NIEM and Content Policy briefing David Webber - Public Sector NIEM Team, April 2013 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary.

Slides:

Advertisements

Similar presentations

May 23, 2004OWL-S straw proposal for SWSL1 OWL-S Straw Proposal Presentation to SWSL Committee May 23, 2004 David Martin Mark Burstein Drew McDermott Deb.

Advertisements

Chapter 7 System Models.

Putting the Pieces Together Grace Agnew Slide User Description Rights Holder Authentication Rights Video Object Permission Administration.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.

1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.

Data Architecture at CIA Dave Roberts Chief Technical Officer Application Services, CIO CIA

SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

OMII-UK Steven Newhouse, Director. © 2 OMII-UK aims to provide software and support to enable a sustained future for the UK e-Science community and its.

© 2009 IBM Corporation iEA16 Defining and Aligning Requirements using System Architect and DOORs Paul W. Johnson CEO / President Pragmatica Innovations.

Beyond Order Orchestration: Plan and Execute with Allocation and Backlog Management Rajat Bhargav, Director, Product Strategy Danny Smith, Executive Director,

Week 2 The Object-Oriented Approach to Requirements

Configuration management

Software change management

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 1.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 of the corporate.

Database System Concepts and Architecture

Dictionaries Tutorial Overview – Public Sector NIEM Team, November 2012 CAM Test Model Data Deploy Requirements Build Exchange Generate Dictionary XML.

Future of NIEM Tools Delivery Public Sector NIEM Team, July 2012 Futureof NIEM Tools.

Oracle User Productivity Kit Professional Ensuring Success with Oracle Apps

NIEM, CAM and the 7 “D’s” David Webber - Public Sector NIEM Team, November 2011 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary.

Semantics and Information Exchanges Overview – Public Sector NIEM Team, June 2011 CAM Test Model Data Deploy Requirements Build Exchange Generate Dictionary.

David Webber, NIEM Team, Oracle Public Sector NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary Exchange Development Taking a.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.

XML Exchange Development CAM Technology Tutorial – Public Sector NIEM Team, June 2011 CAM Test Model Data Deploy Requirements Build Exchange Generate Dictionary.

1 1 Roadmap to an IEPD What do developers need to do?

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Open Data API delivery “Open-XDX” David Webber, Information Architect, Oracle Public Sector Open Data Exchange.

NIEM Team, Oracle Public Sector Technology Introduction – September 2011 CAMV Test Model Data Deploy Requirements Build Exchange Generate Dictionary Exchange.

Open Data API delivery “Open-XDX” David Webber, Information Architect, Oracle Public Sector Open Data Exchange October, 2012.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

Aurora: A Conceptual Model for Web-content Adaptation to Support the Universal Accessibility of Web-based Services Anita W. Huang, Neel Sundaresan Presented.

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1 Quick Tutorial – Part 1 Using Oracle BPM with Open Data Web Services David Webber.

NIEM and Information Exchanges Overview – Public Sector NIEM Team, December 2011 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary.

1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Reporting from Contract.

James Cabral, David Webber, Farrukh Najmi, July 2012.

-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.

PROJECT NAME: DHS Watch List Integration (WLI) Information Sharing Environment (ISE) MANAGER: Michael Borden PHONE: (703) extension 105.

NIEM, CAM and the 8 “D’s” David Webber - Public Sector NIEM Team, December 2011 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary.

Tom Clarke VP, Research & Technology National Center for State Courts.

Introduction to MDA (Model Driven Architecture) CYT.

NIEM Blue Team Presentation April 20, 2010 Phil Letowt, Mini Kanwal, Ken Sall, David Webber ICE OCIO / Task ASAS ICE Information Exchange Reuse with NIEM.

9/11 - Tens Years On Overview – Public Sector NIEM Team, October 2011 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary XML Exchange.

1 Quick Guide to CAM Dictionaries Building and using Canonical XML dictionaries for CAM (CAM – Content Assembly Mechanism Specification) Author: David.

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1 Quick Tutorial – Part 2 Open Data Web Services for Oracle BPM August, 2013 Forms.

