Attributes Enhanced Role-Based Access Control Model

Abstract. Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access con-trol models. Yet, they both have known limitations and offer features complimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an important area of research. In this paper, we propose an access control model that combines the two mod-els in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy

BlockU: extended usage control in and for Blockchain

An electronic business transaction among untrusted bodies without consulting a mutually trusted party has remained widely accepted problem. Blockchain resolves this problem by introducing peer-to-peer network with a consensus algorithm and trusted ledger. Blockchain originally introduced for cryptocurrency that came with proof-of-work consensus algorithm. Due to some performance issues, scientists brought concept of permissioned Blockchain. Hyperledger Fabric is a permissioned Blockchain targeting business-oriented problems for industry. It is designed for efficient transaction execution over Blockchain with pluggable consensus model; however, there is limitation of rapid application development. Hyperledger introduced a new layer called Hyperledger Composer on top of the Fabric layer, which provides an abstract layer to model the business application readily and quickly. Composer provides a smart contract to extend the functionality and flexibility of Fabric layer and provides a way of communication with other systems to meet business requirements. Hyperledger Composer uses role-based access control (RBAC) model to secure access to its valuable assets. However, RBAC is not enough because many business deals require continuous assets monitoring. Our proposed model, BlockU, covers all possible access control models required by a business. BlockU can monitor assets continuously during transactions and updates attributes accordingly. Moreover, we incorporate hooks in Hyperledger Composer to implement extended permission model that provides extensive permission management capability on an asset. Subsequently, our proposed enhanced access control model is implemented with a minimal change to existing Composer code base and is backward compatible with the current security mechanism.info:eu-repo/semantics/publishedVersio

Information-Driven Housing

This paper suggests a new information-driven framework is needed to help consumers evaluate the sustainability of their housing options. The paper provides an outline of this new framework and how it would work

My private cloud--granting federated access to cloud resources

We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owners of, based on their identity attributes. Once users open one of their accounts, they can upload and download files to it. Not only that, but they can then grant access to their file resources to anyone else in the federated system, regardless of whether their chosen delegate has used the cloud service before or not. The system uses standard identity management protocols, attribute based access controls, and a delegation service. A set of APIs have been defined for the authentication, authorisation and delegation processes, and the software has been released as open source to the community. A public demonstration of the system is available online

Nurse Practitioner Competency Standards: Findings from Collaborative Australian and New Zealand Research

Background: The title, Nurse Practitioner, is protected in most jurisdictions in Australia and in New Zealand and the number of nurse practitioners is increasing in health services in both countries. Despite this expansion of the role there is scant national or international research to inform development of nurse practitioner competency standards. Objectives: The aim of the study was to research nurse practitioner practice to inform development of generic standards that could be applied for the education, authorisation and practice of nurse practitioners in both countries. Design: The research used a multi-methods approach to capture a range of data sources including research of policies and curricula, and interviews with clinicians. Data were collected from relevant sources in Australia and New Zealand Settings: The research was conducted in New Zealand and the five states and territories in Australia where, at the time of the research, the title of nurse practitioner was legally protected. Participants: The research was conducted with a purposeful sample of nurse practitioners from diverse clinical settings in both countries. Interview and material data were collected from a range of sources and data were analysed within and across these data modalities. Results: Findings included identification of three generic standards for nurse practitioner practice namely, Dynamic Practice, Professional Efficacy and Clinical Leadership. Each of these standards has a number of practice competencies, each of these competencies with their own performance indicators. Conclusions: Generic Standards for nurse practitioner practice will support a standardised approach and mutual recognition of nurse practitioner authorisation across the two countries. Additionally these research outcomes can more generally inform education providers, authorising bodies and clinicians on the standards of practice for the nurse practitioner whilst also contributing to the current international debate on nurse practitioner standards and scope of practice

Giving the customer a voice: A study of market research methods and their perceived effectiveness in NPD

There is a widely held view that a lack of, “…customer understanding,” is one of the main reasons for product failure (Eliashberg et al., 1997, p. 219). This is despite the fact that new product development (NPD) is a crucial business process for many companies. The importance of integrating the voice of the customer (VoC) through market research is well documented (Davis, 1993; Mullins and Sutherland, 1998; Cooper et al., 2002; Flint, 2002; Davilla et al., 2006; Cooper and Edgett, 2008; Cooper and Dreher, 2010; Goffin and Mitchell, 2010). However, not all research methods are well received, for example there are studies that have strongly criticized focus groups, interviews and surveys (e.g. Ulwick, 2002; Goffin et al, 2010; Sandberg, 2002). In particular, a point is made that, “…traditional market research and development approaches proved to be particularly ill-suited to breakthrough products” (Deszca et al, 2010, p613). Therefore, in situations where traditional techniques—interviews and focus groups—are ineffective, the question is which market research techniques are appropriate, particularly for developing breakthrough products? To investigate this, an attempt was made to access the knowledge of market research practitioners from agencies with a reputation for their work on breakthrough NPD. We were surprised to find that this research had not been conducted previously. In order to make it possible for the sample of 24 market research experts identified for this study to share their knowledge, repertory grid technique was used. This psychology based method particularly seeks out tacit knowledge by using indepth interviews. In this case the interviews were conducted with professionals from leading market research agencies in two countries. The resulting data provided two unique insights: they highlighted the attributes of market research methods which made them effective at identifying customers’ needs and they showed how different methods were perceived against these attributes. This article starts with a review of the literature on different methods for conducting market research to identify customer needs. The conclusions from the literature are then used to define the research question. We explain our choice of methodology, including the data collection and analysis approach. Next the key results are presented. Finally, the discussion section identifies the key insights, clarifies the limitations of the research, suggests areas for future research, and draws implications for managers. We conclude that existing research is not aligned with regard to which methods (or combination of methods) are best suited to the various stages of the NPD process. We have set out the challenges and our own intended work in this regard in our section on ‘further research’. Also, the existing literature does not explicitly seek the perceptions of practitioner experts based in market research agencies. This we have started to address, and we acknowledge that further work is required. Although our research in ongoing, it has already yielded the first view of a model of the perceptions of 24 expert market researchers in the UK and Denmark. Based on the explanation of these experts, the model situates a derived set of categories in a manner that reflects the way in which they are inter-linked. We believe that our model begins to deal with the gaps and anomalies in the existing research into VoC methods