NACUW Conference and AGM 20 October 2011 Jonathan Ellis Financial Services Authority (FSA)
Authority Vectors David E. Ellis. U.S. Geo-Political Example Geographic AreaPolitical Authority...
14
Authority Vectors David E. Ellis
-
Upload
horace-tyler -
Category
Documents
-
view
215 -
download
3
Transcript of Authority Vectors David E. Ellis. U.S. Geo-Political Example Geographic AreaPolitical Authority...
Authority Vectors
David E. Ellis
U.S. Geo-Political ExampleGeographic Area Political Authority (Jurisdictions)Solar System, Galaxy, Universe: Are defined Solar System, Galaxy, Universe: To be determined
Earth: A larger geographic region which includes all of Nations on the face of the planet.
United Nations: International organization formed to promote international peace, security, and cooperation under the terms of the UN charter.
Nation: A larger geographic region which includes 50 States or several territories.
United States: The authority to regulate behavior of population within it’s geographic region and limited to authority granted by states via the US constitution
States: A larger geographic region which includes one or more counties
State: The authority to regulate the behavior of population within it’s geographic region and is the basic politic body which together make up the federal union of United States of America.
County: (or Tribal): A larger geographic region which may include one or more cities
County: The authority to regulate the behavior of population within it’s geographic region and is the largest administrative division of a U.S. state
City: The geographic region which is mutually inhabited by a group of people
City: The authority to regulate the behavior of certain aspects of their residents usually an incorporated municipality governed by a mayor and a board of aldermen or councilmen
Territory: a region or district of the U.S. not admitted to the Union as a state but having its own legislature, with a governor and other officers appointed by the President and confirmed by the Senate
Trans-Enterprise Service Grid (TSG)• OASIS Emergency Data Exchange Language – Distribution Element (EDXL-DE) is distribution
metadata for distributing TSG content.• OASIS Common Alerting Protocol (CAP) is a specific alert content standard.• TSG node – a node that produces, processes, and/or consumes EDXL-DE documents and/or
their content.• Secure Policy-oriented Object Router (SPOR) – a TSG node that process/forwards EDXL-DE
content not explicitly addressed to itself.• Edge SPOR – a special node which has bridges between TSG and external interfaces. SPOR
which receives Injection from/provides Deliver to TSG Node. • Core SPOR – a general purpose router with internal TSG capabilities.• High Assurance SPOR (HA-SPOR) – a SPOR which uses cryptographic protection to eliminate
host Operating System and application exploitation processes.• A SOA Application Host – any node that is not a SPOR but connects to the TSG via a SPOR.
These hosts represent the Sender and Recipient for any information exchange.• TSG Link – a communication facility or medium which delivers TSG content.• TSG Neighbors – nodes attached to the same link. • TSG Interface – a node’s attachment to a link.
Information and Policy Flow• Policy Flow
– Nation -> Nation– United States (National) -> States– States -> States– States -> County (or Tribal)– County -> County– County -> City– City -> City
