This document discusses the challenges of regulating electronic contracts and transactions in Tanzania's legal system. As business and activities increasingly move online, laws have not kept pace, particularly in developing countries. Determining consent when e-agents or software programs are involved in contracts has become an issue. The book aims to explain the view of traditional contracts transitioning to digital transactions under Tanzania's new Electronic Transaction Act of 2015, specifically regarding the role of e-agents.
Jeremy works for a government employer and uses his personal computer at work. While the employer has a policy prohibiting personal internet usage, Jeremy has been visiting pornographic websites. This could expose the employer to liability for sexual harassment if a colleague complains. As a government employee, Jeremy has some expectation of privacy for personal belongings at work, but the employer also has rights to monitor electronic communications and search without a warrant if policies are violated or laws broken. The employer should consider blocking pornographic sites and prohibiting personal computer use at work to prevent these issues.
Electronic Evidence - The Special Case of EmailDan Michaluk
This document discusses challenges related to email in litigation. It addresses managing email retention on corporate servers, locating emails within and outside corporate networks, accessing emails, including on employer systems and mobile devices, and proving the authenticity of emails. Key issues explored include retention policies, accessing employee emails, proving authentic versus fabricated emails, and authenticating cloud-based communications from various applications and providers.
Energy Audit Retrofit Contract Legalities PittfallsAmy Shriner
This document discusses legal issues related to social media use by employers and employees. It outlines various risks including damage to reputation, liability, disclosure of confidential information, and disputes over ownership of social media accounts. The document also examines potential legal claims involving discrimination, privacy concerns, National Labor Relations Act issues, and intellectual property. It emphasizes the importance of preserving social media evidence and complying with industry regulations regarding document retention.
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across North America and employs over 1,600 people. As the Computer Security Manager, you are responsible for protecting GFI's information systems and data. However, the CEO believes IT can be outsourced to cut costs, leading to budget and staff cuts that concern the COO. You must address security issues to convince the CEO of the value an internal IT department provides.
Erkan Kahraman, Chief Trust Officer at Projectplace, gave a presentation on cloud services and security. He discussed Projectplace's security program and ecosystem which covers all aspects of cloud risks. Top customer concerns with cloud include legislation, privacy, security, and data ownership. The chief threats to cloud security are data breaches, loss, and account hijacking. Security measures discussed included encryption, access control, and monitoring. Ensuring customer trust requires considering location of data, terms of service, retention policies, and other factors. Government access to data varies by country and transparency reports provide some insight into requests.
Embellished résumé transcript[music playing]you are the ethicsmodi11
King lied about having an MBA on her resume when she was hired 10 years ago. She has since received promotions and excellent performance reviews. However, an MBA is now required for her current senior vice president position. The ethics officer must analyze the situation using Badaracco's Right vs Right framework and consider the legal implications of resume fraud to make a recommendation. Legally, resume fraud provides justification for termination as an at-will employee. However, King has a record of success and the company would not want to lose her. The ethics officer recommends allowing King to retain her position given her past performance but issuing a written warning, and revising hiring policies to prevent similar situations.
Outsourcing business processes raises risks that companies can mitigate. Recent security breaches at third-party contractors show these risks, from identity theft to disrupted operations. Companies are addressing risks by having service providers incorporate tighter security checks and audits, and by monitoring outsourced work more closely in real-time. Risks include operational failures, strategic threats like intellectual property theft, and loss of in-house skills. Companies must understand interdependencies and focus on weakest links, while service providers must work closely with clients to implement best practices across extended organizations. Countries that rely on outsourcing can also help by strengthening legal protections.
Identity REvolution multi disciplinary perspectivesKarlos Svoboda
The identity [r]evolution is happening. Who are
you, who am I in the information society ?
In recent years, the convergence of several factors – technological, political, economic –
has accelerated a fundamental change in our networked world. On a technological level, information
becomes easier to gather, to store, to exchange
and to process. The belief that more information
brings more security has been a strong political
driver to promote information gathering since September 11. Profiling intends to transform information into knowledge in order to anticipate one’s behaviour, or needs, or preferences. It can lead to
categorizations according to some specific risk criteria, for example, or to direct and personalized
marketing. As a consequence, new forms of identities appear. They are not necessarily related to our
names anymore. They are based on information,
on traces that we leave when we act or interact,
when we go somewhere or just stay in one place,
or even sometimes when we make a choice. They
are related to the SIM cards of our mobile phones,
to our credit card numbers, to the pseudonyms
that we use on the Internet, to our email addresses,
to the IP addresses of our computers, to our profiles… Like traditional identities, these new forms of
identities can allow us to distinguish an individual
within a group of people, or describe this person as
belonging to a community or a category.
Vint big data research privacy technology and the lawKarlos Svoboda
This document discusses privacy issues related to big data. It begins by describing how organizations use big data to target customers for marketing purposes, but often do so without transparency around what customer data is being collected and how it is used. This can undermine customer trust and privacy. The document advocates for transparency, choice, and an approach called "Privacy by Design" to help address privacy concerns while enabling the benefits of big data. It also examines the complex legal and technical challenges around privacy as data practices continue to evolve rapidly. The overall goal is to develop solutions that respect individual privacy and allow both individuals and organizations to benefit from big data.
The document defines and provides examples for several words related to concepts like abstraction, compliance, expediting tasks, diligence, relevance, dissent, reverence, extolling, reprehensible actions, advocacy, pragmatism, endorsement, redundancy, conspicuousness, incessance, rigor, scrutiny, and discord.
The document describes the NOEMI assessment methodology, which was developed as part of a research project to help very small enterprises (VSEs) improve their IT practices. The methodology aims to assess VSEs' IT capabilities in order to facilitate collaborative IT management across organizations. It was designed to be aligned with common IT standards like ISO/IEC 15504 and ITIL, but adapted specifically for VSEs. The methodology has been tested through several case studies with VSEs in Luxembourg, with promising results.
If you’re having trouble finding the time and energy to market your business, it may be your habits are to blame! You can’t grow your business if you aren’t marketing consistently and putting yourself in front of people who are already looking for your solutions. And you can’t market consistently if you have poor time management and productivity habits. What you CAN do is make simple shifts in your mindset to break through these challenges and make progress in reaching your goals. In this week’s podcast, I share some simple ways you can change your habits to find more time for marketing.
This document proposes an innovative systemic approach to risk management across interconnected sectors. It suggests using enterprise architecture models to manage cross-sector risks in Luxembourg's complex ICT ecosystem. The approach would provide regulators an overview of all players and systems, as well as models of different sectors to analyze collected data and risks at a national level, fostering accurate and reactive risk mitigation across economic domains.
This document discusses the different types of "si clauses" or conditional sentences in French. There are three main types: first conditional for likely present or future situations, second conditional for unlikely past situations, and third conditional for impossible past situations. Examples of each type are provided along with their English equivalents using "if...then". A quiz with 15 example sentences follows to test understanding of the different conditional structures.
The document describes the evolution of Amazon's Kindle e-reader devices over time from 2007 to 2011. It notes the year of release and key features of each generation, including display sizes from 6 to 9.7 inches, storage capacities from 2GB to 8GB, and battery life ranging from 1 week to 2 months depending on WiFi usage. It also covers the introduction of new technologies like E Ink Pearl displays, text-to-speech, 3G connectivity, and the first Kindle Fire tablet in 2011 with a color touchscreen but no 3G, camera, or SD card slot.
The document provides an overview of how search engines like Google work. It explains that search engines use web crawlers or spiders to index websites by following links and reading content and metadata. The spiders return this information to be indexed. When a user searches, the search engine checks its index rather than searching the entire web. Google in particular runs on thousands of computers to allow parallel processing. It uses Googlebot to fetch pages from the web and an indexer to store words and links from pages in a database. It then uses a query processor to match searches to relevant indexed pages based on factors like page popularity, position of search terms, and how pages link to each other.
