Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIEM and Content Policy briefing David Webber - Public Sector NIEM Team, April 2013 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary.

Similar presentations


Presentation on theme: "NIEM and Content Policy briefing David Webber - Public Sector NIEM Team, April 2013 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary."— Presentation transcript:

1 NIEM and Content Policy briefing David Webber - Public Sector NIEM Team, April 2013 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary XML Exchange Development NIEMand Content Policy

2 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation The following is not intended to outline Oracle general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Disclaimer Notice Slide ,

3 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Executive Overview Managing information privacy and access policies has become a critical need and technical challenge. The desired solution should be ubiquitous, syntax neutral but a simple and lightweight approach that meets the legal policy requirements though the application of clear, consistent and obvious assertions. Today we have low-level tools that developers know how to implement with, and we have legal documents created by lawyers, but then there is a chasm between these two worlds ,

4 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Approach The solution we are introducing will: Enable business information analysts to apply and manage the policy profiles Provide a clear separation between content and policy artifacts Allow reuse of policies across content instances Provide a clear declarative assertions based method, founded on policy approaches developed by the business rules technologies community Leveraging open software standards and tools ,

5 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation DNI exchange level mission requirements Marking validation to ensure controlled values and business rules are followed. Cross-domain discovery, access, and dissemination capabilities based on access policy logic that leverages electronic security markings along with other key metadata about users, services, clearances, and access environments. Source: information-officer/information-security-marking-metadata information-officer/information-security-marking-metadata 5 This is the domain of NIEM and exchange services 2013,

6 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation DNI document rendering requirements User interfaces and processing logic that helps users and services to reliably assign and manipulate information security markings at the portion and document level. Automated rendering of electronic portion markings, security banners, classification authority blocks, and other security control markings in accordance with the IC's classification and control marking system and associated executive orders, statutes, and DNI policies. 6 This can be handled as entirely separate layer per local users handling of content 2013,

7 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Important Considerations Embedding security markings in content can compromise that content and make it a target Keeping policy separate from content makes the application flexible and consistent Document instances do not reveal aspects of their content while allowing dynamic application of policy rules Rules based approaches can be much more predictable and flag content that security markings alone cannot NIEM facilitates this approach by providing consistent content semantics ,

8 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Application Scenario Overview 8 Policy Rules Portal User Dashboard 1 1 Apply Policy Rules to Requested Case Content 4 4 Users see only information permitted by their role and policy profile (digest and detail levels) Request Output Templates Information Requests 2 2 Case Management Registry Services Registry Services 3 3 Output Templates Case Documents XML Response Output Templates Requested Information 5 5 User Profiles 2013,

9 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation The 8 “D”s and NIEM Design Develop Deploy Document Dictionaries Discovery Differentiate Diagnose Repeatable, Reusable Process (Exchange Specification Lifecycle) NIEM IEPD Process *IEPD - Information Exchange Package Documentation ,

10 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Example - Suspicious Activity Report V2.0 dictionaries XML SAR v1.5 components NIEM core dictionary LEXS dictionary SAR v1.5 components NIEM core dictionary LEXS dictionary LEXS components referenced New structure components based on NIEM + SAR + new SAR conceptual components Definitions stored as syntax neutral canonical XML NIEM core components Dictionary Collection Namespaces of dictionary components CAM Editor project for NIEM 2013,

11 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Differentiate This step includes building in deployment specific details and rules and usage policy determinations Add additional XPath rules for local integration needs Constrain code lists to local use Limit and restrict content based on policy and role of exchange partners Contextually exclude structure components based on rules Create other integration artifacts for middleware such as policy control, partner certificates and security configuration Can configure these aspects through the CAM template editor and using middleware tools CAM Editor project for NIEM – ,

12 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation SAR Visual Template + Rule Assertions Rules Assertions associate and control access privacy to specific content areas in the SAR details structure Visual metaphor allows policy analysts to verify directly 12 SAR – Suspicious Activity Report 2013,

13 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Deploy, Diagnose and Document Once structure information exchange is complete need to test and verify it by generating realistic XML examples Validate those against the exchange template Share working examples with exchange partners Share documentation (IEPD) Generate NIEM IEPD artifacts including Business component usage report with rules and definitions Code list details and content checks UML models Spreadsheets of Policy Rules ,

14 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation TECHNOLOGY REQUIREMENTS Policy Templates and Profiles 2013,

15 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Use Case – SAR Case Management Three levels of information access Citizen level reporting - SAR statistics Local law enforcement officials - case review State and Federal - case management and coordination This means three profiles: Profile 1 - Registry query - statistics results Profile 2 - Local staff Profile 3 - Regional staff ,

16 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Using Policy Templates Traditional NIEM approach focuses on the information exchange data handling Uses XSD schema to define content structure and metadata Need is for a bridge between the NIEM schema, the XML information instances and the XACML rule assertion language Approach is based on visual content structure templates with declarative rule assertions ,

17 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation D E P L O Y E D Approach in a Nutshell XACML Engine XACML Engine Rule Assertions P O L I C I E S Output Templates Exchange Structures Policy Assertion Template 2 2 S C H E M A NIEM IEPD NIEM IEPD 1 1 XACML Generation Tool 3 3 XACML XML Script 4 4 Rules Asserted to Nodes in the Exchange Structure via simple XPath associations ,

18 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Policy Granularity Coarse-Grained Role-based authorization of subjects. Access granted to coarse- grained data objects. E.g., “Permit law enforcement to access the NCIC Wanted Persons Database.” Fine-Grained Attribute-based authorization of subjects. Access limited to specific data objects based on attributes. E.g., “Permit law enforcement to access criminal history records if the records were created by the requester’s agency.” ,

19 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Actions. Rule and Context Metadata 19 Properties of the access rules and environment. Conditions –Subject. –Resource. –Policy. Obligations. 2013,

20 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Express policies in a structured language (e.g., XML) Identify requesters Compare data collection and release purposes Enforce retention rules Notify data owners and subscribers Verify compliance Privacy and Security Architectures ,

21 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Mapping to Data Standards 21 GFIPM User Metadata NIEM GFIPM Content Metadata XACML Actions Electronic Policy Statements 2013,

22 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation A mechanism to specify policy rules in unambiguous terms XML Access Control Markup Language (XACML) Machine-readable Supports federated and dynamic policies Policy Authoring Language ,

23 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation SUMMARY AND REVIEW Policy Templates and Profiles 2013,

24 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Key Messages Dramatically simpler policies adoption Can be rapidly developed with existing tools Can be visually inspected and verified by policy analysts Enables use of dynamic contextual policies Leverages UML and semantic modelling Supports international standards work ,

25 Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation CAMeditor.ORG Project Statistics ‹#› SNAPSHOT OF PROJECT ACTIVITIES 120,000 CAMeditor.org page visits to date 165+ countries have downloaded tools; 27% of visitors are from U.S.; 750+ downloads weekly video training minutes viewed monthly 8 languages now available 2013,


Download ppt "NIEM and Content Policy briefing David Webber - Public Sector NIEM Team, April 2013 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary."

Similar presentations


Ads by Google