Thoughts on Access Control in Enterprise Recommender Systems

14
gefördert durch das Kompetenzzentrenprogramm Heimo Gursch Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems www.know-center.at 10 July 2013 Workshop on Academic-Industrial Collaborations for Recommender Systems © Know-Center 2013 Thoughts on Access Control in Enterprise Recommender Systems

description

Some Thoughts and Aspects on Access Control Related Issues for Enterprise Recommender Systems This presentation was given on the 10th of July at the Mendeley event "Workshop on Academic-Industrial Collaborations for Recommender Systems"

Transcript of Thoughts on Access Control in Enterprise Recommender Systems

Page 1: Thoughts on Access Control in Enterprise Recommender Systems

gefördert durch das Kompetenzzentrenprogramm

Heimo Gursch

Some Thoughts and Aspects on Access Control

Related Issues for Enterprise Recommender

Systems

www.know-center.at

10 July 2013

Workshop on Academic-Industrial Collaborations for Recommender Systems

© Know-Center 2013

Thoughts on Access

Control in Enterprise

Recommender Systems

Page 2: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

2

Agenda

What am I working on?

Why are we working on that?

What are the major concerns?

Access Control

What are the problems?

What can be done about it?

Recommender

Why use them?

What can they achieve?

Page 3: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

3

Our Project & my background

Project Setting

Four large German Companies

Amounts of information is increasing

Enterprise search is not enough

Project Goals

Single entry point to all information

Help engineers to find whatever they are looking for

Create a prototype that is capable of

Enterprise Search

Recommender

Extract, show and use relations between data

Page 4: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

4

The Problems – Company Policy

Page 5: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

5

The Problems – What is Going on

Page 6: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

6

The big trade-off

Current situation is unsatisfying

Recommender would bring “too much” information

Recommend to user only Information where access is

possible

Closed Open

Information

Page 7: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

7

Access Control Concerns

Access Control is a “necessary evil” to ensure

Confidentiality

Traceability

Status quo

Role based access control (RBAC)[1]

1000s of roles

SSO only over some systems

Problems when changes are necessary

Solutions

Adapt the current system

Start over clean…

[1] D.F. Ferraiolo and D.R. Kuhn, “Role-Based Access Controls”, in 15th National Computer Security Conference, 1992,

Baltimore MD, Pages 554-563

Page 8: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

8

Possible Solutions[2]

Attribute Based Access Control

Problem: Decide on attributes

Authorization Based Access Control

Abbreviated ABAC or ZBAC

User checks out token to get access

Token holds all the information needed by target systems

Token or parts of it can be passed on

First realization[3]

SOAP Messages with X.509 Certificate

[2] A.H. Karp, H. Haury, and M.H. Davis, “From ABAC to ZBAC: The Evolution of Access Control Models From ABAC to ZBAC”,

2009

[3] J. Li and A. H. Karp, “Zebra Copy : A Reference Implementation of Federated Access Management 1”, 2007

Page 9: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

9

Bring in the Recommender…

Recommender can help with questions like…

Has anybody done something with…

Give me more like that

Combining -based Recommenders

Content-based: Short-term model

Knowledge-based: Long-term model

“Knowledge”

Job description

Assigned tasks

Content

Knowledge

Page 10: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

10

Content & Knowledge-based

Recommender

User independent Serendipity problem

Model overcomes the new

user problem

Limitation of content

analyse

Fast integration of new

items

Tweaks by the user are

possible

Changing user interest

Page 11: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

11

Combine Recommender & Access Control

Criteria for the solution

High-performance solution that is parallelisable

Ensure access control in any case

Possible solutions

Check access control before anything else is done

Use a multi-criteria recommender system

Multi-criteria recommender system

Define a aggregation function

Base recommendation on

Access control

Short-time model

Long-time model

Page 12: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

12

Key aspect for success

Give possible solution

Show that infrastructure is the result of the problem not the

cause

Need to know vs. good to know

Show potential

Produce a prototype that consists of

Search

Recommender

Access-control concepts

Page 13: Thoughts on Access Control in Enterprise Recommender Systems

© Know-Center 2013

13

Summary & Closing Arguments

Project Settings

Problems and the current situation at our partners

User/role management

Information needs of employees

Situation we work towards

Change access management

Introduce the recommender systems

Improve enterprise search that employees actuality use it

Page 14: Thoughts on Access Control in Enterprise Recommender Systems

gefördert durch das Kompetenzzentrenprogramm

Heimo Gursch

Some Thoughts and Aspects on Access Control

Related Issues for Enterprise Recommender

Systems

www.know-center.at

10 July 2013

Workshop on Academic-Industrial Collaborations for Recommender Systems

© Know-Center 2013

Thoughts on Access

Control in Enterprise

Recommender Systems