Este documento presenta los resultados de una encuesta de opinión realizada en Lima Metropolitana en agosto de 2010. La encuesta midió las preferencias electorales para la alcaldía de Lima sin la candidatura de Alex Kouri, arrojando que Lourdes Flores sería la favorita con un 41.4% de la intención de voto, seguida por Susana Villarán con un 17.5%. La encuesta también incluyó información técnica como el tamaño y metodología de la muestra, los distritos incluidos, y la empresa
The document discusses an organization, LGN International, that uses two websites - one for accessing products and one for accessing the business. Users have two back offices, two affiliate links, and two locations for new customers and associates to sign up depending on if they are a retail customer or independent associate.
Diese Präsentation berichtet über das Gymnasium Osterlandgymnasium, wo Elke Kolodzy Russich unterrichtet und mit ihrer Gruppe an der Videokonferenzen teilnimmt.
Diese PPT gehört Elke Kolodzy.
This document proposes an automatic reaction strategy for critical infrastructure SCADA systems. It defines a three-layer metamodel for modeling SCADA components and two types of policies (cognitive and permissive) that govern component behavior. It then presents a two-phase method for identifying these policies from the SCADA architecture and formalizing them to support an automatic reaction strategy. This strategy is modeled as an integral part of the SCADA architecture using the defined metamodel and policy identification method. It includes organizational and application layers with main actors, strategies, and components that realize the reaction policies based on expected automation levels.
This document provides guidance on giving effective presentations in English. It discusses setting goals and choosing a title for the presentation. The document then covers planning the presentation, preparing the content, and establishing a thesis statement. Examples are given of an effective thesis statement and how to stay focused during the presentation. The document concludes by noting that next steps include final presentations and peer review/evaluation.
The document provides an overview of Arduino labs and training. It discusses that Arduino is low-cost, easy to use, and open-source. The initial labs focus on basics like blinking LEDs and serial communication. Later labs introduce more complex devices and integrating multiple devices. The training covers basic programming, communication between devices, and creating real-life applications. Materials required include an Arduino board, computer, power supply and cables. Installation involves downloading the Arduino software and selecting the correct board and port.
Methodology to align business and it policies use case from an it companychristophefeltus
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document discusses challenges with access rights management for information systems due to growing complexity from distributed systems and dynamic environments. It proposes an agent-based framework called SIM that focuses on aligning access policies with business objectives by linking them to processes and responsibilities defined in the ISO/IEC 15504 standard. The goals are to define policies based on business needs and automatically deploy them through IT infrastructure using a multi-agent system architecture.
An agent based framework for identity management the unsuspected relation wit...christophefeltus
The document discusses access rights management in information systems and proposes an innovative approach. It aims to better align access policies with business objectives by linking them to organizational processes and responsibilities. The approach uses concepts from the ISO/IEC 15504 process assessment standard to define policies based on processes, outcomes, roles and responsibilities. It then proposes a multi-agent system to automate deployment of access policies across IT systems and devices in a flexible way. The approach seeks to improve on existing identity management solutions which can be rigid and difficult to integrate across organizations.
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
Re mola responsibility model language to align access rights with business pr...christophefeltus
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates both business and technical perspectives to bridge the gap between them. It uses the concept of employee responsibilities to link business obligations to the technical capabilities and access rights needed to fulfill those obligations. The meta-model includes concepts like responsibilities, obligations, accountabilities, capabilities, and rights. It also maps these concepts to the four types of obligations from the COBIT framework to better define employee responsibilities and access rights assignments based on real needs.
- Business communication has become inefficient due to communication overload from too many messaging channels, lack of accountability when people don't respond to messages, and fragmentation of information across different apps.
- To address these issues, the document recommends adopting an enterprise social network that integrates messaging, file sharing, tasks, and social features into one centralized place to reduce overload and fragmentation while increasing accountability. It also warns against relying on multiple best-of-breed apps that scatter corporate knowledge and data across various services.
This document discusses ethics for IT workers and users. It begins by defining a profession and the criteria to be considered a professional according to US law. While IT workers are considered part of the professional services industry, they are not legally recognized as professionals. The document then discusses seven forces changing professional services like increased client sophistication and globalization. It also covers the relationships and responsibilities IT workers have with employers, clients, suppliers, other professionals, users, and society.
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
BBA 3551, Information Systems Management 1
Course Learning Outcomes for Unit VIII
Upon completion of this unit, students should be able to:
3. Examine the importance of mobile systems and securing information and knowledge.
Reading Assignment
Chapter 12:
Information Security Management
Unit Lesson
In the last unit, we discussed outsourcing, the functions and organization of the IS department, and user
rights and responsibilities. In this final unit, we will focus on security threats to information systems.
PRIDE and System Security
PRIDE processes privacy settings on the server and returns a code that indicates which of the four privacy
levels defined for PRIDE govern a particular individual with a particular report/data requestor. By processing
settings on the server, those settings are not exposed to the Internet. The return code is, however, and the
operational system should probably use https for both the code and to return the report. This was not done in
the prototype, though.
The relationship between patients and PRIDE participants is N:M. One patient has potentially many
organizations, and an organization has potentially many patients. What this means is that a patient has a
relationship, potentially, to many participants of a given type: many doctors, many health clubs, many
insurance companies, and even many employers. In addition, a patient has a relationship to, potentially, many
types of participants.
Given the N:M relationships, a natural place to put privacy settings is in the intersection table. That table
serves, intuitively, as an opacity filter between a given patient and a given doctor (or other
person/organization).
The tension in the dialog between Maggie and Ajit at the beginning of Chapter 12 regarding what terminology
to use with Dr. Flores is intended to set up a discussion from both perspectives. It is a common problem for
techies when talking with business professionals: How much technical language should I use? It is important
to use enough to demonstrate competency, but not so much as to drown the businessperson in terminology.
Using the Ethics Guide: Securing Privacy
In this chapter, we discuss three categories of criteria for evaluating business actions and employee
behaviors:
legal
ethical (categorical imperative or utilitarianism)
good business practice
UNIT VIII STUDY GUIDE
Information Security Management
BBA 3551, Information Systems Management 2
We can clearly see the differences in these criteria with regard to data security. A doctor’s office that does not
create systems to comply with HIPAA is violating the law. An e-commerce business that collects customer
data and sells it to spammers is behaving unethically (by either ethical perspective). An e-commerce business
that is lackadaisical about securing its customers data is engaging in poor business practices.
Even still, business professionals today need t ...
2-pager leaflet How well do understand your clients environment - PhD proposa...Ir. Jos Geskus EMITA
This document summarizes Jos Geskus' PhD proposal on applying principles of Enterprise Engineering to auditing. It discusses how understanding clients as complex social systems is key for auditors. Technological advances like cloud computing increase complexity, requiring methods to reduce complexity and identify significant parts. Enterprise Engineering uses Enterprise Ontology, Architecture, and Governance as pillars. The proposal aims to develop tools using Enterprise Ontology to better understand clients' enterprises and improve audit quality.
Social Media in the Workplace
Linky Trott
Abstract
There is no doubt that most businesses use social media and collaboration tools
such as social business software of some kind or another and embrace the
benefits that these can bring. In a 2009 a global Manpower survey, businesses
identified the main benefits of using social media as; brand building, fostering
collaboration and communication, as way of recruiting new talent, improving
employee engagement and driving innovation.
But there are also risks. This article examines the main legal risks that can arise
in the workplace as between a business and its workforce and considers how
the Courts and Tribunals are responding to social media issues arising in the
workplace.
