Trust policy management for the financial industry using semantic web rules

• Main Author: Neogy, Chitravanu
• Other Authors: Benjamin Grosof.
• Format: Others
• Language: English
• Published: Massachusetts Institute of Technology 2005
• Subjects: Management of Technology Program.
• Online Access: http://hdl.handle.net/1721.1/17811

Thesis (S.M.M.O.T.)--Massachusetts Institute of Technology, Sloan School of Management, Management of Technology Program, 2004. === Includes bibliographical references (leaves 89-94). === Trust Management is a growing problem in large corporations today. In industries like financial services, firms need to comply with constantly changing regulations, security requirements and business policies. Information technology is often the backbone of the processes that are regulated by such policies. Traditionally fine-grained Trust Management has been attempted by embedding policies within business logic of silo software applications. This practice leads to high total costs of ownership, minimal interoperability, potential security vulnerabilities and low management visibility into policy specifications and enforcement, which complicates compliance challenges with regulations like Sarbanes Oxley. This thesis makes several new contributions. First, it evaluates trust-policy related applications in the overall financial services industry that can benefit from rule technologies. A second contribution is proposing SCLP RuleML, an emerging semantic web rule language, for representing trust policies (SCLP = The Situated Courteous Logic Programs knowledge representation). A third contribution is providing several financial application scenarios in SCLP that demonstrate the effectiveness of RuleML, including credit card authorizations for electronic transactions, Check 21 processing in banks and account access control in brokerage or mutual fund systems. Finally we provide a rationale and a proposal for RuleML to be a reference implementation of extensible Access Control Markup Language (XACML), an evolving OASIS standard for digital authorization. === (cont.) Potential benefits of such standardization include lower cost and more effectiveness of policy administration; better governance and coordination through centralized ownership or interoperability; and reduced system development costs over the full life cycle. === by Chitravanu Neogy. === S.M.M.O.T.