Weitere ähnliche Inhalte Ähnlich wie Thoughts on Access Control in Enterprise Recommender Systems (20) Kürzlich hochgeladen (20) Thoughts on Access Control in Enterprise Recommender Systems1. gefördert durch das Kompetenzzentrenprogramm
Heimo Gursch
Some Thoughts and Aspects on Access Control
Related Issues for Enterprise Recommender
Systems
www.know-center.at
10 July 2013
Workshop on Academic-Industrial Collaborations for Recommender Systems
© Know-Center 2013
Thoughts on Access
Control in Enterprise
Recommender Systems
2. © Know-Center 2013
2
Agenda
What am I working on?
Why are we working on that?
What are the major concerns?
Access Control
What are the problems?
What can be done about it?
Recommender
Why use them?
What can they achieve?
3. © Know-Center 2013
3
Our Project & my background
Project Setting
Four large German Companies
Amounts of information is increasing
Enterprise search is not enough
Project Goals
Single entry point to all information
Help engineers to find whatever they are looking for
Create a prototype that is capable of
Enterprise Search
Recommender
Extract, show and use relations between data
6. © Know-Center 2013
6
The big trade-off
Current situation is unsatisfying
Recommender would bring “too much” information
Recommend to user only Information where access is
possible
Closed Open
Information
7. © Know-Center 2013
7
Access Control Concerns
Access Control is a “necessary evil” to ensure
Confidentiality
Traceability
Status quo
Role based access control (RBAC)[1]
1000s of roles
SSO only over some systems
Problems when changes are necessary
Solutions
Adapt the current system
Start over clean…
[1] D.F. Ferraiolo and D.R. Kuhn, “Role-Based Access Controls”, in 15th National Computer Security Conference, 1992,
Baltimore MD, Pages 554-563
8. © Know-Center 2013
8
Possible Solutions[2]
Attribute Based Access Control
Problem: Decide on attributes
Authorization Based Access Control
Abbreviated ABAC or ZBAC
User checks out token to get access
Token holds all the information needed by target systems
Token or parts of it can be passed on
First realization[3]
SOAP Messages with X.509 Certificate
[2] A.H. Karp, H. Haury, and M.H. Davis, “From ABAC to ZBAC: The Evolution of Access Control Models From ABAC to ZBAC”,
2009
[3] J. Li and A. H. Karp, “Zebra Copy : A Reference Implementation of Federated Access Management 1”, 2007
9. © Know-Center 2013
9
Bring in the Recommender…
Recommender can help with questions like…
Has anybody done something with…
Give me more like that
Combining -based Recommenders
Content-based: Short-term model
Knowledge-based: Long-term model
“Knowledge”
Job description
Assigned tasks
…
Content
Knowledge
10. © Know-Center 2013
10
Content & Knowledge-based
Recommender
User independent Serendipity problem
Model overcomes the new
user problem
Limitation of content
analyse
Fast integration of new
items
Tweaks by the user are
possible
Changing user interest
11. © Know-Center 2013
11
Combine Recommender & Access Control
Criteria for the solution
High-performance solution that is parallelisable
Ensure access control in any case
Possible solutions
Check access control before anything else is done
Use a multi-criteria recommender system
Multi-criteria recommender system
Define a aggregation function
Base recommendation on
Access control
Short-time model
Long-time model
12. © Know-Center 2013
12
Key aspect for success
Give possible solution
Show that infrastructure is the result of the problem not the
cause
Need to know vs. good to know
Show potential
Produce a prototype that consists of
Search
Recommender
Access-control concepts
13. © Know-Center 2013
13
Summary & Closing Arguments
Project Settings
Problems and the current situation at our partners
User/role management
Information needs of employees
Situation we work towards
Change access management
Introduce the recommender systems
Improve enterprise search that employees actuality use it
14. gefördert durch das Kompetenzzentrenprogramm
Heimo Gursch
Some Thoughts and Aspects on Access Control
Related Issues for Enterprise Recommender
Systems
www.know-center.at
10 July 2013
Workshop on Academic-Industrial Collaborations for Recommender Systems
© Know-Center 2013
Thoughts on Access
Control in Enterprise
Recommender Systems