Introduction
If a business has a concern about the use of social media, a blanket ban is
clearly an option. Whilst that may feel like the most simple approach, it is
unlikely to be practical. Even as far back as 2009, the Manpower survey
observed that “the younger generation consider social media tools as a
Biography
Linky Trott is a Partner at law firm, Edwin Coe. She provides day to day advice on a
comprehensive range of employment issues for established corporate clients including
the negotiation and provision of strategic advice on severance arrangements, bullying
and harassment claims, the management of ill health and capability dismissals, dealing
with allegations of discrimination, collective redundancies and Board disputes.
Linky also undertakes High Court injunctive work to enforce or resist post termination
restraints and the protection of confidential information. Working with Senior
Executives and Board Directors, Linky regularly advises and helps to negotiate terms
of Executive service agreements to include bonus schemes, guaranteed payments and
share options in regulated and non regulated industries. She has provided strategic
advice on a number of successful team moves within the communications and financial
sector acting for both the poaching competitor and the individuals being approached.
Linky also advises on data protection, commercial agents and the Conduct of
Employment Businesses and Employment Agency issues.
Linky sits on the Employment Committee of the Law Society and is Chair on the In and
Around Covent Garden Business Forum. She is also a member of the Employment
Lawyers Association, and has appeared on ITV and Channel 4 commenting on
Employment Law issues arising in the news and is a regular speaker at conferences on
employment issues.
Linky Trott
Partner
Edwin Coe
Keywords Risk, Rewards, Safeguards, Recruitment, Human Rights Act 1998
Paper type Opinion
23 Credit Control
Legal Aspects
prerequisite for doing business” and with generation Y having been in the
workplace for around ten years, it is unlikely that staff will tolerate a blanket ban.
Time wasters
Employers can of course monitor an employe.
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to make access management policies closer aligned with business objectives. It does this in two ways:
1) By focusing the policy engineering process on business goals and responsibilities defined in processes, using concepts from the ISO/IEC 15504 standard. This links capabilities and accountabilities to process outcomes and work products.
2) By defining a multi-agent system architecture to automate the deployment of policies across heterogeneous IT components and devices. The agents provide autonomy and ability to adapt rapidly according to context.
The approach was prototyped using open source components and aims to improve how access rights are defined according to business needs and deployed across an organization
Sim an innovative business oriented approach for a distributed access managementchristophefeltus
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to define access control policies in a way that is closely aligned with business objectives. It does this by linking concepts from the ISO/IEC 15504 process-based model for organizing work to concepts of responsibility. The approach also defines a multi-agent system architecture to automate the deployment of access policies across an organization's heterogeneous IT components and devices. This provides autonomy and adaptability. The goal is to improve how access rights are defined according to business needs and how those rights are deployed throughout the IT infrastructure.
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxbudbarber38650
GLOBAL FINANCE, INC. (GFI)
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GFI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GFI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GFI
was only recently profiled in Fortune Magazine.
The executive management team of GFI:
CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GFI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GFI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
th
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to .
This document discusses 3 myths about social work: 1) Social news is not the same as social work, which is about collaboration, 2) Social tasks only address simple standalone tasks and not complex work linked to processes, 3) Social work is not different from normal work, it is about collaboration rather than socialization. The document argues social work should be integrated with normal work processes to provide context and allow knowledge sharing to improve work outcomes.
Multi-Agent System (MAS) monitoring solutions are designed for a plethora of usage topics. Existing approach mostly used cloned back-end architectures while front-end monitoring interface tends to constitute the real specificity of the solution. These interfaces are recurrently structured around three dimensions: access to informed knowledge, agent’s behavioural rules, and restitution of real-time states of specific system sector. In this paper, we propose prototyping a sector-agnostic MAS platform (Smart-X) which gathers in an integrated and independent platform all the functionalities required to monitor and to govern a wide range of sector specific environments. For illustration and validation purposes, the use of Smart-X is introduced and explained with a smart-mobility case study.
This document provides an agenda and overview for a joint workshop on security modeling hosted by the ArchiMate Forum and Security Forum. The workshop aims to identify opportunities to improve the conceptual and visual modeling of enterprise information security using TOGAF and ArchiMate. The agenda includes introductions, a research spotlight on strengthening role-based access control with responsibility modeling, an open discussion on complementing TOGAF and ArchiMate with enhanced security modeling, and identifying next steps. The workshop purpose is to enable better security architecture decisions and drive usage of TOGAF and ArchiMate for security architecture.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
This document proposes extending the HL7 standard with a responsibility perspective to better manage access rights to patient health records. It presents the ReMMo responsibility metamodel, which defines actors' responsibilities and associated access rights. The paper aims to align ReMMo with the HL7-based eSanté healthcare platform model in Luxembourg to semantically enhance access controls based on users' real responsibilities rather than just roles. It will first map concepts between the two models, then evaluate the alignment through a prototype applying inference rules.
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. It analyzes concepts of responsibility from literature and frameworks like COBIT. The researchers developed a responsibility model with key concepts like obligation, accountability, right, and commitment. They then compare this model to COBIT's representation of responsibility to identify areas for potential enhancement, like adding concepts that COBIT lacks. The document illustrates how the responsibility model could be used to refine COBIT's process for identifying system owners and their responsibilities.
This document proposes a methodological approach for specifying services and analyzing service compliance considering the responsibility dimension of stakeholders. The approach includes a product model and process model. The product model has three layers: an informational layer describing service context and concepts, an organizational layer describing business rules and roles, and a responsibility dimension layer linking the two. The process model outlines steps for service architects to identify context, define concepts and rules, specify services, and analyze compliance. The approach is illustrated with an example of managing access rights for sensitive healthcare data exchange between organizations.
This document discusses integrating responsibility aspects into service engineering for e-government. It proposes a multi-layered approach including an ontological layer defining legal concepts, an organizational layer describing roles and stakeholders, an informational layer representing data structures and integrity constraints, and a technical layer representing IT components. A responsibility meta-model is also introduced to align responsibilities across these layers and facilitate interoperability between services that share data. The approach aims to ensure service compliance and manage risks associated with e-government services.
1) The document proposes a dynamic approach for assigning functions and responsibilities to agents in a multi-agent system for critical infrastructure management.
2) The approach uses an agent's reputation, which is based on past performance, to determine which agents receive which responsibilities as crisis situations change over time.
3) Assigning responsibilities dynamically based on reputation allows the system to continue operating effectively if an agent becomes isolated or has reduced capabilities during a crisis.
This document provides a preliminary literature review of policy engineering methods related to the concept of responsibility. It summarizes key access control models and discusses how they address concepts like capability, accountability, and commitment. The document also reviews engineering methods and how they incorporate responsibility considerations. The overall goal is to orient further research towards a new policy model and engineering method that more fully addresses stakeholder responsibility.
This document proposes an extension of the ArchiMate enterprise architecture framework to model multi-agent systems for critical infrastructure governance. The authors develop a responsibility-driven policy concept and metamodel layers to represent agent behavior and organizational policies across technical, application, and organizational layers. The approach is illustrated through a case study of a financial transaction processing system.
This document summarizes an experimental prototype of the OpenSST protocol for secured electronic transactions. OpenSST was developed to achieve high security, simplicity in software engineering, and compatibility with existing standards. The prototype uses OpenSST for the authorization portion of electronic payments in an e-business clearing solution. It describes the OpenSST message format and types, and discusses how OpenSST is implemented in the prototype's three-element architecture of an OpenSST proxy, reverse proxy, and server.
