Return to http://www.info-arch.org/lists/sigia-l/0504/0082.html


SIGIA-L Mail Archives: [Sigia-l] Designing a site with restricted content

[Sigia-l] Designing a site with restricted content

From: Christine Connors (Christine_Connors)
Date: Thu Apr 07 2005 - 12:57:57 EDT


[Re-posted because of formatting problems. Dick Hill]

Andy et al -

We use Verity for our intranet search and have implemented a security model
like that you have alluded to. It has worked very well for us. We have done
extensive usability testing and independently came to the determination that
the DOD model detailed by Denise is what works best for our users. In the
defense/military realm an object's metadata (abstract, citation)can be
unclassified while the full object is classified. It gets very complicated,
so we authenticate at the object level, using the capabilities of our
various content and document management systems.

If searching from our classic intranet, the user is prompted to authenticate
after submitting the query, but before being given the results list. All
documents the user is not cleared for are removed. Yes, this does increase
the time to results, but it's still a sub-second response. To mitigate this,
users are encouraged to move to our new portal-based environment (change
management is a separate topic!). As they have to authenticate to log on to
portal, and then remain authenticated, the credentials are passed
automatically between submitting the query and receiving the results. We
also use several different collections (indexes). This allows us to have the
default search only return unclassified information and authentication is
never an issue. Users are only asked to authenticate if they select "All"
collections or a collection with secured content.

It's not rocket science (trust me, I work with those guys!) but it is very
detailed work that relies heavily on the object owners and our Security
organizations.

Christine

> Another part of restricting the content to consider is search. You want to
> be sure you've configured your search engine (assuming Intranet or
corporate
> search) to only display results that the user has the correct security
> access. Some search engines are good at this and some aren't. If I
remember
> correctly Verity was developed for use by the CIA (correctly if I'm wrong
> here) and includes the ability to screen out results by access level.
>
> Andy

-AND-

> [...] They are able to display metadata to let people within the
department
> know what exists, but to hold the content secure. ? The intent is that if
you
> have a need to see content, you can request access. ?However, if you don't
have
> any idea what exists, you can never make a request. ? And, therefore you
may
> miss content you need. ? Role based login is implemented at the content
object
> level rather than the website level. [...]

> Denise

Christine JM Connors
Metadata Architect
Raytheon Company
Enterprise IT
Christine_Connors_at_raytheon.com



This archive was generated by hypermail 2.1.6 : Fri Jun 03 2005 - 03:48:43 EDT

 

Return to http://www.info-arch.org/lists/sigia-l/0504/0082.html