David Webber, NIEM Team, Oracle Public Sector Rapid NIEM XML Exchange Design, Semantics and UML Models NIEM Test Model Data Deploy Requirements Build Exchange.

1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Contract Management.

Interfacing Registry Systems December 2000.

Public Sector NIEM Team, December 2011 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary XML Exchange Development National Information.

Systems Design Approaches The Waterfall vs. Iterative Methodologies.

United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

1 1 CAM Toolkit for NIEM IEPD Development Phil Letowt – DHS/ICE David Webber – ICE Data Architect.

NIEM Information Exchange Package Documentation (IEPD) Mini Kanwal NIEM Technical Advisor Department of Homeland Security September, 7 th 2006.

NIEM WHAT IS IT REALLY?. XML ORB: VIEWS & INSIGHTS David Webber XML savant blog: XMLOrb CAMeditor.org.

L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

S&I Integration with NIEM (DRAFT) Standards Development Support June 8, 2011.

1 The New York State Integrated Justice Information Exchange Project BJA Regional Information Sharing Conference: Information Exchange Modeling/Business.

U NITED N ATIONS C ENTRE F OR T RADE F ACILITATION A ND E LECTRONIC B USINESS Under the auspices of United Nations Economic Commission for Europe UN/CEFACT.

Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.

Silverstein Group Presenter Moshe Silverstein A Content Assembly Mechanism Technology Overview Context & Integration A Content Assembly Mechanism Technology.

Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

Building Enterprise Applications Using Visual Studio®

Presentation transcript:

NIEM and Content Policy briefing David Webber - Public Sector NIEM Team, April 2013 NIEM Test Model Data Deploy Requirements Build Exchange Generate Dictionary XML Exchange Development NIEMand Content Policy

