Title: Privacy%20and%20Access%20Control%20Issues%20in%20Financial%20Enterprise%20Content%20Management%20with%20a%20Web%20Services%20Integration%20Environment
1Privacy and Access Control Issues in Financial
Enterprise Content Management with a Web Services
Integration Environment
Dickson K. W. CHIU Senior Member, IEEE kwchiu_at_acm.org, dicksonchiu_at_ieee.org Patrick C. K. HUNG Faculty of Business and Information Technology, University of Ontario Institute of Technology Patrick.Hung_at_uoit.ca
Kevin H.S. Kwok Dept. of Computer Science
Engineering, Chinese University of Hong
Kong khskwok_at_yahoo.com
2Introduction
- Financial enterprise content refers to the pieces
of information (in particular its Web sites),
e.g., financial research, market commentary,
calendar events, trading ideas, bond offerings,
etc. - Published content
- Contributes highly to customer relationship
management (CRM) - Provides valuable advices for decision making of
client investors, - Has a high impact on the image and
professionalism of the enterprise - Is also used for internal decision making
- A good FECMS can produce high return on
investment and is a valuable asset of the
enterprise
3FECMS Overview
- 4Ts tagging, taxonomy, templating, tiering
4Management Objects and Concerns
- 4 Goals - Management, Cost, Legal issues, and
Value - Knowledge and organizational memory can be
captured in enterprise content (M) - Replace semi-manual systems and integrated
heterogeneous systems (MCV) - Replace current cost ineffective and bad
time-to-market hardcopy publishing and delivery
of content (CV) - Standardized enterprise-wide policies and
business processes provide a mechanism for
content creation and management functions (M) - Metadata (taxonomy) about the content (MV)
- Integration with third-party FECMS or information
sources to form a service grid (MV) - Help ensure compliance with relevant laws and
regulations, e.g., approval policy and procedures
(L) - Privacy and access control (MLV)
- CRM (CV)
5Challenges for FECMS
- Global system integration
- Content flow management
- Privacy and Access Control Issues
6Integration and Management
- Global system integration
- Content flow management
- Heterogeneous existing systems and interfaces
- Both within and among enterprises
- Global system with multiple sites
- A mechanism for analysts all over the world to
contribute commentary and publish them - Intrinsic value of a commentary depreciates
exponentially (therefore should be published in
minutes - Contradicting requirements - editors and auditors
have to check content publication against
possibility of violation of laws and regulations,
which vary across countries and states
7Privacy and Access Control Issues
- Information privacy - an individuals right to
determine how, when, and to what extent
information about the self will be released to
another person or to an organization - Concerned with the confidentiality of the
sensitive information such as - personal identifiable information (PII)
- health data
- Privacy policies
- describe an organizations data practices
- what information they collect from individuals
(subjects) - for what purpose the information (objects) will
be used - whether the organization provides access to the
information - who are the recipients of any result generated
from the information - how long the information will be retained
- who will be informed in the circumstances of
dispute
8Privacy and Access Control Issues (cont)
- Access Control
- limiting access to information / resources only
to authorized users, programs, processes, or
other systems - on a need-to basis
- according to the authentication of their
identities and the associated privileges
authorization - should be extended with an enterprise wide
privacy policy for managing and enforcing of
individual privacy preferences - U.S. Privacy Act of 1974
9Privacy and Access Control Issues (cont)
- Threats
- Unauthorized disclosure, modification and
destruction of information - Unauthorized utilization and misuse of resources
- Interruption, unknown status and repudiation in
workflow execution content access - Denial of service from stakeholders or resources
- Corruption of stakeholders
- Come from insiders and from the outsiders in each
organization - Consequences
- cause disasters to internal management decision
- affect valuable external client investors
- lead to severe damage of enterprise reputation
- even legal responsibilities
10Technologies Employed in Integration
- Web Services and XML standards for integration
- Simple Object Access Protocol (SOAP)
- Universal Description, Discovery and Integration
(UDDI) - Web Services Description Language (WSDL)
- Advantages
- standard technologies
- wrapping of existing systems / sub-systems
- both inter- and intra-enterprise integration
- support both human and programmatic interfaces
- firewall friendly open platform
- synchronous (such as WS-Transaction) and
asynchronous messaging - faster time to production
- convergence of disparate business functionalities
- significant reduction in total cost of
development - easy to deploy business applications for trading
partners
11Technologies Employed in Privacy and Access
Control
- Enterprise Privacy Authorization Language (EPAL)
- formalize privacy authorizations for actual
enforcement - intra- or inter- enterprise
- abstract data models and user-authentication from
all deployment details - an interoperability language for defining
enterprise privacy policies on data handling
practices - fine-grained positive and negative authorization
rights
12FECMS Architecture and Security
13Enterprise Content Conceptual Model
14Privacy and Access Control Requirements
Elicitation
- Identify the information entities to be protected
- Identify the entitlement and protection that
should be imposed on the stakeholders - By tracing the information flow of the
information entities to be protected, identify
the processes during which such protection should
be enforced and hence the detailed protection
policies as well as the required enhancement to
existing system components - Identify any modification of the existing content
flow or content management process required
15Key information entities to be protected
- The major concern of an FECMS is naturally the
vast amount of content - Almost equally important are the personal
information PII and profiles of content users (in
particular customers) - Users activity records should also be protected
because of privacy requirements. This is often
inadequately handled in existing systems - Content and user taxonomies though mostly visible
to the content management software systems should
be maintained only by specialists.
