Information Technology Reference
In-Depth Information
federated authentication and authorization need to be enforced. Protecting just the
server itself becomes insufficient. One can even venture to say that if the transactions
and data are protected, the server itself can be sacrificed. On the networking side,
dutiful IP packets inspection to protect castle walls and moats aides little in detecting
and preventing hackers from executing fake transactions from within to steal millions.
The value is at transaction and data, not castle and moats. We have become the ever-
chasing security Don Quixote — good in protecting the walls, not the values.
2.3 The Concept of “Collaborative Sharing”
The concept of ownership is no longer based on that of owning the data physically.
Instead, it is based on the accessibility to the data. Given the web and the encryption
technology, data can be everywhere — just like encrypted satellite downlink. As such,
the ownership is being defined as the “entitlement” to read, write and make use of the
data. Business transactions go beyond the delivery of business artifacts such as a
piece of singed paper or even its digitally signed electronics copy. It will be based on
direct information access and manipulation owned by the other party. For example, in
a virtual Just-In-Time (JIT) environment, customers ordering parts will not be just
sending digitally signed Purchase Orders to the suppliers. They actually manipulate
the supplier's computing infrastructure and interact with the ordering system. This
updates the production data corresponding to the parts needed. As a result, the order is
automatically incorporated into the supplier's production process, as well as
supplier's partner network for any inventory supply support. Conversely, when the
parts are delivered, there will be no digitally signed paper-equivalence to “document”
the delivery information. The supplier actually modifies the customer's system to
reflect the delivery. This results in virtual JIT updates of accounting business process
and even the manufacturing inventory system across the entire virtual enterprise with
multiple distributed business partners around the globe. It is a much tighter integration
at the business and computing level.
2.4 “Business Objects” vs. “System Objects”
Business information residing on the computing infrastructure takes two forms of
existence — the data itself (business objects), and their electronic manifestations —
files, databases or electronic communications (system objects). Traditional IA
implementations treat business objects as system objects and protect them as such.
However, the line of distinction between business object and system objects has
always been blurry and the level of implementation has been coarse.
1.
Business objects (e.g. an engineering design) do not necessarily map to system
objects (e.g. a file). They are many one-to-many, many-to-one or even many-to-
many mappings. Protecting business objects does not equate to protect system
objects.
2.
While business objects tend to have more level of abstraction to faithfully reflect
the business needs, system objects are bounded by the system environment (e.g.
file system). Consequently, not all the level of granularity can be appropriately
implemented in system objects. Since IA has been designed to protect system
objects, this level of protection is coarse.
