Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on July 20, 2007 5:28 PM.

The previous post in this blog was Scaling Federation Trusts.

The next post in this blog is Draft uses cases for document management/drm protocol that integrates with XACML.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Scaling Federation Trusts | Main | Draft uses cases for document management/drm protocol that integrates with XACML »

Search Engines and a Document Management Protocol that integrates with XACML

One of the challenges facing enterprises is how to make available information that is sitting in enterprise silos while at the same time ensuring that the information is seen by those who are approved to see it. As big search engines move into the enterprise, this challenge becomes very important.

A large search engine company like Google, Yahoo or Microsoft could write unique API's for every document management vendor out there. The API's could then interpret the document management policy rules for each document and then determine which documents to show the user doing the search. However, this becomes extremely expensive to do and maintain.

I believe that in order to free up enterprise information, the search engine companies need to consider helping create a document management/digital rights management protocol that integrates with XACML. Why?

If there was a common XML schema defining document management types and a way to communicate document management policies that tie to the identity, the enterprise would now have a way to deploy search engines internally quickly and inexpensively. For example let's say that Guy is an employee of Acme Inc. They have eight different document management systems within Acme.

Guy does a search for "Widget X" using the search engine tool. The search engine uses the document management protocol to communicate with each of the eight document management systems. Let's say that there are hits for the search term "Widget X" in three of the document management systems. The document management systems would then communicate with the search engine.

One of the hits is viewable by anyone within the enterprise. So, in this case, the document management system would, via the document management protocol, let the search engine know that it can display this hit to Guy, since he is an employee of Acme.

The second hit is for a more sensitive document on Widget X. It requires that Guy use his digital cert to open it. In this case, the document management system communicates with the search engine via the protocol. The search engine shows the header of the document. When Guy tries to open the document, the search engine prompts Guy for his digital cert using XACML.

The third hit document is top secret. Only a limited number of people on an access control list are able to view the document. The search engine uses the document management protocol and XACML to see if Guy is on the list. He isn't. Therefore, depending on how Acme has customized the search engine, it may not show Guy that the document exists or, it may show a header and indicate that Guy needs to talk to his superiors in order to access the document.

We need a way to inter-operate quickly, inexpensively and with the appropriate security when freeing up information contained within enterprise silos. In my own view, this requires a new document management protocol that integrates with XACML. With this, the digital future beckons.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on July 20, 2007 5:28 PM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/252

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)