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation The following is not intended to outline Oracle general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Disclaimer Notice Slide ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Executive Overview Managing information privacy and access policies has become a critical need and technical challenge. The desired solution should be ubiquitous, syntax neutral but a simple and lightweight approach that meets the legal policy requirements though the application of clear, consistent and obvious assertions. Today we have low-level tools that developers know how to implement with, and we have legal documents created by lawyers, but then there is a chasm between these two worlds ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Approach The solution we are introducing will: Enable business information analysts to apply and manage the policy profiles Provide a clear separation between content and policy artifacts Allow reuse of policies across content instances Provide a clear declarative assertions based method, founded on policy approaches developed by the business rules technologies community Leveraging open software standards and tools ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation DNI exchange level mission requirements Marking validation to ensure controlled values and business rules are followed. Cross-domain discovery, access, and dissemination capabilities based on access policy logic that leverages electronic security markings along with other key metadata about users, services, clearances, and access environments. Source: information-officer/information-security-marking-metadata information-officer/information-security-marking-metadata 5 This is the domain of NIEM and exchange services 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation DNI document rendering requirements User interfaces and processing logic that helps users and services to reliably assign and manipulate information security markings at the portion and document level. Automated rendering of electronic portion markings, security banners, classification authority blocks, and other security control markings in accordance with the IC's classification and control marking system and associated executive orders, statutes, and DNI policies. 6 This can be handled as entirely separate layer per local users handling of content 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Important Considerations Embedding security markings in content can compromise that content and make it a target Keeping policy separate from content makes the application flexible and consistent Document instances do not reveal aspects of their content while allowing dynamic application of policy rules Rules based approaches can be much more predictable and flag content that security markings alone cannot NIEM facilitates this approach by providing consistent content semantics ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Application Scenario Overview 8 Policy Rules Portal User Dashboard 1 1 Apply Policy Rules to Requested Case Content 4 4 Users see only information permitted by their role and policy profile (digest and detail levels) Request Output Templates Information Requests 2 2 Case Management Registry Services Registry Services 3 3 Output Templates Case Documents XML Response Output Templates Requested Information 5 5 User Profiles 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation The 8 “D”s and NIEM Design Develop Deploy Document Dictionaries Discovery Differentiate Diagnose Repeatable, Reusable Process (Exchange Specification Lifecycle) NIEM IEPD Process *IEPD - Information Exchange Package Documentation ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Example - Suspicious Activity Report V2.0 dictionaries XML SAR v1.5 components NIEM core dictionary LEXS dictionary SAR v1.5 components NIEM core dictionary LEXS dictionary LEXS components referenced New structure components based on NIEM + SAR + new SAR conceptual components Definitions stored as syntax neutral canonical XML NIEM core components Dictionary Collection Namespaces of dictionary components CAM Editor project for NIEM ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Differentiate This step includes building in deployment specific details and rules and usage policy determinations Add additional XPath rules for local integration needs Constrain code lists to local use Limit and restrict content based on policy and role of exchange partners Contextually exclude structure components based on rules Create other integration artifacts for middleware such as policy control, partner certificates and security configuration Can configure these aspects through the CAM template editor and using middleware tools CAM Editor project for NIEM – ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation SAR Visual Template + Rule Assertions Rules Assertions associate and control access privacy to specific content areas in the SAR details structure Visual metaphor allows policy analysts to verify directly 12 SAR – Suspicious Activity Report 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Deploy, Diagnose and Document Once structure information exchange is complete need to test and verify it by generating realistic XML examples Validate those against the exchange template Share working examples with exchange partners Share documentation (IEPD) Generate NIEM IEPD artifacts including Business component usage report with rules and definitions Code list details and content checks UML models Spreadsheets of Policy Rules ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation TECHNOLOGY REQUIREMENTS Policy Templates and Profiles 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Use Case – SAR Case Management Three levels of information access Citizen level reporting - SAR statistics Local law enforcement officials - case review State and Federal - case management and coordination This means three profiles: Profile 1 - Registry query - statistics results Profile 2 - Local staff Profile 3 - Regional staff ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Using Policy Templates Traditional NIEM approach focuses on the information exchange data handling Uses XSD schema to define content structure and metadata Need is for a bridge between the NIEM schema, the XML information instances and the XACML rule assertion language Approach is based on visual content structure templates with declarative rule assertions ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation D E P L O Y E D Approach in a Nutshell XACML Engine XACML Engine Rule Assertions P O L I C I E S Output Templates Exchange Structures Policy Assertion Template 2 2 S C H E M A NIEM IEPD NIEM IEPD 1 1 XACML Generation Tool 3 3 XACML XML Script 4 4 Rules Asserted to Nodes in the Exchange Structure via simple XPath associations ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Policy Granularity Coarse-Grained Role-based authorization of subjects. Access granted to coarse- grained data objects. E.g., “Permit law enforcement to access the NCIC Wanted Persons Database.” Fine-Grained Attribute-based authorization of subjects. Access limited to specific data objects based on attributes. E.g., “Permit law enforcement to access criminal history records if the records were created by the requester’s agency.” ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Actions. Rule and Context Metadata 19 Properties of the access rules and environment. Conditions –Subject. –Resource. –Policy. Obligations. 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Express policies in a structured language (e.g., XML) Identify requesters Compare data collection and release purposes Enforce retention rules Notify data owners and subscribers Verify compliance Privacy and Security Architectures ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Mapping to Data Standards 21 GFIPM User Metadata NIEM GFIPM Content Metadata XACML Actions Electronic Policy Statements 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation A mechanism to specify policy rules in unambiguous terms XML Access Control Markup Language (XACML) Machine-readable Supports federated and dynamic policies Policy Authoring Language ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation SUMMARY AND REVIEW Policy Templates and Profiles 2013,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation Key Messages Dramatically simpler policies adoption Can be rapidly developed with existing tools Can be visually inspected and verified by policy analysts Enables use of dynamic contextual policies Leverages UML and semantic modelling Supports international standards work ,

Copyright ©2011, Oracle. All rights reserved. Oracle Draft Materials – Limited Circulation CAMeditor.ORG Project Statistics ‹#› SNAPSHOT OF PROJECT ACTIVITIES 120,000 CAMeditor.org page visits to date 165+ countries have downloaded tools; 27% of visitors are from U.S.; 750+ downloads weekly video training minutes viewed monthly 8 languages now available 2013,