SlideShare ist ein Scribd-Unternehmen logo

Thoughts on Access Control in Enterprise Recommender Systems

H
heimo-ge

Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems This presentation was given on the 10th of July at the Mendeley event "Workshop on Academic-Industrial Collaborations for Recommender Systems"

TechnologieBusiness
1 von 14
Downloaden Sie, um offline zu lesen
gefördert durch das Kompetenzzentrenprogramm Heimo Gursch Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems www.know-center.at 10 July 2013 Workshop on Academic-Industrial Collaborations for Recommender Systems © Know-Center 2013 Thoughts on Access Control in Enterprise Recommender Systems
© Know-Center 2013 2 Agenda  What am I working on?  Why are we working on that?  What are the major concerns?  Access Control  What are the problems?  What can be done about it?  Recommender  Why use them?  What can they achieve?
© Know-Center 2013 3 Our Project & my background  Project Setting  Four large German Companies  Amounts of information is increasing  Enterprise search is not enough  Project Goals  Single entry point to all information  Help engineers to find whatever they are looking for  Create a prototype that is capable of  Enterprise Search  Recommender  Extract, show and use relations between data
© Know-Center 2013 4 The Problems – Company Policy
© Know-Center 2013 5 The Problems – What is Going on
© Know-Center 2013 6 The big trade-off  Current situation is unsatisfying  Recommender would bring “too much” information  Recommend to user only Information where access is possible Closed Open Information
© Know-Center 2013 7 Access Control Concerns  Access Control is a “necessary evil” to ensure  Confidentiality  Traceability  Status quo  Role based access control (RBAC)[1]  1000s of roles  SSO only over some systems  Problems when changes are necessary  Solutions  Adapt the current system  Start over clean… [1] D.F. Ferraiolo and D.R. Kuhn, “Role-Based Access Controls”, in 15th National Computer Security Conference, 1992, Baltimore MD, Pages 554-563
© Know-Center 2013 8 Possible Solutions[2]  Attribute Based Access Control  Problem: Decide on attributes  Authorization Based Access Control  Abbreviated ABAC or ZBAC  User checks out token to get access  Token holds all the information needed by target systems  Token or parts of it can be passed on  First realization[3]  SOAP Messages with X.509 Certificate [2] A.H. Karp, H. Haury, and M.H. Davis, “From ABAC to ZBAC: The Evolution of Access Control Models From ABAC to ZBAC”, 2009 [3] J. Li and A. H. Karp, “Zebra Copy : A Reference Implementation of Federated Access Management 1”, 2007
© Know-Center 2013 9 Bring in the Recommender…  Recommender can help with questions like…  Has anybody done something with…  Give me more like that  Combining -based Recommenders  Content-based: Short-term model  Knowledge-based: Long-term model  “Knowledge”  Job description  Assigned tasks  … Content Knowledge
© Know-Center 2013 10 Content & Knowledge-based Recommender  User independent  Serendipity problem  Model overcomes the new user problem  Limitation of content analyse  Fast integration of new items  Tweaks by the user are possible  Changing user interest
© Know-Center 2013 11 Combine Recommender & Access Control  Criteria for the solution  High-performance solution that is parallelisable  Ensure access control in any case  Possible solutions  Check access control before anything else is done  Use a multi-criteria recommender system  Multi-criteria recommender system  Define a aggregation function  Base recommendation on  Access control  Short-time model  Long-time model
© Know-Center 2013 12 Key aspect for success  Give possible solution  Show that infrastructure is the result of the problem not the cause  Need to know vs. good to know  Show potential  Produce a prototype that consists of  Search  Recommender  Access-control concepts
© Know-Center 2013 13 Summary & Closing Arguments  Project Settings  Problems and the current situation at our partners  User/role management  Information needs of employees  Situation we work towards  Change access management  Introduce the recommender systems  Improve enterprise search that employees actuality use it
gefördert durch das Kompetenzzentrenprogramm Heimo Gursch Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems www.know-center.at 10 July 2013 Workshop on Academic-Industrial Collaborations for Recommender Systems © Know-Center 2013 Thoughts on Access Control in Enterprise Recommender Systems

