Trust policy management for the financial industry using semantic web rules

Author(s)
Neogy, Chitravanu
Thumbnail
DownloadFull printable version (4.511Mb)
Other Contributors
Massachusetts Institute of Technology. Management of Technology Program.
Advisor
Benjamin Grosof.
Terms of use
M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
Trust Management is a growing problem in large corporations today. In industries like financial services, firms need to comply with constantly changing regulations, security requirements and business policies. Information technology is often the backbone of the processes that are regulated by such policies. Traditionally fine-grained Trust Management has been attempted by embedding policies within business logic of silo software applications. This practice leads to high total costs of ownership, minimal interoperability, potential security vulnerabilities and low management visibility into policy specifications and enforcement, which complicates compliance challenges with regulations like Sarbanes Oxley. This thesis makes several new contributions. First, it evaluates trust-policy related applications in the overall financial services industry that can benefit from rule technologies. A second contribution is proposing SCLP RuleML, an emerging semantic web rule language, for representing trust policies (SCLP = The Situated Courteous Logic Programs knowledge representation). A third contribution is providing several financial application scenarios in SCLP that demonstrate the effectiveness of RuleML, including credit card authorizations for electronic transactions, Check 21 processing in banks and account access control in brokerage or mutual fund systems. Finally we provide a rationale and a proposal for RuleML to be a reference implementation of extensible Access Control Markup Language (XACML), an evolving OASIS standard for digital authorization.
 
(cont.) Potential benefits of such standardization include lower cost and more effectiveness of policy administration; better governance and coordination through centralized ownership or interoperability; and reduced system development costs over the full life cycle.
 
Description
Thesis (S.M.M.O.T.)--Massachusetts Institute of Technology, Sloan School of Management, Management of Technology Program, 2004.
 
Includes bibliographical references (leaves 89-94).
 
Date issued
2004
URI
http://hdl.handle.net/1721.1/17811
Department
Management of Technology Program.Sloan School of Management
Publisher
Massachusetts Institute of Technology
Keywords
Management of Technology Program.
Collections