Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matt Zeets M.S. Student Information & Telecommunication Technology Center The University of Kansas October 8 th, 2010 1.

Published byNathaniel Neal Modified over 8 years ago

Similar presentations

Presentation on theme: "Matt Zeets M.S. Student Information & Telecommunication Technology Center The University of Kansas October 8 th, 2010 1."— Presentation transcript:

1 Matt Zeets M.S. Student Information & Telecommunication Technology Center The University of Kansas October 8 th, 2010 1

2 Overview Introduction Mashups Supply Chain Information Security Mashups in the Supply Chain Analysis Conclusion 2

3 Introduction Motivation Web 2.0 offers solutions Questions to Answer Method 3

4 Motivation Supply chains have problems Liability issues Importing/exporting regulations Weather Traffic Market fluctuations Security Physical Data Less efficiency, higher cost 4

5 Web 2.0 Offers Solutions Service-Oriented Architecture (SOA), web mashups, blogs, wikis, and social networking sites Offer new forms of communication and ways to share information This presentation will focus on using web mashups to help fix some problems in supply chain 5

6 Questions Will mashups be beneficial to the supply chain industry? What benefits do mashups offer in an enterprise setting? What advantages does using mashups in the supply chain offer? What are the main costs of implementing mashups in a supply chain? Can mashups be implemented in a supply chain in a secure way? What incentives do enterprises have to share information openly? 6

7 Method Researched mashups, supply chains, and information security Developed questions to judge mashups worth in supply chain Analyze and discuss how well mashups would work in supply chain Based on questions Using feasible scenarios Qualitative not quantitative analysis 7

8 Mashups Definitions Example Types of Mashups Tools Advantages 8

9 Definitions Web Mashup- combining two data sources into a new service Data sources Feeds Widgets Services 9

10 Mashup Example Google Maps Service that provides location data Combine these two into a mashup that overlays the location data onto the map 10

11 Types of Mashups Consumer- developed by general public Typically simple Developed by anyone Can be free or sold Enterprise- developed by an enterprise Purpose is to save/make money Generally only free to public if it helps enterprise 11

12 Mashup Tools www.ProgrammableWeb.com Over 2000 APIs and 5000 mashups Consumer Mashup Developing Platforms Current: Yahoo! Pipes Former: Microsoft’s Popfly, Google’s Mashup Editor, and Dapper Enterprise Mashup Developing Platforms IBM’s Mashup Center JackBe 12

13 Advantages of Mashups Reuse existing services Remove duplication, easier to fix/upgrade Make services that were not feasible before 13

14 Supply Chain Management Background Physical Security Electronic Freight Management (EFM) Service-Oriented Architecture (SOA) 14

15 Background Standard shipping container 20’x8’x8’ Goods locked in transit Unlocked to load/unload/inspect goods Three main modes of transportation Rail Road Water Inland Maritime 15

16 Physical Security Two main concerns Theft of goods out of containers Using containers to smuggle goods or people Containers are shipped in bulk Difficult to monitor them all Mashups can facilitate monitoring of containers Mashups create new data security concerns 16

17 Electronic Freight Management (EFM) Breaks typical steps along supply chain into services Uses Service-Oriented Architecture (SOA) Improves Shipment visibility Tracking Interfaces with government authorities Security Reduces data entry 17

18 Service-Oriented Architecture (SOA) Make services loosely-coupled Different services interchangeable if same interface Facilitates scalability 18

19 Mashups versus SOA 19

20 Information Security Security Concepts Vulnerabilities introduced by Mashups Security Models and Access Controls API Keys 20

21 Security Concepts Confidentiality- data is not disclosed to unauthorized parties Integrity- system operates in intended manner Availability- service available in expected amount of time and to all authorized parties Authenticity- service and user are who they say they are Accountability- if something does go wrong, problem can be tracked Attackers Hacker Criminal Enterprise Internal Threat 21

22 Vulnerabilities Introduced by Mashups Data sources used Data sources created Some information confidential to specific other parties 22

23 Security Models and Access Controls Chinese Wall Model Conflict of interest classes Enterprises in same industry or conflicts of interest put in same conflict of interest classes Helps define safe reading/writing practices 23

24 Chinese Wall Model 24

25 API Keys API- Application Programming Interface API key- helps protect the way application is accessed How they work API key and consumer secret hashed together Forms MAC (Message Authentication Code) MAC sent in API request to authenticate user Purpose Authenticate user (password of sorts) Limit users 25