Empfohlen

Moving healthcare applications to the cloud
Moving healthcare applications to the cloudMoving healthcare applications to the cloud
Moving healthcare applications to the cloud
Velocity Technology Solutions
 
ai-presention.pptx
ai-presention.pptxai-presention.pptx
ai-presention.pptx
MuhtasibHossain
 
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
Prolifics
 
Ehr implementation methodology
Ehr implementation methodologyEhr implementation methodology
Ehr implementation methodology
Linda Gebaroff
 
Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...
Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...
Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...
Shahid Shah
 
It to cut it and process costs
It to cut it and process costsIt to cut it and process costs
It to cut it and process costs
STAdcon
 
Wibberly-2014
Wibberly-2014Wibberly-2014
Wibberly-2014
Virginia Rural Health Association
 
James Andrews User Engagement
James Andrews User EngagementJames Andrews User Engagement
James Andrews User Engagement
Incisive_Events
 

Empfohlen

Moving healthcare applications to the cloud
Moving healthcare applications to the cloudMoving healthcare applications to the cloud
Moving healthcare applications to the cloud
Velocity Technology Solutions
 
ai-presention.pptx
ai-presention.pptxai-presention.pptx
ai-presention.pptx
MuhtasibHossain
 
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
Prolifics
 
Ehr implementation methodology
Ehr implementation methodologyEhr implementation methodology
Ehr implementation methodology
Linda Gebaroff
 
Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...
Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...
Reducing Shadow IT by embracing “good enough for HIPAA” horizontal cloud solu...
Shahid Shah
 
It to cut it and process costs
It to cut it and process costsIt to cut it and process costs
It to cut it and process costs
STAdcon
 
Wibberly-2014
Wibberly-2014Wibberly-2014
Wibberly-2014
Virginia Rural Health Association
 
James Andrews User Engagement
James Andrews User EngagementJames Andrews User Engagement
James Andrews User Engagement
Incisive_Events
 
EHS Software Buyer Checklist
EHS Software Buyer ChecklistEHS Software Buyer Checklist
EHS Software Buyer Checklist
Anita Amelia
 
Heuristic evaluation
Heuristic evaluationHeuristic evaluation
Heuristic evaluation
Dikshyanta Dhungana
 
Considerations Checklist: What is High Availability (HA)?
Considerations Checklist: What is High Availability (HA)?Considerations Checklist: What is High Availability (HA)?
Considerations Checklist: What is High Availability (HA)?
Collaborative Consulting
 
SLBdiensten XP sessie: presentatie Microsoft Services
SLBdiensten XP sessie: presentatie Microsoft ServicesSLBdiensten XP sessie: presentatie Microsoft Services
SLBdiensten XP sessie: presentatie Microsoft Services
SLBdiensten
 
Mshi week8: What are the issues and challenges in implementing electronic hea...
Mshi week8: What are the issues and challenges in implementing electronic hea...Mshi week8: What are the issues and challenges in implementing electronic hea...
Mshi week8: What are the issues and challenges in implementing electronic hea...
jgfabia
 
Sneha Summary Resume Final
Sneha Summary Resume FinalSneha Summary Resume Final
Sneha Summary Resume Final
Sneha Patel
 
PairWise introduction
PairWise introductionPairWise introduction
PairWise introduction
Jes Thorbjørn Holt
 
Applying Architecture Design for Information Delivery - HC
Applying Architecture Design for Information Delivery - HCApplying Architecture Design for Information Delivery - HC
Applying Architecture Design for Information Delivery - HC
Human Managed
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Calgary Scientific Inc.
 