This document discusses the NOEMI model, a collaborative management model for ICT processes in SMEs. The model was developed by the Centre Henri Tudor and tested with a cluster of 8 partner SMEs. Key aspects of the model include defining ICT activities across 5 domains, assessing each SME's capabilities, and having an operational team manage activities for the cluster under a coordination committee. The experiment showed improved cost control, management, and partner satisfaction compared to alternatives like outsourcing or hiring individual IT staff. The research is now ready for market transfer as the successful model is adopted long-term by participating SMEs.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
This document proposes a multi-agent architecture for incident reaction in information system security. The architecture has three layers - low level interacts directly with the infrastructure, intermediate level correlates alerts and deploys reaction actions using multi-agent systems, and high level provides supervision and manages business policies. The architecture was tested for data access control and aims to quickly and efficiently react to attacks while ensuring policy compliance. The document discusses requirements like scalability, autonomy, and global supervision. It also describes the key components of alert management, reaction decision making, and policy definition/deployment to implement the architecture using a multi-agent approach.
This document proposes a metamodel for modeling reputation-based multi-agent systems using an adaptation of the ArchiMate enterprise architecture modeling framework. It describes a case study applying this metamodel to model an electrical distribution critical infrastructure system. Key elements of the metamodel include:
- Representing agents and their behaviors through policies that integrate both behavior and trust components
- Modeling trust relationships between agents using a reputation-based trust model
- Illustrating the metamodel layers and components on a system that detects weather alerts and broadcasts messages to the public through various channels like SMS or social media
The document discusses information security concerns of industry managers. A survey found that information security is the top concern of managers, even more than risks from the economy or natural disasters. While industries invest heavily in information security, most managers still trust their current security systems despite few having organizations well-adapted to new information risks. The complexity of assessing security risks is growing due to new IT capabilities, critical infrastructure developments, cloud services, and increasing cybercrime. Industries and academics must collaborate further on information security research to address these challenges.
El Nuevo Cohete Ariane de la Agencia Espacial Europea-6_Media-Kit_english.pdfChamps Elysee Roldan
Europe must have autonomous access to space to realise its ambitions on the world stage and
promote knowledge and prosperity.
Space is a natural extension of our home planet and forms an integral part of the infrastructure
that is vital to daily life on Earth. Europe must assert its rightful place in space to ensure its
citizens thrive.
As the world’s second-largest economy, Europe must ensure it has secure and autonomous access to
space, so it does not depend on the capabilities and priorities of other nations.
Europe’s longstanding expertise in launching spacecraft and satellites has been a driving force behind
its 60 years of successful space cooperation.
In a world where everyday life – from connectivity to navigation, climate and weather – relies on
space, the ability to launch independently is more important than ever before. With the launch of
Ariane 6, Europe is not just sending a rocket into the sky, we are asserting our place among the
world’s spacefaring nations.
ESA’s Ariane 6 rocket succeeds Ariane 5, the most dependable and competitive launcher for decades.
The first Ariane rocket was launched in 1979 from Europe’s Spaceport in French Guiana and Ariane 6 will continue the adventure.
Putting Europe at the forefront of space transportation for nearly 45 years, Ariane is a triumph of engineering and the prize of great European industrial and political
cooperation. Ariane 1 gave way to more powerful versions 2, 3 and 4. Ariane 5 served as one of the world’s premier heavy-lift rockets, putting single or multiple
payloads into orbit – the cargo and instruments being launched – and sent a series of iconic scientific missions to deep space.
The decision to start developing Ariane 6 was taken in 2014 to respond to the continued need to have independent access to space, while offering efficient
commercial launch services in a fast-changing market.
ESA, with its Member States and industrial partners led by ArianeGroup, is developing new technologies for new markets with Ariane 6. The versatility of Ariane 6
adds a whole new dimension to its very successful predecessors
Probing the northern Kaapvaal craton root with mantle-derived xenocrysts from...James AH Campbell
"Probing the northern Kaapvaal craton root with mantle-derived xenocrysts from the Marsfontein orangeite diatreme, South Africa".
N.S. Ngwenya, S. Tappe, K.A. Smart, D.C. Hezel, J.A.H. Campbell, K.S. Viljoen
This an presentation about electrostatic force. This topic is from class 8 Force and Pressure lesson from ncert . I think this might be helpful for you. In this presentation there are 4 content they are Introduction, types, examples and demonstration. The demonstration should be done by yourself
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
Possible Anthropogenic Contributions to the LAMP-observed Surficial Icy Regol...Sérgio Sacani
This work assesses the potential of midsized and large human landing systems to deliver water from their exhaust
plumes to cold traps within lunar polar craters. It has been estimated that a total of between 2 and 60 T of surficial
water was sensed by the Lunar Reconnaissance Orbiter Lyman Alpha Mapping Project on the floors of the larger
permanently shadowed south polar craters. This intrinsic surficial water sensed in the far-ultraviolet is thought to be
in the form of a 0.3%–2% icy regolith in the top few hundred nanometers of the surface. We find that the six past
Apollo Lunar Module midlatitude landings could contribute no more than 0.36 T of water mass to this existing,
intrinsic surficial water in permanently shadowed regions (PSRs). However, we find that the Starship landing
plume has the potential, in some cases, to deliver over 10 T of water to the PSRs, which is a substantial fraction
(possibly >20%) of the existing intrinsic surficial water mass. This anthropogenic contribution could possibly
overlay and mix with the naturally occurring icy regolith at the uppermost surface. A possible consequence is that
the origin of the intrinsic surficial icy regolith, which is still undetermined, could be lost as it mixes with the
extrinsic anthropogenic contribution. We suggest that existing and future orbital and landed assets be used to
examine the effect of polar landers on the cold traps within PSRs
Search for Dark Matter Ionization on the Night Side of Jupiter with CassiniSérgio Sacani
We present a new search for dark matter (DM) using planetary atmospheres. We point out that
annihilating DM in planets can produce ionizing radiation, which can lead to excess production of
ionospheric Hþ
3 . We apply this search strategy to the night side of Jupiter near the equator. The night side
has zero solar irradiation, and low latitudes are sufficiently far from ionizing auroras, leading to a lowbackground search. We use Cassini data on ionospheric Hþ
3 emission collected three hours either side of
Jovian midnight, during its flyby in 2000, and set novel constraints on the DM-nucleon scattering cross
section down to about 10−38 cm2. We also highlight that DM atmospheric ionization may be detected in
Jovian exoplanets using future high-precision measurements of planetary spectra.
The cryptoterrestrial hypothesis: A case for scientific openness to a conceal...Sérgio Sacani
Recent years have seen increasing public attention and indeed concern regarding Unidentified
Anomalous Phenomena (UAP). Hypotheses for such phenomena tend to fall into two classes: a
conventional terrestrial explanation (e.g., human-made technology), or an extraterrestrial explanation
(i.e., advanced civilizations from elsewhere in the cosmos). However, there is also a third minority
class of hypothesis: an unconventional terrestrial explanation, outside the prevailing consensus view of
the universe. This is the ultraterrestrial hypothesis, which includes as a subset the “cryptoterrestrial”
hypothesis, namely the notion that UAP may reflect activities of intelligent beings concealed in stealth
here on Earth (e.g., underground), and/or its near environs (e.g., the moon), and/or even “walking
among us” (e.g., passing as humans). Although this idea is likely to be regarded sceptically by most
scientists, such is the nature of some UAP that we argue this possibility should not be summarily
dismissed, and instead deserves genuine consideration in a spirit of epistemic humility and openness.
Deploying DAPHNE Computational Intelligence on EuroHPC Vega for Benchmarking ...University of Maribor
Slides from talk:
Aleš Zamuda, Mark Dokter:
Deploying DAPHNE Computational Intelligence on EuroHPC Vega for Benchmarking Randomised Optimisation Algorithms.
