Authority Vectors

David E. Ellis

U.S. Geo-Political ExampleGeographic Area Political Authority (Jurisdictions)Solar System, Galaxy, Universe: Are defined Solar System, Galaxy, Universe: To be determined

Earth: A larger geographic region which includes all of Nations on the face of the planet.

United Nations: International organization formed to promote international peace, security, and cooperation under the terms of the UN charter.

Nation: A larger geographic region which includes 50 States or several territories.

United States: The authority to regulate behavior of population within it’s geographic region and limited to authority granted by states via the US constitution

States: A larger geographic region which includes one or more counties

State: The authority to regulate the behavior of population within it’s geographic region and is the basic politic body which together make up the federal union of United States of America.

County: (or Tribal): A larger geographic region which may include one or more cities

County: The authority to regulate the behavior of population within it’s geographic region and is the largest administrative division of a U.S. state

City: The geographic region which is mutually inhabited by a group of people

City: The authority to regulate the behavior of certain aspects of their residents usually an incorporated municipality governed by a mayor and a board of aldermen or councilmen

Territory: a region or district of the U.S. not admitted to the Union as a state but having its own legislature, with a governor and other officers appointed by the President and confirmed by the Senate

Trans-Enterprise Service Grid (TSG)• OASIS Emergency Data Exchange Language – Distribution Element (EDXL-DE) is distribution

metadata for distributing TSG content.• OASIS Common Alerting Protocol (CAP) is a specific alert content standard.• TSG node – a node that produces, processes, and/or consumes EDXL-DE documents and/or

their content.• Secure Policy-oriented Object Router (SPOR) – a TSG node that process/forwards EDXL-DE

content not explicitly addressed to itself.• Edge SPOR – a special node which has bridges between TSG and external interfaces. SPOR

which receives Injection from/provides Deliver to TSG Node. • Core SPOR – a general purpose router with internal TSG capabilities.• High Assurance SPOR (HA-SPOR) – a SPOR which uses cryptographic protection to eliminate

host Operating System and application exploitation processes.• A SOA Application Host – any node that is not a SPOR but connects to the TSG via a SPOR.

These hosts represent the Sender and Recipient for any information exchange.• TSG Link – a communication facility or medium which delivers TSG content.• TSG Neighbors – nodes attached to the same link. • TSG Interface – a node’s attachment to a link.

Information and Policy Flow• Policy Flow

– Nation -> Nation– United States (National) -> States– States -> States– States -> County (or Tribal)– County -> County– County -> City– City -> City

• Information Flow– Inject (Sending something into the TSG)– Deliver (Receiving something from the TSG)– Forward (Sending something up the authority vector)– Distribute (Sending something down the authority vector)– Exchange ( Sending something to a peer at same authority)

deployment Nodes

«executionEnvironment,USPolicy»United States

«executionEnvironment,S2Policy»State Two

«executionEnvironment»county Three

«executionEnviron...City Three

«device»Edge SPOR3

«executionEnvironment,S1Policy»State One

«executionEnvironment,C1P...County One

«executionEnvironm...City One

«device»Edge SPOR1

«device»Edge SPOR4

«executionEnvironment»County Two

«executionEnvironme...City Two

«device»PublSub1

«device»Sub1-EAS

«device»Pub1-Sensor

«device»PubSub2

«device»PubSub3

«device»Sub2-EAS

«device»Edge SPOR2

«device»Edge SPOR5

«device»Edge SPOR7

«device»Edge SPOR6

«device»Edge SPOR8

«device»PubSub4

«device»PubSub5

«device»Edge SPOR9

«device»PubSub6

«device»PubSub8«device»

PubSub7

«device»Pub2-President

«device»PubSub10

«device»PubSub9

«device»Sub3-EOC

Deliver«Flow»

Deliver «Flow»

Inject

«Flow»

Exchange

«Flow»

Exchange

«Flow»

Exchange

«Flow»

Exchange

«Flow»

Report«Flow»

Distribute

«Flow»Distribute

«Flow»

Report«Flow»

Report

«Flow»

Exchange

«Flow»

Distribute«Flow»