A common architecture framework for UAE Educational
A common architecture framework for UAE Educational A common architecture framework for UAE Educational
A common architecture framework for UAE Educational
Luqman Kondeth
 
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Rundeck
 
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and MoreThe Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
TechWell
 
Confessions of an HR Executive
Confessions of an HR ExecutiveConfessions of an HR Executive
Confessions of an HR Executive
hdonbrown
 
Webinar - Design Thinking for Platform Engineering
Webinar - Design Thinking for Platform EngineeringWebinar - Design Thinking for Platform Engineering
Webinar - Design Thinking for Platform Engineering
OpenCredo
 
Top 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a Third
Top 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a ThirdTop 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a Third
Top 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a Third
Original Software
 
FATE_Foundation_it-strategy-oct2013-part1
FATE_Foundation_it-strategy-oct2013-part1FATE_Foundation_it-strategy-oct2013-part1
FATE_Foundation_it-strategy-oct2013-part1
Aide Ojigbede
 
Cloud watch on hrms solutions q2 2013_final_10072013 pre-read
Cloud watch on hrms solutions q2 2013_final_10072013 pre-readCloud watch on hrms solutions q2 2013_final_10072013 pre-read
Cloud watch on hrms solutions q2 2013_final_10072013 pre-read
Ronald van den Berg
 
Oracle Fusion HCM Presentation
Oracle Fusion HCM PresentationOracle Fusion HCM Presentation
Oracle Fusion HCM Presentation
Feras Ahmad
 
Adaptive Case Management – Delivering Right Customer Experience
Adaptive Case Management – Delivering Right Customer ExperienceAdaptive Case Management – Delivering Right Customer Experience
Adaptive Case Management – Delivering Right Customer Experience
Ajay Khanna
 
Pure App + Patterns + Prolifics = Feeding Change
Pure App + Patterns + Prolifics = Feeding Change Pure App + Patterns + Prolifics = Feeding Change
Pure App + Patterns + Prolifics = Feeding Change
Prolifics
 
St josephs project management
St josephs project managementSt josephs project management
St josephs project management
David Terry
 
IT Project Management
IT Project ManagementIT Project Management
IT Project Management
David Terry
 

Weitere ähnliche Inhalte

Was ist angesagt?

EHS Software Buyer Checklist
EHS Software Buyer ChecklistEHS Software Buyer Checklist
EHS Software Buyer Checklist
Anita Amelia
 
Sneha Summary Resume Final
Sneha Summary Resume FinalSneha Summary Resume Final
Sneha Summary Resume Final
Sneha Patel
 

Was ist angesagt? (10)

EHS Software Buyer Checklist
EHS Software Buyer ChecklistEHS Software Buyer Checklist
EHS Software Buyer Checklist
 
Heuristic evaluation
Heuristic evaluationHeuristic evaluation
Heuristic evaluation
 
Considerations Checklist: What is High Availability (HA)?
Considerations Checklist: What is High Availability (HA)?Considerations Checklist: What is High Availability (HA)?
Considerations Checklist: What is High Availability (HA)?
 
SLBdiensten XP sessie: presentatie Microsoft Services
SLBdiensten XP sessie: presentatie Microsoft ServicesSLBdiensten XP sessie: presentatie Microsoft Services
SLBdiensten XP sessie: presentatie Microsoft Services
 
Mshi week8: What are the issues and challenges in implementing electronic hea...
Mshi week8: What are the issues and challenges in implementing electronic hea...Mshi week8: What are the issues and challenges in implementing electronic hea...
Mshi week8: What are the issues and challenges in implementing electronic hea...
 
Sneha Summary Resume Final
Sneha Summary Resume FinalSneha Summary Resume Final
Sneha Summary Resume Final
 
PairWise introduction
PairWise introductionPairWise introduction
PairWise introduction
 
Applying Architecture Design for Information Delivery - HC
Applying Architecture Design for Information Delivery - HCApplying Architecture Design for Information Delivery - HC
Applying Architecture Design for Information Delivery - HC
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
A common architecture framework for UAE Educational
A common architecture framework for UAE Educational A common architecture framework for UAE Educational
A common architecture framework for UAE Educational
 

Ähnlich wie Thoughts on Access Control in Enterprise Recommender Systems

Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Rundeck
 
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and MoreThe Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
TechWell
 