2024 International Conference on Broadband Communications for Next Generation Networks and Multimedia Applications (CoBCom), 9--11 July 2024, Graz, Austria
https://www.cobcom.tugraz.at/
A slightly oblate dark matter halo revealed by a retrograde precessing Galact...Sérgio Sacani
The shape of the dark matter (DM) halo is key to understanding the
hierarchical formation of the Galaxy. Despite extensive eforts in recent
decades, however, its shape remains a matter of debate, with suggestions
ranging from strongly oblate to prolate. Here, we present a new constraint
on its present shape by directly measuring the evolution of the Galactic
disk warp with time, as traced by accurate distance estimates and precise
age determinations for about 2,600 classical Cepheids. We show that the
Galactic warp is mildly precessing in a retrograde direction at a rate of
ω = −2.1 ± 0.5 (statistical) ± 0.6 (systematic) km s−1 kpc−1 for the outer disk
over the Galactocentric radius [7.5, 25] kpc, decreasing with radius. This
constrains the shape of the DM halo to be slightly oblate with a fattening
(minor axis to major axis ratio) in the range 0.84 ≤ qΦ ≤ 0.96. Given the
young nature of the disk warp traced by Cepheids (less than 200 Myr), our
approach directly measures the shape of the present-day DM halo. This
measurement, combined with other measurements from older tracers,
could provide vital constraints on the evolution of the DM halo and the
assembly history of the Galaxy.
Molecular biology of abiotic stress tolerence in plantsrushitahakik1
### Molecular Biology of Abiotic Stress Tolerance in Plants
Abiotic stress refers to the non-living environmental factors that can cause significant harm to plants, including drought, salinity, extreme temperatures, heavy metals, and oxidative stress. Understanding the molecular biology underlying abiotic stress tolerance is crucial for developing crops that can withstand these conditions, ensuring food security in the face of climate change and environmental degradation. Here, we explore the key molecular mechanisms, pathways, and genetic strategies plants use to cope with abiotic stress.
#### 1. Signal Perception and Transduction
**1.1. Signal Perception:**
Plants possess various sensors and receptors to detect abiotic stress signals. For instance, membrane-bound receptors such as receptor-like kinases (RLKs) and ion channels play critical roles in sensing changes in environmental conditions.
**1.2. Signal Transduction Pathways:**
Upon sensing abiotic stress, plants activate complex signal transduction pathways that involve:
- **Calcium Signaling:** Changes in cytosolic calcium levels act as secondary messengers. Calcium-binding proteins, such as calmodulins (CaMs) and calcineurin B-like proteins (CBLs), decode these signals and activate downstream responses.
- **Reactive Oxygen Species (ROS) Signaling:** ROS are produced under stress and function as signaling molecules. Controlled ROS production is crucial for activating defense mechanisms, while excessive ROS can cause cellular damage.
- **Mitogen-Activated Protein Kinase (MAPK) Cascades:** These cascades amplify the stress signal and regulate the expression of stress-responsive genes.
#### 2. Transcriptional Regulation
**2.1. Transcription Factors (TFs):**
TFs are pivotal in regulating the expression of genes involved in stress responses. Key TF families include:
- **AP2/ERF (APETALA2/ETHYLENE RESPONSE FACTOR):** Involved in drought and salinity tolerance.
- **NAC (NAM, ATAF, and CUC):** Play roles in responding to dehydration and high salinity.
- **bZIP (Basic Leucine Zipper):** Associated with responses to various stresses, including drought and oxidative stress.
- **WRKY:** Participate in the regulation of genes involved in stress responses and pathogen defense.
**2.2. Epigenetic Regulation:**
Epigenetic modifications, such as DNA methylation, histone modifications, and chromatin remodeling, influence gene expression without altering the DNA sequence. These modifications can lead to the activation or repression of stress-responsive genes.
#### 3. Stress-Responsive Genes and Proteins
**3.1. Osmoprotectants:**
Plants accumulate osmoprotectants like proline, glycine betaine, and sugars (e.g., trehalose) to maintain cellular osmotic balance under stress conditions.
**3.2. Antioxidant Defense:**
To mitigate oxidative stress, plants enhance the production of antioxidants, such as superoxide dismutase (SOD), catalase (CAT), and peroxidases, which scavenge harmful ROS.
Transmission Spectroscopy of the Habitable Zone Exoplanet LHS 1140 b with JWS...Sérgio Sacani
LHS 1140 b is the second-closest temperate transiting planet to the Earth with an equilibrium temperature low enough to support surface liquid water. At 1.730±0.025 R⊕, LHS 1140 b falls within
the radius valley separating H2-rich mini-Neptunes from rocky super-Earths. Recent mass and radius
revisions indicate a bulk density significantly lower than expected for an Earth-like rocky interior,
suggesting that LHS 1140 b could either be a mini-Neptune with a small envelope of hydrogen (∼0.1%
by mass) or a water world (9–19% water by mass). Atmospheric characterization through transmission
spectroscopy can readily discern between these two scenarios. Here, we present two JWST/NIRISS
transit observations of LHS 1140 b, one of which captures a serendipitous transit of LHS 1140 c. The
combined transmission spectrum of LHS 1140 b shows a telltale spectral signature of unocculted faculae (5.8 σ), covering ∼20% of the visible stellar surface. Besides faculae, our spectral retrieval analysis
reveals tentative evidence of residual spectral features, best-fit by Rayleigh scattering from an N2-
dominated atmosphere (2.3 σ), irrespective of the consideration of atmospheric hazes. We also show
through Global Climate Models (GCM) that H2-rich atmospheres of various compositions (100×, 300×,
1000×solar metallicity) are ruled out to >10 σ. The GCM calculations predict that water clouds form
below the transit photosphere, limiting their impact on transmission data. Our observations suggest
that LHS 1140 b is either airless or, more likely, surrounded by an atmosphere with a high mean molecular weight. Our tentative evidence of an N2-rich atmosphere provides strong motivation for future
transmission spectroscopy observations of LHS 1140 b.
SCIENTIFIC INVESTIGATIONS – THE IMPORTANCE OF FAIR TESTING.pptxJoanaBanasen1
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
download it
Collaborative Team Recommendation for Skilled Users: Objectives, Techniques, ...Hossein Fani
Collaborative team recommendation involves selecting users with certain skills to form a team who will, more likely than not, accomplish a complex task successfully. To automate the traditionally tedious and error-prone manual process of team formation, researchers from several scientific spheres have proposed methods to tackle the problem. In this tutorial, while providing a taxonomy of team recommendation works based on their algorithmic approaches to model skilled users in collaborative teams, we perform a comprehensive and hands-on study of the graph-based approaches that comprise the mainstream in this field, then cover the neural team recommenders as the cutting-edge class of approaches. Further, we provide unifying definitions, formulations, and evaluation schema. Last, we introduce details of training strategies, benchmarking datasets, and open-source tools, along with directions for future works.
If only i can trust my police! sim an agent based audit solution of access right deployment through open network
1. If only I can trust my police!
SIM : an agent-based audit solution of access right deployment
through open network
Christophe Incoul, Benjamin Gateau, Jocelyn Aubert, Nicolas Bounoughaz, Christophe Feltus
Centre for IT Innovation
Centre de Recherche Public Henri Tudor
29, Rue John F. Kennedy
L-1855 Luxembourg
christophe.incoul@tudor.lu
Abstract
Dynamic and evolved environment make the
Information Systems (IS), and consequently access rights
to its components, always more complex to define and to
manage. This statement is mainly explained by the
continuous grow of the diversity of business
requirements and by the criticality of the resources to
protect. Even if a proliferation of sophisticated “Identity
and Access Management” (IAM) solutions has appeared
on the market since end of last decade, some points
remain poorly addressed like the definition of the access
control policy against business constraints and their
dissemination through distributed system.
