This diagram illustrates the interfaces between the elements of a directory-centric management environment such as the GEM. Context technology is the combination of directory, digital certificate, file system, database, and network technologies which provide the functionality of integrating catalog, profile, transaction, life cycle management, analysis, and sensor capabilities. Context is maintained in this environment through the combined use of both globally-unique and decimal classification database keys.
The numbered steps in the diagram follow the path towards secure-access to network applications.
An authority (1) registers a person or other resource by entering their name in the (2) corporate directory. The registration authority is already “trusted” by a higher “certificate authority” or CA, so a (3) digital certificate for the newly registered object is generated and placed into the directory for the new object (person, etc.) to collect under password control. When the object is registered in the directory, it is also placed in the directory-supplement (4) catalog to allow entry of more detailed information about the object (e.g., a person’s resume and a skill matrix, or an electronic instrument’s serial number and maintenance status.) After registration in the directory and catalog, the newly registered person (or initially their supervisor) would begin building a (5) profile of the person’s relevant locations, organizations, work units, functions, processes, or resources (inputs, controls, outputs, mechanisms). As a result of the increasingly more refined profile, the network, email, and database (6) access control lists (ACL) can be set for fine grained access via (7) profile-based accounts, including access to (8) resource (ICOM) allocations, (9) permissions based on profile-identified group and role assignments, and (10) databases and file systems for those groups and roles. The end result is the registered object’s (11) context-relevant application and generation of information, with less information overload.
Through this method, a person gains access to what they’ve expressed a need for or interest-in from a public source, or what they’re authorized to access based on the profile of the work unit (position) they occupy, built by those responsible for that work unit. What the person accesses in private is kept private, while what they professionally access is partially visible to those with direct authority over their work or who collaborate with them, all maintained by digital certificate and directory technology.