Cloud watch on hrms solutions q2 2013_final_10072013 pre-read
Cloud watch on hrms solutions q2 2013_final_10072013 pre-readCloud watch on hrms solutions q2 2013_final_10072013 pre-read
Cloud watch on hrms solutions q2 2013_final_10072013 pre-read
Ronald van den Berg
 
Project management
Project managementProject management
Project management
David Terry
 
Versioning: It's more than just for software
Versioning: It's more than just for software Versioning: It's more than just for software
Versioning: It's more than just for software
Perforce
 
Delivering Enterprise Business Solutions in the Era of Cloud Computing
Delivering Enterprise Business Solutions in the Era of Cloud ComputingDelivering Enterprise Business Solutions in the Era of Cloud Computing
Delivering Enterprise Business Solutions in the Era of Cloud Computing
Eric Shupps
 
Adopting Cloud Testing for Continuous Delivery
Adopting Cloud Testing for Continuous DeliveryAdopting Cloud Testing for Continuous Delivery
Adopting Cloud Testing for Continuous Delivery
SOASTA
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS Adoption
Alexei Fedotov
 

Ähnlich wie Thoughts on Access Control in Enterprise Recommender Systems (20)

Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
 
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and MoreThe Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
The Challenges of BIG Testing: Automation, Virtualization, Outsourcing, and More
 
Confessions of an HR Executive
Confessions of an HR ExecutiveConfessions of an HR Executive
Confessions of an HR Executive
 
Webinar - Design Thinking for Platform Engineering
Webinar - Design Thinking for Platform EngineeringWebinar - Design Thinking for Platform Engineering
Webinar - Design Thinking for Platform Engineering
 
Top 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a Third
Top 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a ThirdTop 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a Third
Top 5 Tips to Cut the Effort of your Oracle EBS R12 Project by a Third
 
FATE_Foundation_it-strategy-oct2013-part1
FATE_Foundation_it-strategy-oct2013-part1FATE_Foundation_it-strategy-oct2013-part1
FATE_Foundation_it-strategy-oct2013-part1
 
Cloud watch on hrms solutions q2 2013_final_10072013 pre-read
Cloud watch on hrms solutions q2 2013_final_10072013 pre-readCloud watch on hrms solutions q2 2013_final_10072013 pre-read
Cloud watch on hrms solutions q2 2013_final_10072013 pre-read
 
Oracle Fusion HCM Presentation
Oracle Fusion HCM PresentationOracle Fusion HCM Presentation
Oracle Fusion HCM Presentation
 
Adaptive Case Management – Delivering Right Customer Experience
Adaptive Case Management – Delivering Right Customer ExperienceAdaptive Case Management – Delivering Right Customer Experience
Adaptive Case Management – Delivering Right Customer Experience
 
Pure App + Patterns + Prolifics = Feeding Change
Pure App + Patterns + Prolifics = Feeding Change Pure App + Patterns + Prolifics = Feeding Change
Pure App + Patterns + Prolifics = Feeding Change
 
St josephs project management
St josephs project managementSt josephs project management
St josephs project management
 
IT Project Management
IT Project ManagementIT Project Management
IT Project Management
 
Project management
Project managementProject management
Project management
 
Versioning: It's more than just for software
Versioning: It's more than just for software Versioning: It's more than just for software
Versioning: It's more than just for software
 
Delivering Enterprise Business Solutions in the Era of Cloud Computing
Delivering Enterprise Business Solutions in the Era of Cloud ComputingDelivering Enterprise Business Solutions in the Era of Cloud Computing
Delivering Enterprise Business Solutions in the Era of Cloud Computing
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Adopting Cloud Testing for Continuous Delivery
Adopting Cloud Testing for Continuous DeliveryAdopting Cloud Testing for Continuous Delivery
Adopting Cloud Testing for Continuous Delivery
 
Neville Fuller
Neville FullerNeville Fuller
Neville Fuller
 
Linked data the next 5 years - From Hype to Action
Linked data the next 5 years - From Hype to ActionLinked data the next 5 years - From Hype to Action
Linked data the next 5 years - From Hype to Action
 
Success Factors of FOSS Adoption
Success Factors of FOSS AdoptionSuccess Factors of FOSS Adoption
Success Factors of FOSS Adoption
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Thoughts on Access Control in Enterprise Recommender Systems