To bring up a contribution for improving that matter,
our paper’s first objective is to realize the development
of an automate deployment of policies from an
administrative platform that encompasses business
requirements down to infrastructure’s components and
devices. This objective is achieved by adapting the
XACML OASIS framework [22] and by formalizing a
protocol for information exchange through different
components of a multi-agent system.
The second paper’s objective aims at providing
guaranties that defined and deployed access rights are
continuously aligned with business requirements. This
objective is completed by complementary developments
that aim to perform a systematic and/or on-demand
audit of the effective rights against the desired ones.
This second objective is achieved by adding new
functionality to the proposed agents architecture and by
adapting the protocol accordingly.
Practically, this research has been performed in the
framework of the SIM [1] project and has privileged
free and open source components for the prototyping
phase.
Keywords: Identity Management, Responsibility model,
Policy audit, multi agent architecture.
1. Introduction
Improving access rights deployment and giving
business manager the confidence that rights are correctly
enforced is our research’s aim. That twofold objective is
nowadays challenging because the configuration of
Information System has been subject to major changes
since the apparition of open and distributed network.
What was previously a rather simple manageable
administrative task is now a work that takes considerable
proportions. This assertion is mainly due to two
following statements. Firstly, the management of access
right over business assets was previously the
responsibility of the IT staff and is now hand over the
responsibility of business owners. This shift of
responsibility seems reasonable in that it is the business
that has to define which stakeholders need to access
which resources. However, because business manager
are not friendly with so call “unintelligible” IT
applications, it is necessary to provide them adapted and
clear user interfaces. First results of SIM project have
focused on the elaboration of such interfaces by using an
open source framework named eGroupWare [5].
Secondly, the management of access right that was
previously limited to a strict company environment has
evolved toward a wild opening. Resources to be
accessed are no more only located on a closed network
but may be posted on servers based on the other side of
the world. Likely, people that need to access corporate
information are no more limited to employees of the
company but is largely open to others stakeholders like
for instance shareholders that need financial information,
providers that check the state of stock or customers that
follow on-line the state of orders.
Based upon that observation, it appears that it is
unavoidable to have a trusted access control framework
without previously having defined clear responsibility
for each stakeholder, provisioning access rights
accordingly to all IS components and devices, and
finally auditing that those rights are suitably applied.
Defining such a framework remains however
challenging because of the difficulty to integrate
heterogeneous applications - consequently technologies -
to heterogeneous organizations.
As shown on Figure 1 identity management is an
activity that could be achieved following a life cycle
approach. First results of our research attempt to bring
innovation to parts “Policy Engineering”, “Policy
Deployment” and “Policy audit”.
2. The section 2 of this paper proposes a responsibility
model designed to be comprehensible by business
manager while offering at the same time pragmatic
information to IT staff. To keep the paper didactic, a
case study is introduced at the early beginning of the
section to illustrate the concepts of the model. The
Section 3 presents the business interface for
responsibilities and access rights management. Section 4
presents the agents based solution for the deployment of
rights through the network and the audit of those rights.
Finally, section 5 introduces future work and concludes.
Figure 1: Identity management life cycle
2. Responsibility model
Our previous works [1] have presented responsibility
model (cf. Figure 2) and more precisely how it has been
elaborated according to a literature review and by
confrontation to others theories.
Figure 2: Responsibility model
To introduce this model, we proprietary propose the
following case study and explain concepts by providing
illustrations related to it.
Mister Johnson is the manager of the IT Company
named “HighTech”. Each year, Mister Johnson
organizes during the Christmas period a large sending
of postcards to all its customers. This year, Mister
Johnson has too much work for closing the annual
report and consequently decides to delegate this task to
one of its employees. Because the task is less business
sensitive as some other production task, Mister Johnson
decides to delegate it to a part-time secretary named
Miss Fleming. Miss Fleming has just got married and
consequently, she accepts this additional work without
commitment. Mister Johnson asks to the IT service
manager to give Miss Fleming the necessary access
right to the customers address list. The IT service
manager asks an employee from the IT service named
Rob to realize the necessary operation for providing this
right. On January the 30th, Mister Johnson receives
over 100 complains of customers that didn’t receive
Christmas card.
Mister Johnson has duly formalized Miss Fleming’s
Accountability by asking her to realize the sending
activity. It was consequently clear about what she was
accountable to do. To achieve that sending, she got the
necessary capability that was the access to the
customers file. However, due to the fact that her thought
went to her new husband rather that to the work she had
to accomplish, she didn’t really want to achieve the
work and failed to assure her responsibility due to a
miss of commitment.
Rob’s responsibility can also be analyzed by that case
study. Rob is a well paid IT staff that is very happy with
his function. He has received clear accountability to give
access right to Miss Fleming and he has the needed
capabilities due to its position as network administrator.
He has consequently been responsible to fulfil Mister
Johnson’ request.
It exists a plethora of definitions of responsibility and
this paper has not for duty to propose a new one. We
may however state that commonly accepted responsible
definition encompasses the idea of having the obligation
to ensure that something happens. Moreover, the review
of the literature in [2] shows that it makes sense to hang
on to it the three additional elements that are Capability,
Accountability and Commitment. The relationship
between Responsibility and Capacity, Accountability
and Commitment is of the form 0..* to 1. That means
that being responsible involves that it is possible to
dispose of many Capacities, Accountabilities and
Commitment. But at the opposite, on Commitments is
only bound to one responsibility, and adequately for
Accountability and Capability.
Capability describes the quality of having the
requisite qualities, skills or resources to perform a task.
Capability is a component that is part of all models and
methods, and is most frequently declined through
definition of access rights, authorizations or permissions.
Based upon the above case study, the Capability is
illustrate through the Miss Fleming’s capability to access
the customer’s file. This Capability exists because Rob
was responsible to provide that access right. The case
study illustrates also Rob’s Capability to be responsible
for providing access right. Indeed, due to his position of
network administrator, he has the right to manage all
employees’ access right.
Accountability is a concept that exists mainly in
requirement engineering methods and that appears
through the obligation to achieve a task or to perform an
action. This concept describes the state of being
answerable about the achievement of a task. The above
case study illustrates that Miss Fleming is accountable
toward Mister Johnson regarding the task she has been
assigned responsible for. In the same way, Rob is
accountable toward the IT service manager for providing
the access right.
Commitment is the moral engagement of a
stakeholder to fulfil a task and the assurance that he will
3. do it. Commitment is a most infrequent concept.
Traditional policy model such as RBAC [3] do not
address it, however i* [4] partly introduces it (e.g. when
defining dependency as an “agreement” between two
actors). However, to distinguish if it is a moral concept
or an obligation remains interpretable. This component
is illustrated through the cases study as follow: Firstly,
we may state that because Miss Fleming has others
duties in mind, she has not the willingness to achieve the
task. We may state that she is not committed to do it. At
the opposite, Rob is a well paid IT staff that is very
happy with his function. He is fully committed to
perform the task.
3. Business interface for responsibilities and
access rights management
In order to support our approach, we have developed
a prototype, using the open-source groupware
eGroupWare, which allows defining business’ processes
on which responsibilities are assigned to stakeholders.
3.1 Responsibility enforcement
Using this paper’s case study, the first step is to
define the process “XMAS-MAILING-2007 - Christmas
card mailing – Year 2007” (cf. Figure 3).
Figure 3: SIM prototype process cartography
The process defined different outcomes, which can be
defined as results produced by the process :
Outcome #01 : Create customer loyalty
Outcome #02 : Present new products
Outcome #03 : Update customers list
Outcomes are reached by achieving base practices
(BP) :
XMAS-MAILING-2007-BP#01 : Card creation
XMAS-MAILING-2007-BP#02 : Card order
XMAS-MAILING-2007-BP#03 : Mailing list edition and
envelopes printing
XMAS-MAILING-2007-BP#04 : Posting and finalization
Outcomes are reached by using some work products
(WP) :
WorkProduct#1 : CardCreation customer account
WorkProduct#2 : Customers list
WorkProduct#3 : HighTech marketing stuff folder
For a better understanding and granularity, we
defined a base practice as a set of atomic actions, called
actions, and we define responsibilities for those actions.