Report

«Flow»

Deliver

«Flow»

Inject

«Flow»

Deliver

«Flow»

Inject

«Flow»

USPolicies

«PolicyFlow»

StateOnePolicies

«PolicyFlow»StateOnePolicies

«PolicyFlow»

USPolicies

«PolicyFlow»

Report«Flow»

Distribute«Flow»

City Two

«PolicyFlow»

County One

«PolicyFlow»

County Two

«PolicyFlow»

Distribute

«Flow»

Distribute«Flow»

Deliver

«Flow»

Inject

«Flow»

Deliver

«Flow»

Deliver

«Flow»

Inject

«Flow»

Exchange

«Flow»

Distribute«Flow»

Exchange

«Flow»

Report«Flow»

Deliver«Flow»

StateTwoPolicies

«PolicyFlow»Deliver

«Flow»

Distribute

«Flow»

Report

«Flow»

StateTwoPolicies

«PolicyFlow»

StateOnePolicies

«PolicyFlow»

Exchange

«Flow»

City One

«PolicyFlow»

Report

«Flow»

Inject

«Flow»

Deliver

«Flow»

Deliver

«Flow»

Inject

«Flow»

Inject«Flow»

Inject

«Flow»

Deliver

«Flow»

Inject

«Flow»

Inject

«Flow»

Inject

«Flow»

Deliver«Flow»

Data in Motion• Domain is Distribution (What)• Who/What should get content (Purpose)

– Sender Authority (Empowerment)– Recipient Authority (Empowerment)– Other (policies about content distribution)

• Metadata Usage (How to use XML elements)– Message Authentication– Intent of Distribution– Empowerment (Authority for Distribution)– Disclosure control (Who can see what)

• Ontology issues– Intrinsic Part of the Thing– Extrinsic Context of the Thing

• Willingness Issues

Policy Examples• General: Policies which effect entire TSG

– This.TSG shall distribute all EDXL-DE Msg (allow example)– This.TSG shall not distribute sensitve EDXL-DE Msg (deny example)– This.TSG shall exchange with TSGs (Value A, Value B, etc.)– This.TSG shall support multiple ContentObjects per message)– This.TSG shall support Explicit Distribution (e-mail, Open)

• Inject (Sending something into the TSG)– This.SPOR accepts EDXL-DE Msg only– This.SPOR accepts CAP Msg– This.SPOR accepts Msg from only COI( Social Structure or Jurisdiction)

• Deliver (Receiving something from the TSG)– This.SPOR delivers to RecipientRole (Value A, Value B, etc.)– This.SPOR delivers to ExplicitAdrress(Value A, ValueB, etc.)

• Forward (Sending something up the authority vector)– This.SPOR endorses Msg from COI (Value B, Value B, etc.)

• Distribute (Sending something down the authority vector)– etc.

• Exchange ( Sending something to a peer at same authority)– Etc.

SOA Willingness

• Authority Flow– Local– Tribal– State– Federal– International

• Content Authority– Law Enforcement– Health

DistributionCloud

Receiver

Sender State

Federal

class EDXL-DE_Schema_v ...

«XSDtopLevelElement»EDXLDistribution«XSDcomplexType»

ComplexTypeClass1

«XSDelement»+ combinedConfidentiality: string+ contentObject: contentObjectType [0..*]+ dateTimeSent: dateTime+ distributionID: string+ distributionReference: string [0..*]+ distributionStatus: statusValues+ distributionType: typeValues+ explicitAddress: valueSchemeType [0..*]+ keyword: valueListType [0..*]+ language: string [0..1]+ recipientRole: valueListType [0..*]+ senderID: string+ senderRole: valueListType [0..*]+ targetArea: targetAreaType [0..*]

«XSDcomplexType»contentObjectType

«XSDelement»+ confidentiality: string [0..1]+ consumerRole: valueListType [0..*]+ contentDescription: string [0..1]+ contentKeyword: valueListType [0..*]+ incidentDescription: string [0..1]+ incidentID: string [0..1]+ originatorRole: valueListType [0..*]

