New framework for authentication and authorization for e-health service systems

The development of information technology has eased the medical services and provided the electronic health service in a way that a doctor can keep the records of patients in an information system and be informed of changes of status of patients, and make decisions promptly. However, there are increasing challenges over the privacy of patients due to the exposition of clinic information patients to ubiquitous networks. This paper introduces a framework for authentication and authorization in e-health services. It aims to build the architecture for authentication and authorisation within an e-health service system. The architecture will help to build a secure and privacy protection e-health service system. The authors hope that understanding the underlying framework will not only inform researchers of a better design for e-health service, but also assist e-health systems developers in the understanding of intricate constructions within authentication and authorisation. Further, our paper highlights the importance of protecting the privacy of medical records of patients in terms of information privacy

Single Sign-On in Cloud Computing Scenarios: A Research Proposal

Cloud computing and Software as a Service infrastructure are becoming important factors in E-commerce and E-business processes. Users may access simultaneously to different E-services supplied by several providers. An efficient approach to authenticate and authorize users is needed to avoid problems about trust and redundancy of procedure. In this paper we will focus on main approaches in managing Authentication and Authorization Infrastructures (AAI): i.e. federated and centralized and cloud based. Then we will discuss about related some critical issues in Cloud computing and SaaS contexts and will highlight the possible future researches.Cloud computing and Software as a Service infrastructure are becoming important factors in E-commerce and E-business processes. Users may access simultaneously to different E-services supplied by several providers. An efficient approach to authenticate and authorize users is needed to avoid problems about trust and redundancy of procedure. In this paper we will focus on main approaches in managing Authentication and Authorization Infrastructures (AAI): i.e. federated and centralized and cloud based. Then we will discuss about related some critical issues in Cloud computing and SaaS contexts and will highlight the possible future researches.Monograph's chapter

Identity-as-a-Service: An Adaptive Security Infrastructure and Privacy-Preserving User Identity for the Cloud Environment

In recent years, enterprise applications have begun to migrate from a local hosting to a cloud provider and may have established a business-to-business relationship with each other manually. Adaptation of existing applications requires substantial implementation changes in individual architectural components. On the other hand, users may store their Personal Identifiable Information (PII) in the cloud environment so that cloud services may access and use it on demand. Even if cloud services specify their privacy policies, we cannot guarantee that they follow their policies and will not (accidentally) transfer PII to another party. In this paper, we present Identity-as-a-Service (IDaaS) as a trusted Identity and Access Management with two requirements: Firstly, IDaaS adapts trust between cloud services on demand. We move the trust relationship and identity propagation out of the application implementation and model them as a security topology. When the business comes up with a new e-commerce scenario, IDaaS uses the security topology to adapt a platform-specific security infrastructure for the given business scenario at runtime. Secondly, we protect the confidentiality of PII in federated security domains. We propose our Purpose-based Encryption to protect the disclosure of PII from intermediary entities in a business transaction and from untrusted hosts. Our solution is compliant with the General Data Protection Regulation and involves the least user interaction to prevent identity theft via the human link. The implementation can be easily adapted to existing Identity Management systems, and the performance is fast.</jats:p

Shibboleth Access Management Federations as an Organisational Model for SDI

Shibboleth is an open source implementation of the OASIS standard Security Assertion Markup Language (SAML). Shibboleth Access Management Federations (AMFs) are used daily around the globe by millions of users – mainly in the academic realm – in order to securely exchange the identity information necessary to make authorisation decisions concerning protected web resources. AMFs are typically comprised of a number of entities, eg, organisations working together to achieve a set of shared objectives while each member retains control over its own internal affairs. There are three main categories of entities: identity management is devolved to individual member organisations who act as Identity Providers, Service Providers are established by organisations wanting to make protected resources available, and finally, there is a small Coordinating Centre. Principally through the European Spatial Data Infrastructure Network (ESDIN) project and the OGC Web Service (OWS) Shibboleth Interoperability Experiment, it has been established that Shibboleth provides a production strength, standards based, open source, interoperable mainstream IT solution to the problem of how to implement AMFs around the OWS central to SDI’s. Furthermore, it has been demonstrated using a prototype federation of INSPIRE compliant services established under ESDIN that this can be done without modifications to either mainstream Shibboleth or OWS. However, non browser based clients require adaptation. Various options exist as to how the main actors within a European SDI/Federation may organise themselves in order to realise the objective of allowing authorised users from key organisations, eg, EU bodies concerned with environmental policy formation, seamless access to harmonised protected geospatial information through OWS. This paper proposes that a parallel security infrastructure is necessary to realise SDI where protected resources are involved and gives an account of work undertaken demonstrating how Shibboleth based AMF’s meet this need

Secured Web Services Specifications

The proliferation of XML based web services in the IT industry not only gives rise to opportunities but challenges too. Namely the challenges of security and a standard way of maintaining it across domains and organisational boundaries. OASIS, W3C and other organisations have done some great work in bringing about this synergy. What I look in this paper are some of the more popular standards in vogue today and clubbed under WS-* specification. I will try to give an overview of various frameworks and protocols being used to keep webservices secure. Some of the major protocols looked into are WS-Security, SAML, WS-Federation, WS-Trust, XMLEncryption and Signature. This paper will give you a brief introduction to impact of using WS-* on time complexity due to the extra load of encrypting and certificates. Windows communication foundation (WCF) is one of the best designed toolset for this though WCF is not the topic of discussion in this paper