Securing XML archives for Search Based Applications (Talk by John Tait; Oct 19; 10am SBA)
There has been a recent trend to produce what are known as Search Based Applications. One strand of this work is based on the observation that many organisation keep legacy transaction orientated systems up and running in order to allow information contained in those systems to continue to be accessed for audit and security purposes. This is quite different from the high transaction volumes the systems were originally designed for. So for example a credit card might keep an obsolete retailer and customer service applciation up and running purely so security investigators can accessed historic customer transaction patterns via ad hoc SQL queries.
A better solution would be to archive the data in the transaction system to an XML store, and then use enterprise text search systems, like Lucene or Bing/FAST to provide the query facilities. However, this raises the question, does the XML data actually represent the data previously held in the transaction system, or has the data been altered in some way.
The seminar will discuss the security issues search based applications raises and seek to work with the audience to find ways forward with those issues.