Affective recommender systems: the role of emotions in recommender systems
Thoughts on Access Control in Enterprise Recommender Systems
14
gefördert durch das Kompetenzzentrenprogramm Heimo Gursch Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems www.know-center.at 10 July 2013 Workshop on Academic-Industrial Collaborations for Recommender Systems © Know-Center 2013 Thoughts on Access Control in Enterprise Recommender Systems
-
Upload
heimo-ge -
Category
Technology
-
view
105 -
download
1
description
Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems This presentation was given on the 10th of July at the Mendeley event "Workshop on Academic-Industrial Collaborations for Recommender Systems"
Transcript of Thoughts on Access Control in Enterprise Recommender Systems
gefördert durch das Kompetenzzentrenprogramm
Heimo Gursch
Some Thoughts and Aspects on Access Control
Related Issues for Enterprise Recommender
Systems
www.know-center.at
10 July 2013
Workshop on Academic-Industrial Collaborations for Recommender Systems
© Know-Center 2013
Thoughts on Access
Control in Enterprise
Recommender Systems
© Know-Center 2013
2
Agenda
What am I working on?
Why are we working on that?
What are the major concerns?
Access Control
What are the problems?
What can be done about it?
Recommender
Why use them?
What can they achieve?
© Know-Center 2013
3
Our Project & my background
Project Setting
Four large German Companies
Amounts of information is increasing
Enterprise search is not enough
Project Goals
Single entry point to all information
Help engineers to find whatever they are looking for
Create a prototype that is capable of
Enterprise Search
Recommender
Extract, show and use relations between data
© Know-Center 2013
4
The Problems – Company Policy
© Know-Center 2013
5
The Problems – What is Going on
© Know-Center 2013
6
The big trade-off
Current situation is unsatisfying
Recommender would bring “too much” information
Recommend to user only Information where access is
possible
Closed Open
Information
© Know-Center 2013
7
Access Control Concerns
Access Control is a “necessary evil” to ensure
Confidentiality
Traceability
Status quo
Role based access control (RBAC)[1]
1000s of roles
SSO only over some systems
Problems when changes are necessary
Solutions
Adapt the current system
Start over clean…
[1] D.F. Ferraiolo and D.R. Kuhn, “Role-Based Access Controls”, in 15th National Computer Security Conference, 1992,
Baltimore MD, Pages 554-563
© Know-Center 2013
8
Possible Solutions[2]
Attribute Based Access Control
Problem: Decide on attributes
Authorization Based Access Control
Abbreviated ABAC or ZBAC
User checks out token to get access
Token holds all the information needed by target systems
Token or parts of it can be passed on
First realization[3]
SOAP Messages with X.509 Certificate
[2] A.H. Karp, H. Haury, and M.H. Davis, “From ABAC to ZBAC: The Evolution of Access Control Models From ABAC to ZBAC”,
2009
[3] J. Li and A. H. Karp, “Zebra Copy : A Reference Implementation of Federated Access Management 1”, 2007
© Know-Center 2013
9
Bring in the Recommender…
Recommender can help with questions like…
Has anybody done something with…
Give me more like that
Combining -based Recommenders
Content-based: Short-term model
Knowledge-based: Long-term model
“Knowledge”
Job description
Assigned tasks
…
Content
Knowledge
© Know-Center 2013
10
Content & Knowledge-based
Recommender
User independent Serendipity problem
Model overcomes the new
user problem
Limitation of content
analyse
Fast integration of new
items
Tweaks by the user are
possible
Changing user interest
© Know-Center 2013
11
Combine Recommender & Access Control
Criteria for the solution
High-performance solution that is parallelisable
Ensure access control in any case
Possible solutions
Check access control before anything else is done
Use a multi-criteria recommender system
Multi-criteria recommender system
Define a aggregation function
Base recommendation on
Access control
Short-time model
Long-time model
© Know-Center 2013
12
Key aspect for success
Give possible solution
Show that infrastructure is the result of the problem not the
cause
Need to know vs. good to know
Show potential
Produce a prototype that consists of
Search
Recommender
Access-control concepts
© Know-Center 2013
13
Summary & Closing Arguments
Project Settings
Problems and the current situation at our partners
User/role management
Information needs of employees
Situation we work towards
Change access management
Introduce the recommender systems
Improve enterprise search that employees actuality use it
gefördert durch das Kompetenzzentrenprogramm
Heimo Gursch
Some Thoughts and Aspects on Access Control
Related Issues for Enterprise Recommender
Systems
www.know-center.at
10 July 2013
Workshop on Academic-Industrial Collaborations for Recommender Systems
© Know-Center 2013
Thoughts on Access
Control in Enterprise
Recommender Systems
![A Fuzzy Recommender System for eElections - unifr.ch Fuzzy Recommender System for eElections 63 2 Recommender Systems for eCommerce According to Yager [4], recommender systems used](https://static.fdocuments.in/doc/165x107/5b08be647f8b9a93738cdc60/a-fuzzy-recommender-system-for-eelections-unifrch-fuzzy-recommender-system-for.jpg)