«XSDchoice»ModelGroup1

«XSDelement»+ nonXMLContent: nonXMLContentType+ xmlContent: xmlContentType

«XSDany»ModelGroup2

«XSDcomplexType»nonXMLContentType

«XSDelement»+ contentData: base64Binary [0..1]+ digest: string [0..1]+ mimeType: string+ size: integer [0..1]+ uri: anyURI [0..1]

«XSDcomplexType»xmlContentType

«XSDelement»+ embeddedXMLContent: anyXMLType [0..*]+ keyXMLContent: anyXMLType [0..*]

«XSDcomplexType»anyXMLType

«XSDany»ModelGroup3

«XSDcomplexType»valueListType

«XSDelement»+ value: string [1..*]+ valueListUrn: string

«XSDcomplexType»valueSchemeType

«XSDelement»+ explicitAddressScheme: string+ explicitAddressValue: string [1..*]

«XSDcomplexType»targetAreaType

«XSDelement»+ circle: string [0..*]+ country: string [0..*]+ locCodeUN: string [0..*]+ polygon: string [0..*]+ subdivision: string [0..*]

«enumeration»statusValues

Actual Exercise System Test

«enumeration»typeValues

Report Update Cancel Request Response Dispatch Ack Error SensorConfiguration SensorControl SensorStatus SensorDetection

+contentObject

+embeddedXMLContent

+keyXMLContent+xmlContent+nonXMLContent

0..*

+originatorRole

1..*

+consumerRole

+targetArea

+senderRole

+explicitAddress

+distributionStatus

+distributionType

+keyword

+recipientRole

+contentKeyword

Intent

Empowerment

Authenticity

Disclosure

Policy ExampleNon-Repudiation-Authenticity-Intent-Empowerment

ElementPurpose

Routing Issues-Hop count-Token versus CRL validation

Collection Of InterestvalueListUrn (Structure)

Locations

OwnsSender

RecipientOriginatorConsumerKeywords

contentKeywords

Taxonomies

TBDAttributes

SecurityLevel

Jurisdiction or Social Structure

ValueListURN relatedto EDXL function andValues for Function

Keywords and contentKewords can be used to represent any topic needed in RDF

Triple

ContentObject

Sender

Originator

RoleType

Consumer

Recipient

Schema/Format

MIMEType

IER (IEPD)Needline

Keyword ContentKeyword

TagNames

AllowedValues

EDXLHeader

EDXL Header Usage

ElementElement Purpose

Core Message Routing Usage

Delivery Selection

distributionID Message Identification None None

senderID Message Identification None None

dateTimeSent Message Identification None None

distributionStatus Action Level None - TBDApplication

Filtering

distributionType Functional Type None - TBDApplication

Filtering

combinedConfidentiality Informational None Security Filtering

language Informational None Nationality Filtering

senderRole Functional Role Exp/Imp Pub/Sub COI Filtering

recipientRole Functional Role Exp/Imp Pub/Sub COI Filtering

keyword Content Identification Exp/Imp Pub/Sub COI Filtering

distributionReference Message Identification Experimenting Fixed

explicitAddress External delivery Explicit Fixed  

ContentObject Elements Usage

ContentObjectElement

Element Purpose

Core Message Routing Usage

Delivery Selection

contentDescription Informational None Special *

contentKeywordContent

Identification Exp/Imp Pub/Sub   COI Filtering

incidentID Informational None None

incidentDescription Informational None None

originatorRole Functional Role Exp/Imp Pub/Sub COI Filtering

cosumerRole Functional Role Exp/Imp Pub/Sub COI Filtering

confidentiality Informational None Security Filtering

any* Message Security None Certificate Holders  

Payload Element UsagenonXMLContent

ElementElement Purpose

Core Message Routing Usage

Delivery Selection

mimeTypeContent

Identification NoneApplication

Filtering

size Informational NoneDistribution

Filtering 

digest Message Security None None

uri Informational None None

contentData Payload None None

xmlContentElement

Element Purpose

Message Routing Usage

Delivery Selection

keyXMLContentExpose specific

Payload elements None COI Filtering

embeddedXMLContent Payload None None