If you missed this excellent live webcast with Evren Sirin, CTO, Clark & Parsia, the recorded webcast is now available.  You also can meet Evren in Washington DC, November 29-December 1, 2011 for SemTechBiz DC. The customer mentioned in this case study, JP Morgan Chase, will be co-presenting and discussing how they are implementing Access Control using Semantic Technologies.

DESCRIPTION

Access control is an essential part of nearly every IT system; Read more

In advance of his appearance at the Semantic Technology & Business Conference in Washington DC (November 29-December 1, 2011), Evren Sirin, CTO of Clark & Parsia, LLC, will conduct a Webcast on the topic of Using Semantic Technologies for Enterprise Policy Management.

All attendees of the webcast will be entered to win a Free Registration to SemTechBiz DC!*

WEBCAST DETAILS

• Wednesday, November 16, 2011
• 2:00 pm EST (US)

DESCRIPTION

Access control is an essential part of nearly every IT system; especially in domains dealing with sensitive information such as financial accounts, personal health records, etc.
Read more

At JPMorgan Chase, application security and semantic web technology are teaming up. David C. Laurance, who works in the former area at the financial services giant, is pursuing an initiative with semantic technology vendor Clark & Parsia, and its CTO Evren Sirin, that’s focused on authorization policy management. The primary goal is to ensure that a given access control policy – enabled by the XACML (eXtensible Access Control Markup Language) Oasis standard that provides a high-level XML-based language to describe access control policies for distributed resources – covers the actual business requirements for the application it protects.

It’s critical in the financial sector, with its trove of customer records and accounts and its requirements to separate duties around actions such as placing and settling trades, to have robust access control capabilities in place. Other verticals – think of health care and its rules and regulations around patient privacy – also take advantage of the XACML standard to describe control policies, to say in a declarative way which kinds of subjects can perform what kinds of actions on which resources.

Photo: Flickr/ Alexandre Dulaunoy

But XACML on its own doesn’t catch those things that might be wrong in a policy – the door may be left open to contradictory permissions because of the combination of different user characteristics embedded in a policy, for example.

Photo: Flickr/nathangibbs

“This is a matter of what kind of analysis do I have to do for critical policies to make sure that they’re right,” Laurance explains. “When you have two different permissions, that’s where you can get into mischief.” That mischief might be the purposeful actions of a rogue trader out to defraud a bank, or it might be the accidental result of not ensuring that the right oversight and authorizations are maintained. Either way, it’s a potential problem.

Read more