16Privacy and access control strategies
- Reception of contents into an FECMS should be
adequately monitored and controlled - Sophisticated content access control should be
exercised over content creators and supervisors,
according to content flow and process
requirements - Based on the need-to-know principle
- role-based access control technology by matching
users roles and authorization with the
classification of content items. - Inference of tags should be supported in matching
for ease of flexibility specification (e.g.,
subscription to Asia gt China and HK, Stock gt
warrants) - PII Access control should be strictly restricted
to the user himself and to user managers - taxonomies protection - tight control for only
specialists access
17Content Reception Engine
- Publish and Subscribe mechanism
- Separation of Active Rule / Analytical Module
- Event-Condition-Action (ECA) Rules
- Re-classify received content
- Forward a selection of received / generated
content to relevant analysts and Content Creators
- Forward selected content for immediate publishing
18Content Reception Engine Protection
- Strict verification and authorization before
accepting new Content Providers - Security tokens (for sessions) - Security
Assertions Markup Language (SAML) - Web Services Security (WS-Security) - message
integrity, confidentiality, and single message
authentication - condition Designated_Specialists FALSEgt
- Provides authorized to provide only certain types
of content (based on tags) - Sources maliciously flooding the system may even
be totally rejected - Quarantine contents from problematic providers
specialists examination only - Content items of sensitive topics (say, politics
and major market changes) are forwarded to and
only accessible to designated specialists for
approval
19EPAL example
- ltALLOW
- user-category Content_Provider
- data-category Any_Content
- purpose Distribution
- operation publish
- condition Authorization_Clearance TRUEgt
- ltDENY
- user-category Content_Users
- data-category Politics_Content
- purpose Any
- operation access
- condition Designated_Specialists FALSEgt
20Content Editorial Engine
- Typical Content Flow
- A Content Author creates a piece of content,
determines its tier and tags - Content sent to Content Editor for revision.
- Approved by Content Approver.
- If Content Editor suspects violation of laws /
regulations, content is sent to a Content
Auditor. Before the Content Auditors approval,
customers from those countries cannot receive or
read it.
21Content Editorial Engine Protection
- Need-to-know principle
- Capability matching of personnel to content tags
- Content in progress may be incomplete and error
prone - only accessible to the author before
approval - Content Creator cannot update content items
submitted for editing, unless editors request for
their amendments because the content editor is
possibly updating it - Content auditors can change or remove all content
items classify under their capabilities plus
regional restrictions - Supervisor override
- read access all content items under their
subordinates work unless otherwise classified - update access should require managerial approval
- manager of a department can access all content
items under work for that department - Update access rights of reassign work of a
rerouted content item
22Content Publishing Engine
- Content is sent to the user via
- email, SMS, and/or ICQ as specified by
interactive users at subscription time. - Web Services to the access point as specified by
programmatic (usually institutional) users. - Indirectly through external Content Distributors
23Content Publishing Engine Protection
- RBAC
- matching users roles and authorization with the
classification of content items - Simple tiering is not enough
- subscription payment
- regional locale (because of legal requirements)
- a more refined customer segmentation
- Different parts of content may have different
access control (summaries are lower) - Users classification change
- Remove conflicting subscription categories
- Check authorization before the distribution of
every content item
24Global Repository Management System
- Provides backing support for user information and
consistent global taxonomy - Maintains users access to various global and
regional Web sites as a single entity - Keep minimal vital information
- Improve performance and reliability, replication
techniques (cf. Oracle) - Protection
- strict authorization and through software systems
only - Users are allowed to view and update their
profiles after authentication - broker or financial advisor (and the advisors
supervisors) of a user can read access a users
profile and update it only upon authorization - update access rules when supervisors assign
temporary or alternate brokers or financial
advisors - Secrecy of content users usage data
25System Integration with Web Services
- Maintain autonomous sub-systems in various units
of the enterprise - XML-based standards
- A convenient architecture to support both human
(B2C) and programmatic interfaces (B2B) - Unified platform for both inter- and intra-
organizational interfaces
26Example publish-and-subscribe through Web
Services
- An institutional user submitting a request to the
updateSubscription Web Service of a Content
Publishing Engine (parameters categories of
required content, the address of its own
reception Web Services access point) - The institution user has to implement a Web
Service conforming to the specification of the
receiveContent service of the Content Reception
Engine. - The Content Publishing Engine verifies the
request and relays successful request to the
Global Repository Management System. - When new content arrives at the Content
Publication Engine, the engine queries the Global
Repository Management System through its
getSubscribedUsers Web Service, with the tier and
tags of the new content as parameters. - If the institutional user is included in the
list, the Content Delivery Module of the Content
Publication Engine will invoke the user-specified
Web Service accordingly to deliver the piece of
content.
27Technical Advantages
- Complex FECMS decomposed into a set of highly
coherent but loosely coupled sub-systems - Easier for security analysis and identify flaws
in content management processes - Highly scalable and interoperable
- Web Services allow no practical limitations in
implementation platform - For legacy systems, wrappers may be built around
them - Gradual migration into FECMS possible
- Generic architecture for other service oriented
industries - software houses may develop packages
with our approach - External Web Service interfaces are simple
possible for SME to participate content exchange
28Conclusions
- Studied the requirements and technical problems
of ECM in financial industry - A practical enterprise content model and
architecture - Identified key privacy and access control
requirements and policy - Design of FECMS components for effective and
timely content flow management - Use of Web Services / EPAL for inter- and intra-
enterprise FECMS integration.
29Future Work
- Application of Semantic Web technologies in
content management, flow, and distribution - Watermarking to reinforce document management
policies by supporting non-repudiation in the
document distribution protocol (HICSS36) - The application of an advanced workflow
management system in FECMS, such as ADOME-WFMS - Using the concept of flows and alerts in workflow
based information integration (HICSS37) - In depth study of relations to CRM (HICSS36)
- Document service negotiation