• Information Flow– Inject (Sending something into the TSG)– Deliver (Receiving something from the TSG)– Forward (Sending something up the authority vector)– Distribute (Sending something down the authority vector)– Exchange ( Sending something to a peer at same authority)
deployment Nodes
«executionEnvironment,USPolicy»United States
«executionEnvironment,S2Policy»State Two
«executionEnvironment»county Three
«executionEnviron...City Three
«device»Edge SPOR3
«executionEnvironment,S1Policy»State One
«executionEnvironment,C1P...County One
«executionEnvironm...City One
«device»Edge SPOR1
«device»Edge SPOR4
«executionEnvironment»County Two
«executionEnvironme...City Two
«device»PublSub1
«device»Sub1-EAS
«device»Pub1-Sensor
«device»PubSub2
«device»PubSub3
«device»Sub2-EAS
«device»Edge SPOR2
«device»Edge SPOR5
«device»Edge SPOR7
«device»Edge SPOR6
«device»Edge SPOR8
«device»PubSub4
«device»PubSub5
«device»Edge SPOR9
«device»PubSub6
«device»PubSub8«device»
PubSub7
«device»Pub2-President
«device»PubSub10
«device»PubSub9
«device»Sub3-EOC
Deliver«Flow»
Deliver «Flow»
Inject
«Flow»
Exchange
«Flow»
Exchange
«Flow»
Exchange
«Flow»
Exchange
«Flow»
Report«Flow»
Distribute
«Flow»Distribute
«Flow»
Report«Flow»
Report
«Flow»
Exchange
«Flow»
Distribute«Flow»
Report
«Flow»
Deliver
«Flow»
Inject
«Flow»
Deliver
«Flow»
Inject
«Flow»
USPolicies
«PolicyFlow»
StateOnePolicies
«PolicyFlow»StateOnePolicies
«PolicyFlow»
USPolicies
«PolicyFlow»
Report«Flow»
Distribute«Flow»
City Two
«PolicyFlow»
County One
«PolicyFlow»
County Two
«PolicyFlow»
Distribute
«Flow»
Distribute«Flow»
Deliver
«Flow»
Inject
«Flow»
Deliver
«Flow»
Deliver
«Flow»
Inject
«Flow»
Exchange
«Flow»
Distribute«Flow»
Exchange
«Flow»
Report«Flow»
Deliver«Flow»
StateTwoPolicies
«PolicyFlow»Deliver
«Flow»
Distribute
«Flow»
Report
«Flow»
StateTwoPolicies
«PolicyFlow»
StateOnePolicies
«PolicyFlow»
Exchange
«Flow»
City One
«PolicyFlow»
Report
«Flow»
Inject
«Flow»
Deliver
«Flow»
Deliver
«Flow»
Inject
«Flow»
Inject«Flow»
Inject
«Flow»
Deliver
«Flow»
Inject
«Flow»
Inject
«Flow»
Inject
«Flow»
Deliver«Flow»
Data in Motion• Domain is Distribution (What)• Who/What should get content (Purpose)
– Sender Authority (Empowerment)– Recipient Authority (Empowerment)– Other (policies about content distribution)
• Metadata Usage (How to use XML elements)– Message Authentication– Intent of Distribution– Empowerment (Authority for Distribution)– Disclosure control (Who can see what)
• Ontology issues– Intrinsic Part of the Thing– Extrinsic Context of the Thing
• Willingness Issues
Policy Examples• General: Policies which effect entire TSG
– This.TSG shall distribute all EDXL-DE Msg (allow example)– This.TSG shall not distribute sensitve EDXL-DE Msg (deny example)– This.TSG shall exchange with TSGs (Value A, Value B, etc.)– This.TSG shall support multiple ContentObjects per message)– This.TSG shall support Explicit Distribution (e-mail, Open)
• Inject (Sending something into the TSG)– This.SPOR accepts EDXL-DE Msg only– This.SPOR accepts CAP Msg– This.SPOR accepts Msg from only COI( Social Structure or Jurisdiction)
• Deliver (Receiving something from the TSG)– This.SPOR delivers to RecipientRole (Value A, Value B, etc.)– This.SPOR delivers to ExplicitAdrress(Value A, ValueB, etc.)
• Forward (Sending something up the authority vector)– This.SPOR endorses Msg from COI (Value B, Value B, etc.)
• Distribute (Sending something down the authority vector)– etc.
• Exchange ( Sending something to a peer at same authority)– Etc.
SOA Willingness
• Authority Flow– Local– Tribal– State– Federal– International
• Content Authority– Law Enforcement– Health
DistributionCloud
Receiver
Sender State
Federal
class EDXL-DE_Schema_v ...