For our case study, we define for example a
responsibility on the action “Edit mailing list” which is a
part of the base practice “XMAS-MAILING-2007-
BP#03: Mailing list edition and envelopes printing”.
This responsibility is assigned to Miss Fleming and is
composed of two accountabilities “Create a relevant
customers list for card mailing based on customers list”
and “Modify obsolete entries in customers list”, and one
capability (to edit the customer list, she needs to “Access
customers list on read-write mode”). Each responsibility
is created using the form showed on Figure 4.
Figure 4: SIM action's responsibilities add form
When all responsibilities are defined and assigned to
resources, the application, using these responsibilities, is
able to publish via a web-service, a set of XACML
policies containing all process related policies (Figure 5
presents the policy set corresponding to defined
responsibilities). These technical mechanisms of rights
enforcement are detailed in section 5.
3.2 Audit module
4. Once the deployment of the access rights is done on
the technical devices via the multi-agent system, we
need a mean to control, at the organizational layer, that
polices are effectively and rightly deployed and applied
at the technical layer to:
Ensure a high level of effectiveness in the
policy deployment process;
Ensure a high level of correlation between
the business policies issued from the
organizational model down to accesses
rights enforced at the technical devices;
Figure 5: XACML Policy set generated by SIM
prototype
To reach these goals, we have developed an audit
module that enables IT administrators and business
managers to continually check the alignment of the
access right with business’ requirements. This
monitoring is facilitated by the use of dashboards that
highlight the policy deployment status through the mean
of charts and diagrams. With these charts, administrators
can detect problems induced by a modification of
(technical or business) access rights and thus mitigate
the risk of possible impacts on the security of the
Information System.
The audit mechanism is illustrated through our case
study by Figure 6 that gives a detailed view of the result
of the audit of the “XMAS-MAILING-2007 - Christmas
card mailing – Year 2007” process deployment. We can
observe that the deployment of the access right defined
for the action “Print of B&WPrinterXYZ-CD2014” is
not correctly deployed on the specific device and we can
see the reason why by hitting the “error details” link.
Figure 6: Example of deployment result for the case
study
Each action has an indicator that represents the
“access right status” for the action. We have defined
three possible states:
1. “Successfully deployed”, if the access right is
successfully implemented on the technical
device;
2. ”An error occurred while deploying”, if a
problem has been encountered during the
deployment process;
3. “New police”, if the police has never been
deployed yet, or has changed (on the technical
device or in the business layer) since last
deployment.
For all actions, we can visualized the XACML policy
linked to the right defined. For each action “in error” or
“not yet deployed”, we can deploy the access right
policy individually. For each action “in error”, the error
message is available.
The second view, presented in Figure 7, gives a
consolidated view of the state of the policies defined for
5. our process. Unsophisticated formulas have been used to
generate the graphics but they are not detailed in that
paper because it is not valuable at this stage of the
research.
Figure 7: Consolidated view for the process
These two dashboards are obtained by comparing
information retrieved from the deployment process and
from the business requirements definition.
The next section explains in details the architecture of
the policy deployment and audit process.
4. Policy Deployment and Audit
We need a means to transform an instantiated policy
(composed of concrete rules) into specific commands to
apply on concerned devices (named hereafter technical
modules), to verify that the policy is applied with
success and to check that no modification is directly
done through the technical modules. We distinguish two
phases.
The first one is the deployment:
1. We must find all the devices (firewall in our
case study) concerned by the policy's rules.
2. The rules must be sent to the technical modules.
3. Each received rules must be transformed into
script or command.
4. Scripts or commands must be executed and
return an execution status.
5. An audit is done and sent back to the
organisational layer in order to verify that
policies have really been applied.
The second phase is the audit:
1. The access rights defined for a user or a
resource must be checked.
2. The request is sent to the technical modules that
transform it into command.
3. Technical modules execute the command and
result is sent back to the user.
For that, several components are used (cf. Figure 8).
Each technical module is interfaced with a Policy
Enforcement Point (PEP). The PEP communicates with a
component called Policy Decision Point (PDP) whose
goal is to retrieve PEP and distributing rules to be
applied. It also interfaces the policy base in order to be
aware of new policies to apply. The PEP also
communicates with a component called Audit
Correlation Engine (ACE) whose goal is to get the status
of PEP in general and the status of policies deployed in
particular.
Figure 8: Technical infrastructure
The communication between the components could
be provided by a standardized protocol such as SNMP
[11], COPS [9] or NETCONF [10] or a multi-agent
based communication.. We presented these different
solutions and argued in favour or multi-agent system in
[1]. Our conclusion was that we think that the use of a
Multi-Agent System (MAS) is an interesting solution
because it provides autonomous entities that can be
collaborative. A Multi-Agent System is composed of
several agents, capable of a mutual interaction that can
be in the form of message passing or the production of
changes in their common environment [6]. Agents are
pro-active, reactive and socially autonomous entities
able to exhibit organized activity, in order to meet their
designed objectives, by eventually interacting with
users. Agents are collaborative by being able to commit
themselves to the society or/and another agent [7]. So, if
we consider that each technical module is interfaced
with an agent, all agents will collaborate in order to
apply a set of common policies.
We detail in the following agents’ architecture
representing all components (PDP, PEP and ACE) and
the relation between these components.
6. 4.1. Policy Decision Point
The PDP's architecture is shown in Figure 9. There
are two main modules: the policy analysis and the
Component Configuration Mapper.
Figure 9: Policy Decision Point architecture
The policy analysis module has to perform a variety
of validation checks. First, it verifies the syntax of the
policy specification provided by a PIE. This module will
then verify that the newly received policies are
consistent with current applied rules (coming from the
policy status base). A set of policies will be consistent if
it can be shown that no contradictory policies will ever
be found in a SIM system. The user will be able to
choose the system behaviour if a conflict is detected. For
the moment, the old rules that derivate from the previous
policy are cancelled and the newly received policy that
contradicts the applied rules.
The policy analysis module communicates with a
“policy rules status” database. This database stores the
newly received policies and their current status (in
progress, not applicable, by-passed, enforced,
removed…). In addition, the module should detect rules
that cannot be enforced due to a lack of PEP. As a
consequence a PDP should be aware of the different
managed PEPs.
For this reason, a Facilitator agent helps the PDP
agent. This agent manages the network topology by
retrieving PEP agents according to their localisation
(devices registered with an IP address or MAC address)
or according to actions they could apply and their type
(firewall, fileserver, etc.). For this, the Facilitator uses
white pages and yellow pages services.
The Component Configuration Mapper states in
details which kind of actions need to be taken by which
kind of network devices/applications. This module
receives high level policies and generates generic format
policies for each type of PEP (router, firewall, IDS…).
For that, it asks the Facilitator to determine what PEPs
are impacted by the policies update by mapping a set of
possible actions to the current network components
capabilities.
If some rules are not applicable, the Component
Configuration Mapper notifies the policy analysis
module. This one will update the policy rules status.
Problematic rules will be passed by, and their status in
the “policy status” database will change from “in
progress” to “by-passed”. Then the corresponding
policies are sent to the concerned PEP.
4.2. Policy Enforcement Point
Figure 10: Policy Enforcement Point architecture
A PEP agent manages each device that is part of
SIM’s technical layer. Agents are specific according to
the kind of devices or the kind of services that the device
offers. It is specific in order to know how to transform
policies represented in an abstract format (XACML [22]
in our case) for applicable scripts or rules. The Figure 10
shows the PEP's architecture. A PEP is composed of
three modules which are referred to as monitoring,
observation and enforcement.
