Dynamic Collaborations for Information Sharing Within and Across Virtual Teams

9th International Conference on Frontiers of Information Technology (FIT 2011): 19 December 2011 by Dr. Ahmad Kamran Malik

Co-author: Prof. Schahram Dustdar

Distributed Systems Group, Institute of Information Systems, Vienna University of Technology (TU-Wien), Vienna, Austria kamran@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/staff/kamran/

Sharing Control (Scenario)

Entities, Priorities, context & Collaborative Relationships

Dynamic Collaborations
Temporary collaborations Handled using task User-based collaboration: (C is collaboration) Intra-team (sub-team) inter-team(disjoint team)
Team C Team1 C Team2

Team-based collaboration (inter-team): Union (super-team) intersection (common team)

C Team1 Team2 Team1 C Team2

Dynamic Sharing & Privacy-aware RBAC Core (DySP-RBAC) Model

Assignment Relations

Session mappings (permissions)

Hierarchical DySP-RBAC Model

Reduces number of permission assignments

Hierarchies in DySP-RBAC
Role hierarchy (Permission inheritance) Team hierarchy (User & Task inheritance) Task hierarchy (User & Role inheritance) Collaborative Relationship hierarchy (Permission inheritance) Access Level hierarchy (Permission inheritance) Object hierarchy (Permission inheritance) Purpose hierarchy (Permission inheritance)

Constrained DySP-RBAC Model

Enforce higher-level organizational policies

Separation of Duty (SoD) constraints Separates sensitive combination of duties

Design time (SSD) & runtime (DSD) Prevent fraud or error

Static Separation of Duty (SSD) constraints

User-Role Team-Task User-Team Task-Role

Dynamic Separation of Duty (DSD) constraints

Role, team, & task activation

Sharing and Privacy-aware Rules

Three types of rules in DySP-RBAC model
Sharing and Privacy-aware Permission Assignments (SPPA) Sharing and Privacy-aware Prohibitions (SP_Proh) Sharing and Privacy-aware Exceptions (SP_Except)

Collaborative Relationships & level of response

RBAC model responses

Dynamic Sharing control model responses

Conclusion Contributions
Dynamic Sharing and Privacy-aware RBAC model Enhanced sharing & owner-controlled sharing Sharing and privacy rules & conflict handling

Future work
Consumer information sharing scenarios Mapping schemes for incompatible roles across the enterprises

Thank you

Q&A

Dynamic Sharing Calculations

Dynamic Sharing is calculated at runtime Describes level of sharing Dynamic Sharing uses:
Personal relationship = (Personal trust + access history) / 2
Personal trust is user input number (0..1) Access history = (no. of positive accesses / total no. of accesses)

Dynamic collaboration uses entity & personal relationships

(role + team + task + enterprise + personal relationship) / 5

Static access level (is found in SPPA) Context value (from collaborative-context configuration file)

Aggregate Sharing Level

Individual Sharing level