26 Mashups in the Supply Chain Analysis Possible Scenarios Questions Revisited What benefits do mashups offer in an enterprise setting? What advantages does using mashups in the supply chain offer? What are the main costs of implementing mashups in a supply chain? Can mashups be implemented in a supply chain in a secure way? What incentives do enterprises have to share information openly? 26

27 Scenario One User: Truck drivers Mobile device application Help avoid weather/traffic Simple, enterprises don’t need to collaborate 27

28 Scenario Two User: Small and medium size enterprises Desktop application Help consolidate less than full containers between two or more enterprises Slightly more complex, more security concerns 28

29 Benefits of mashups in an enterprise setting? Mashup platforms that support enterprise Training Dedicated mashup developers? Must provide way to make supply chain more efficient or cut costs 29

30 Benefits of mashups in an enterprise setting? (cont.) Scenario 1 Truck drivers could use to avoid traffic/weather Would require little/no training Would make shipping enterprises more efficient Scenario 2 Smaller enterprises could consolidate less than full shipments Would require more overhead Would cut costs 30

31 Advantages of Mashups? General mashup advantages Reuse services Fewer duplicate services Make services not feasible before 31

32 Advantages of Mashups? (cont.) Mashup advantages in supply chain 1 st scenario Make service not available before Solve problems with real-time data quickly 2 nd scenario Data accessible to many parties Helps enterprises coordinate something not feasible before 32

33 Costs of Implementing Mashups? Mashup development Several platforms already available for use IBM Mashup Center and JackBe Platforms can also be developed Training Both scenarios some training to develop Both scenarios little training to use Mostly initial cost, with little reoccurring cost 33

34 Costs of Implementing Mashups? Service repository maintenance 1 st scenario would need little/no maintenance 2 nd scenario would have to be maintained Ensuring data provided is correct Ensuring data is only provided to certain enterprises 34

35 Can Mashups be used Securely? First scenario No sensitive information transmitted (weather, traffic, mapping) No data shared between enterprises Very safe application Mobile devices that transmit sensitive information need more security Password/API key Trust cell phone company? 35

36 Can Mashups be used Securely? (cont) Second scenario Chinese Wall Model Trusted third party API keys Still has some concerns Give up assurance of confidentiality or limit enterprises that can work together Availability 36

37 Will Enterprises Share Information? Chinese Wall Model would help No guarantees Still opportunity with mashups that don’t need multiple enterprises to work 37

38 Conclusion Both scenarios Would work in enterprise setting Offer advantages hard to come by without mashups Solve problems with real-time data quickly Data accessible to many parties Costs can change some but fairly standard There are ways to secure mashups Some mashup applications do not require enterprises to share information Evidence supports that at least some mashup applications would be beneficial 38

39 Questions 39

Download ppt "Matt Zeets M.S. Student Information & Telecommunication Technology Center The University of Kansas October 8 th, 2010 1."

Similar presentations

Secure Mobile IP Communication

Secure Mobile IP Communication
Operating System Security

Operating System Security
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Cross Town Improvement Project Randy W. Butler Transportation Specialist US Department of Transportation Federal Highway Administration Office of Freight.

Cross Town Improvement Project Randy W. Butler Transportation Specialist US Department of Transportation Federal Highway Administration Office of Freight.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
EServices Office Managing Ubiquitous Content On the Web: Today and in the Future – (State ISO Meeting, July 10, 2008)

EServices Office Managing Ubiquitous Content On the Web: Today and in the Future – (State ISO Meeting, July 10, 2008)
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
Gov 2.0: The Government’s Web 2.0 Platform Ramesh Ramakrishnan Division Director Citizant Ph: (703) 667-9420 x165

Gov 2.0: The Government’s Web 2.0 Platform Ramesh Ramakrishnan Division Director Citizant Ph: (703) x165
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
ITEC810 Project By: P. M. Mathindri Nilushika Pathiraja 1.

ITEC810 Project By: P. M. Mathindri Nilushika Pathiraja 1.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management in Cryptography

Key Management in Cryptography
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.
RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
The generation, storage, and movement of information are central to managing an enterprise’s business processes As a result, businesses must ensure.

The generation, storage, and movement of information are central to managing an enterprise’s business processes As a result, businesses must ensure.

Similar presentations

Ads by Google