The monitoring module controls the PEP actions and
stores all relevant actions/events. It receives abstract
policy from the PDP and chooses which action and
parameters must be executed to apply the policy. Then,
the enforcement module launches this local appropriate
action mechanism by applying the selected script. The
progress of the operations can be provided to the
Observation module. This last module performs
periodically, or during a script execution, measurements
to evaluate the current state of the PEP. But this is also
the module by which an audit is done by sending
feedback to the Audit Correlation Engine (ACE).
If we take back the case study presented in section 2,
the XACML policy generated in Figure 5 aims at
“allowing subject 26 to read resource 31”. The PEP
interfacing with an UNIX-like fileserver registered the
7. “setfacl” action1
. So it will construct its command by
using this action with parameters included into the
policy rule. The actions granted by the policy are “read”
and “write”. They will be transformed into ‘:rw-‘ to say
that “read” and “write” are allowed but not “execute”.
The command that the PEP will execute is:
setfacl –m u:26 :rw 31
The “-m” option indicates that the rights are modified,
“u” indicates that “26” is a user and “:rw-“ are his new
rights on 31.
4.3. Audit Correlation Engine
The Audit Correlation Engine goal and architecture is
equivalent to the PDP in that it also exhibits its services
through the WSIG (Web Service Integration Gateway)
and sends policy to the PEP. The ACE receives a request
concerning a type of device to audit and/or potentially a
resource or a user. As the PDP, it forwards the demand
to the concerned PEP related to the request it receives.
For that it asks the concerned technical modules to the
Facilitator. At the PEP point of view, the policy
indicates that this is not a deployment but an audit and
for instance, instead of executing a “setfacl” command,
it executes a “getfacl” command in order to get the state
of the fileserver concerning a particular resource.
To summarize, the use of a multi-agent system
framework gives PDP, PEP and ACE the ability to
cooperate and communicate between themselves in order
to implement policies and get back their real and current
status. It also provides flexibility, openness and
heterogeneity because when we decide to add a new
PEP, we just have to provide the agent able to concretely
apply the policies. This solution provides also
interoperability because the services that ACE and PDP
offer are exhibited as web service (through the Web
Service Integration Gateway, cf. Figure 6) for giving the
possibility to the Organisational Layer to communicate
with the Technical Layer and also to allow other systems
to communicate with this agent-based policy
deployment and audit framework. Next section details
the links between both layers.
4.4. Links with Organisational model
As explained previously, our approach is based on a
twofold development: the generation of access policies
from the Organisational Model and their deployment
into the different devices by the multi-agents system.
Both layers operate in a heterogeneous environment and
may consequently be physically or logically distant.
Therefore it is necessary to establish communication
way disregarding these characteristics. In this context,
the most logical and appropriate solution is the use of
1
LINUX ACL expands access rights to users and
groups. “setfacl” and “getfacl” are the basic ACL
commands.
Web Service. Web Services can meet the needs of
interoperability required by SIM. Moreover they are
independent and may hence facilitate maintenance
without modification of the calls made by clients. The
multi-agents system is able to publish all features of its
agents through Web Services,. By this way, the link is
provided with the Organisational Layer to ensure its
monitoring and auditing.
Figure 11: WSIG architecture
As shown in Figure 11, the Web Services Integration
Gateway plays the role of web server and so makes the
bridge between the multi-agents system and clients (the
Organisational Layer). Its main role is to translate all the
functionality of agents and Web Services in order to
ensure communication with clients. The WSIG interface
is composed of two main entities: a web server (the
WSIG servlet) and a specialised WSIG agent. When
agents register themselves in the yellow pages through
the Directory Facilitator, they are also registered in the
Service Directory of the WSIG in order to translate them
in WSDL format. WSIG agent is able to determine in
real-time availability of other agents and all their
services to update WSDL files. The Web server gets and
forwards the SOAP requests to the WSIG agent, which
translates them in ACL messages comprehensible by
other agents, notably the PDP. Once agents have
completed their work, the result is returned to WSIG,
which forwards it to the client. The WSIG model
architecture is an add-on of the JADE platform.
5. Conclusion and future work
One means for having Good IT Governance is reach
by an effective business IT alignment. As a consequence
defining policy against business requirements become
crucial for business and IT managers. In this paper we
8. have presented an architecture developed to applied
access rights through the definition of business
processes, their transformation into XACML policies
and finally their deployment and their audit with a multi-
agent system.
The future works will focus on improving three
points:
Firstly, our proposed prototype permits to assign
rights directly to users. This solution in practices could
be difficult to manage if the company encompasses a
large number of employees. Solutions exist to face that
problem like the usage of role or team to group peoples
by function and than affecting rights to it. Our next
development will run at integrating that concept in the
prototype from the organization to the technical layer.
Secondly, the extension of the XACML policies in
order to manage other devices than the fileserver and in
order to use a common policy format to deploy and to
audit them.
Thirdly, the security of messages exchanged is not taken
into account: the messages between agents and Web
Service clients are exchanged in plain text format.
Malicious users can take advantage could take advantage
of this lack of security and may themselves fix rights to
various devices to generate their own security policy. As
a consequence, we will integrate a two-factor
authentication system for Web Service and encryption of
messages from agents to ensure the integrity,
confidentiality and authenticity of policies.
5. Acknowledgement
SIM “Secure Identity Management” is an R&D
project of the CRP Henri Tudor achieved in
collaboration with the « University of Luxembourg »
funded by the National Research Fund Luxembourg.
7. References
[1] Benjamin Gateau, Christophe Feltus, Jocelyn Aubert,
Christophe Incoul, An Agent-based Framework for Identity
Management: The Unsuspected Relation with ISO/IEC 15504,
IEEE International Conference on Research Challenges in
Information Science (IEEE RCIS 2008), Marrakech, Morocco.
[2] Christophe Feltus, Preliminary Literature Review of Policy
Engineering Methods - Toward Responsibility Concept,
International Conference on Information & Communication
Technologies: from Theory to Applications (IEEE
ICTTA2008), Damascus, Syria.
[3] David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D.
Richard Kuhn and Ramaswamy Chandramouli, Proposed NIST
Standard for Role-Based Access Control, ACM Transactions
on Information and System Security, Vol. 4, No. 3, August
2001, Pages 224-274.
[4] Yu, E. S. and Liu, L. 2001. Modelling Trust for System
Design Using the i* Strategic Actors Framework. Workshop on
Deception, Fraud, and Trust in Agent Societies Held During
the Autonomous, Eds. Lecture 35 194.
[5] http://www.egroupware.org
[6] Jean-Pierre Briot and Yves Demazeau, Principes et
architectures des systémes multi-agents, Hermés-Lavoisier,
2001.
[7] Nicholas R. Jennings and Michael J. Wooldridge,
Applications of intelligent agents, Agent Technology
Foundations, Applications, and Markets , Springer-Verlag,
1998.
[8] Simon Godik, Tim Moses, et al, “eXtensible Access
Control Markup Language (XACML) Version 1.0”, OASIS
Standard, February 18th, 2003.
[9] D. Durham, J. Boyle, R. Cohen, S. Herzog, R. Rajan, A.
Sastry, “The COPS (Common Open Policy Service) Protocol”,
IETF RFC 2748, january 2000.
[10] R. Enns, “NETCONF Configuration Protocol”, IETF RFC
4741, december 2006.
[11] D. Harrington, R. Presuhn, B. Wijnen, “An Architecture
for Describing Simple Network Management Protocol (SNMP)
Management Frameworks”, IETF RFC 3411, december 2002.