«XSDtopLevelElement»EDXLDistribution«XSDcomplexType»
ComplexTypeClass1
«XSDelement»+ combinedConfidentiality: string+ contentObject: contentObjectType [0..*]+ dateTimeSent: dateTime+ distributionID: string+ distributionReference: string [0..*]+ distributionStatus: statusValues+ distributionType: typeValues+ explicitAddress: valueSchemeType [0..*]+ keyword: valueListType [0..*]+ language: string [0..1]+ recipientRole: valueListType [0..*]+ senderID: string+ senderRole: valueListType [0..*]+ targetArea: targetAreaType [0..*]
«XSDcomplexType»contentObjectType
«XSDelement»+ confidentiality: string [0..1]+ consumerRole: valueListType [0..*]+ contentDescription: string [0..1]+ contentKeyword: valueListType [0..*]+ incidentDescription: string [0..1]+ incidentID: string [0..1]+ originatorRole: valueListType [0..*]
«XSDchoice»ModelGroup1
«XSDelement»+ nonXMLContent: nonXMLContentType+ xmlContent: xmlContentType
«XSDany»ModelGroup2
«XSDcomplexType»nonXMLContentType
«XSDelement»+ contentData: base64Binary [0..1]+ digest: string [0..1]+ mimeType: string+ size: integer [0..1]+ uri: anyURI [0..1]
«XSDcomplexType»xmlContentType
«XSDelement»+ embeddedXMLContent: anyXMLType [0..*]+ keyXMLContent: anyXMLType [0..*]
«XSDcomplexType»anyXMLType
«XSDany»ModelGroup3
«XSDcomplexType»valueListType
«XSDelement»+ value: string [1..*]+ valueListUrn: string
«XSDcomplexType»valueSchemeType
«XSDelement»+ explicitAddressScheme: string+ explicitAddressValue: string [1..*]
«XSDcomplexType»targetAreaType
«XSDelement»+ circle: string [0..*]+ country: string [0..*]+ locCodeUN: string [0..*]+ polygon: string [0..*]+ subdivision: string [0..*]
«enumeration»statusValues
Actual Exercise System Test
«enumeration»typeValues
Report Update Cancel Request Response Dispatch Ack Error SensorConfiguration SensorControl SensorStatus SensorDetection
+contentObject
+embeddedXMLContent
+keyXMLContent+xmlContent+nonXMLContent
0..*
+originatorRole
1..*
+consumerRole
+targetArea
+senderRole
+explicitAddress
+distributionStatus
+distributionType
+keyword
+recipientRole
+contentKeyword
Intent
Empowerment
Authenticity
Disclosure
Policy ExampleNon-Repudiation-Authenticity-Intent-Empowerment
ElementPurpose
Routing Issues-Hop count-Token versus CRL validation
Collection Of InterestvalueListUrn (Structure)
Locations
OwnsSender
RecipientOriginatorConsumerKeywords
contentKeywords
Taxonomies
TBDAttributes
SecurityLevel
Jurisdiction or Social Structure
ValueListURN relatedto EDXL function andValues for Function
Keywords and contentKewords can be used to represent any topic needed in RDF
Triple
ContentObject
Sender
Originator
RoleType
Consumer
Recipient
Schema/Format
MIMEType
IER (IEPD)Needline
Keyword ContentKeyword
TagNames
AllowedValues
EDXLHeader
EDXL Header Usage
ElementElement Purpose
Core Message Routing Usage
Delivery Selection
distributionID Message Identification None None
senderID Message Identification None None
dateTimeSent Message Identification None None
distributionStatus Action Level None - TBDApplication
Filtering
distributionType Functional Type None - TBDApplication
Filtering
combinedConfidentiality Informational None Security Filtering
language Informational None Nationality Filtering
senderRole Functional Role Exp/Imp Pub/Sub COI Filtering
recipientRole Functional Role Exp/Imp Pub/Sub COI Filtering
keyword Content Identification Exp/Imp Pub/Sub COI Filtering
distributionReference Message Identification Experimenting Fixed
explicitAddress External delivery Explicit Fixed
ContentObject Elements Usage
ContentObjectElement
Element Purpose
Core Message Routing Usage
Delivery Selection
contentDescription Informational None Special *
contentKeywordContent
Identification Exp/Imp Pub/Sub COI Filtering
incidentID Informational None None
incidentDescription Informational None None
originatorRole Functional Role Exp/Imp Pub/Sub COI Filtering
cosumerRole Functional Role Exp/Imp Pub/Sub COI Filtering
confidentiality Informational None Security Filtering
any* Message Security None Certificate Holders
Payload Element UsagenonXMLContent
ElementElement Purpose
Core Message Routing Usage
Delivery Selection
mimeTypeContent
Identification NoneApplication
Filtering
size Informational NoneDistribution
Filtering
digest Message Security None None
uri Informational None None
contentData Payload None None
xmlContentElement
Element Purpose
Message Routing Usage
Delivery Selection
keyXMLContentExpose specific
Payload elements None COI Filtering
embeddedXMLContent Payload None None
