Web 2.0 is eventually going to have an impact on Enterprises, at least in terms of collaborative tools. Employees, familiar with Web 2.0 mash-up tools, social network tools, etc., (because they use them in their “private lives” …) will gradually find these tools (and related approaches) more and more relevant and useful also in their day-to-day work, in organising their information, generating content and sharing it with other colleagues. This will have an impact on enterprise collaborative solutions. It is already happening …
However, collecting and organising information within enterprises is subject to business rules, security and privacy constraints. Depending on the level of confidentiality, people’s roles and current stages of business activities (e.g. a Merge & Acquisition process, a security/audit review, a product development, etc.), different “views” and “perspectives” on information need to be provided to different employees for specific reasons. Generated and collected information can be unstructured or only partially structured.
Whilst collaborative and mash-up tools on the web might only need simple access control (or no security at all), a quite different story applies for enterprises. These tools and solutions needs to be “adapted” and re-thought in an Enterprise context.
I am still looking for additional use cases and business cases for Identity 2.0 in enterprises (see here and here …): however I think that there is an opportunity and a role for “Content-Aware Access Policies” and “Content-Aware Access Control” for Web 2.0 collaborative solutions in enterprises.
Content-Aware Access Policies define fine-grained access control constraints on information (for example collected in enterprise collaborative/mash-up tools), by keeping into account different types of content, its actual content and contextual parameters (users, their role, system information, etc.). They reflect business, security and privacy constraints directly on valuable information and content. Part of these policies can be defined directly by people (employees) generating “content” and coupled to this content. In this scenario, the definition of access policies becomes itself the result of social/collaborative networks (in enterprise contexts).
Content-Aware Access Control is driven by these policies: it is not only about allowing (or denying) access to a piece of information (as a whole entity), but can provide fine-grained views and perspectives on this information by processing and manipulating the content.
I think there is an opportunity in exploring models and criteria to express these policies and enforce them with “appropriate” access control systems – by leveraging and extending existing Web 2.0 collaborative solutions. I am very interested in knowing your views and comments on this.
No comments:
Post a Comment