES INTERFACES Generated XACML Rules XACML Engine 4 NIEM XML NIEM XML 21

  22. CAM toolkit + CAMV engine • Open source solutions – designed to support XML and industry vocabularies and components for information exchanges • Implementing the OASIS Content Assembly Mechanism (CAM) public standard • CAMV validation framework and test suite tools • Development sponsored by Oracle CAM Editor resources site: http://www.cameditor.org 22

  23. Next Steps • Enhance CAM Editor UI to provide wizards for policy rule assertion entry • Provide XSLT to generate XACML from CAM template • Enhance reporting tools to show policy details in plain English details • Test with sample JPS NIEM exchange schema 23

  24. Illustrative deployment with XACML services and application Part 3 – Deployment WITH Registry

  25. Electronic Policy Statements Application Scenario Details 1 Policy Rules User Profiles Portal User Dashboard 5 2 3 Response (PEP) Request Case Management + PAP Output Templates Output Templates Output Templates Output Templates Requested Information Information Requests Output Templates Output Templates Registry Services Case Documents XML XML XML XACML XML Users see only information permitted by their role and policy profile 4 Apply Policy Rules to Requested Case Content (PDP Engine) 25 XACML

  26. Privacy and Security Architectures Registry Policy Enforcement

  27. Privacy and Security Architectures Privacy Policy Technical Framework

  28. Publishing Content (Bulk Import Tool) Bulk loader will trawl server and folder location for content – e.g. original SAR XML documents Bulk Publish of SAR documents 28

  29. SAR Discovery and Retrieval SAR Discovery Query (easily extended / tailored without code changes) allows rapid prototyping and verification of content and operations Results returned digest and content retrieval options 29

  30. Review Summary

  31. Dramatically simpler policies adoption Can be rapidly developed with existing tools Can be visually inspected and verified by policy analysts Enables use of dynamic contextual policies Supports international standards work Key Messages 31

  32. Contributors • James E. Cabral Jr. – IJIS/OASIS and MTGM LLC • David Webber – Oracle Public Sector NIEM team • Farrukh Najmi – OASIS ebXML RegRep, SunXACML project and Wellfleet Software 32

  33. Resources • OASIS CAM and tools project sitehttps://www.oasis-open.org/committees/camhttp://cameditor.org (sourceforge.net) • OASIS XACML and tools project sitehttps://www.oasis-open.org/committees/xacmlhttp://sunxacml.sourceforge.net/ • OASIS ebXML RegRep and Implementing Registryhttps://wiki.oasis-open.org/regrep/http://goo.gl/cEpnC 33

More Related