  • 1. gefördert durch das Kompetenzzentrenprogramm Heimo Gursch Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems www.know-center.at 10 July 2013 Workshop on Academic-Industrial Collaborations for Recommender Systems © Know-Center 2013 Thoughts on Access Control in Enterprise Recommender Systems
  • 2. © Know-Center 2013 2 Agenda  What am I working on?  Why are we working on that?  What are the major concerns?  Access Control  What are the problems?  What can be done about it?  Recommender  Why use them?  What can they achieve?
  • 3. © Know-Center 2013 3 Our Project & my background  Project Setting  Four large German Companies  Amounts of information is increasing  Enterprise search is not enough  Project Goals  Single entry point to all information  Help engineers to find whatever they are looking for  Create a prototype that is capable of  Enterprise Search  Recommender  Extract, show and use relations between data
  • 4. © Know-Center 2013 4 The Problems – Company Policy
  • 5. © Know-Center 2013 5 The Problems – What is Going on
  • 6. © Know-Center 2013 6 The big trade-off  Current situation is unsatisfying  Recommender would bring “too much” information  Recommend to user only Information where access is possible Closed Open Information
  • 7. © Know-Center 2013 7 Access Control Concerns  Access Control is a “necessary evil” to ensure  Confidentiality  Traceability  Status quo  Role based access control (RBAC)[1]  1000s of roles  SSO only over some systems  Problems when changes are necessary  Solutions  Adapt the current system  Start over clean… [1] D.F. Ferraiolo and D.R. Kuhn, “Role-Based Access Controls”, in 15th National Computer Security Conference, 1992, Baltimore MD, Pages 554-563
  • 8. © Know-Center 2013 8 Possible Solutions[2]  Attribute Based Access Control  Problem: Decide on attributes  Authorization Based Access Control  Abbreviated ABAC or ZBAC  User checks out token to get access  Token holds all the information needed by target systems  Token or parts of it can be passed on  First realization[3]  SOAP Messages with X.509 Certificate [2] A.H. Karp, H. Haury, and M.H. Davis, “From ABAC to ZBAC: The Evolution of Access Control Models From ABAC to ZBAC”, 2009 [3] J. Li and A. H. Karp, “Zebra Copy : A Reference Implementation of Federated Access Management 1”, 2007
  • 9. © Know-Center 2013 9 Bring in the Recommender…  Recommender can help with questions like…  Has anybody done something with…  Give me more like that  Combining -based Recommenders  Content-based: Short-term model  Knowledge-based: Long-term model  “Knowledge”  Job description  Assigned tasks  … Content Knowledge
  • 10. © Know-Center 2013 10 Content & Knowledge-based Recommender  User independent  Serendipity problem  Model overcomes the new user problem  Limitation of content analyse  Fast integration of new items  Tweaks by the user are possible  Changing user interest
  • 11. © Know-Center 2013 11 Combine Recommender & Access Control  Criteria for the solution  High-performance solution that is parallelisable  Ensure access control in any case  Possible solutions  Check access control before anything else is done  Use a multi-criteria recommender system  Multi-criteria recommender system  Define a aggregation function  Base recommendation on  Access control  Short-time model  Long-time model
  • 12. © Know-Center 2013 12 Key aspect for success  Give possible solution  Show that infrastructure is the result of the problem not the cause  Need to know vs. good to know  Show potential  Produce a prototype that consists of  Search  Recommender  Access-control concepts
  • 13. © Know-Center 2013 13 Summary & Closing Arguments  Project Settings  Problems and the current situation at our partners  User/role management  Information needs of employees  Situation we work towards  Change access management  Introduce the recommender systems  Improve enterprise search that employees actuality use it
  • 14. gefördert durch das Kompetenzzentrenprogramm Heimo Gursch Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems www.know-center.at 10 July 2013 Workshop on Academic-Industrial Collaborations for Recommender Systems © Know-Center 2013 Thoughts on Access Control in Enterprise Recommender Systems