Controlling Compliance of Collaborative Business Processes through an Integration Platform within an E-government Scenario

Compliance management is gaining increasing interest in inter-organizational service-oriented systems, which are usually supported by integration platforms. Due to their mediation role and capabilities, these platforms constitute a convenient infrastructure for controlling compliance requirements affecting inter-organizational message exchanges, which may be carried out as part of collaborative business processes (CBPs). This paper addresses compliance requirements of CBPs within an e-government scenario, by using a policy-based compliance control solution for integration platforms which was introduced in our previous work

A framework for thinking about enterprise formalization policies in developing countries

What policies encourage firms to become formal? The standard approach emphasizes reducing the costs of compliance with government regulation. This is unlikely to be sufficient. Instead we need to understand compliance as a function not only of firm-level costs and benefits but also in terms of the interaction between the firm and its competitors and between the firm and the state. This paper emphasizes the coordination and credibility issues involved in promoting formalization and discusses possible institutional solutions, among them business associations that make the benefits of membership dependent on compliance, information sharing arrangements among government agencies and improvements in the quality of public management.Microfinance,Small Scale Enterprise,Public Sector Economics&Finance,Economic Theory&Research,Public Sector Regulation

Algorithmic Fairness from a Non-ideal Perspective

Inspired by recent breakthroughs in predictive modeling, practitioners in both industry and government have turned to machine learning with hopes of operationalizing predictions to drive automated decisions. Unfortunately, many social desiderata concerning consequential decisions, such as justice or fairness, have no natural formulation within a purely predictive framework. In efforts to mitigate these problems, researchers have proposed a variety of metrics for quantifying deviations from various statistical parities that we might expect to observe in a fair world and offered a variety of algorithms in attempts to satisfy subsets of these parities or to trade o the degree to which they are satised against utility. In this paper, we connect this approach to fair machine learning to the literature on ideal and non-ideal methodological approaches in political philosophy. The ideal approach requires positing the principles according to which a just world would operate. In the most straightforward application of ideal theory, one supports a proposed policy by arguing that it closes a discrepancy between the real and the perfectly just world. However, by failing to account for the mechanisms by which our non-ideal world arose, the responsibilities of various decision-makers, and the impacts of proposed policies, naive applications of ideal thinking can lead to misguided interventions. In this paper, we demonstrate a connection between the fair machine learning literature and the ideal approach in political philosophy, and argue that the increasingly apparent shortcomings of proposed fair machine learning algorithms reflect broader troubles faced by the ideal approach. We conclude with a critical discussion of the harms of misguided solutions, a reinterpretation of impossibility results, and directions for future researc

Applying real-time analytics to data streams in digital health

In this presentation we will describe the benefits of real-time analytics, specifically complex event processing technology, in addressing a number of challenges in digital health applications. We will focus on three uses cases. The first use case is a real-time detection of unusual or inappropriate laboratory orders, the problem which leads to significant and unnecessary costs to many healthcare providers. The second use case is the detection of potential data quality issues associated with source systems in pathology labs, by using a novel idea of applying syndromic surveillance method to the legacy clinical data streams, achieved through statistical analysis of pathology messages to identify “outliers”. The third use case is about supporting clinicians in making timely decisions regarding patient care, taking into account a combination of real-time information about patient conditions and their existing medical conditions taken from electronic health records. We will demonstrate how we used the EventSwarm software framework for complex event processing to support this real-time analytics and will discuss a number of future research directions.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Introducing Accountability to Anonymity Networks

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BackRef, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest. We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model

Evaluation of a Collaborative Model Using A Case Study Analysis of Watershed Planning in the Intermountain West

Planning methods that involve collaboration are gaining popularity and currently being applied in a variety of resource management issues . Based on current planning theory, researchers have proposed a conceptual collaborative model for environmental planning and management . This thesis evaluates the usefulness of the model to describe the range of factors important for the establishment and operation of collaboration in environmental planning. This iterative model suggests that collaboration emerges from a series of antecedents and then proceeds sequentially through problem setting, direction setting, implementation, and monitoring and evaluation phases. The evaluation was based on three case studies of watershed-based planning efforts in the lntermountain West. Watershed planning efforts were selected because watersheds have been identified as a suitable framework for addressing many environmental issues . In addition, watersheds frequently cross many political boundaries and therefore planning efforts in a watershed context often require collaboration between the various entities. Based on the case study analysis, the model seems to realistically describe fundamental collaborative elements in environmental planning . Factors that proved to be particularly important include the involvement of stakeholders in data collection and analysis and the establishment of measurable objectives . Informal face to face dialogue and watershed field tours were critical for identifying issues and establishing trust among stakeholders. Group organizational structure also plays a key role in facilitating collaboration . From this analysis, suggestions for refining the model are proposed. In addition , key elements that planners should consider when embarking on a collaborative effort are highlighted