Delegation Protocols in Human-Centric Workflows

International audienceOrganisations are facilitated and conducted using workflow management systems. Currently, we observe a tendency moving away from strict workflow modelling towards dynamic approaches supporting human interactions when deploying a workflow. One specific approach ensuring human-centric workflows is task delegation. Delegating a task may require an access to specific and potentially sensitive data that have to be secured and specified into authorisation policies. In this paper, we propose a modelling approach to secure delegation. In doing so, we define delegation protocols supporting specific constraints based on both workflow and access control systems. Moreover, we develop an advanced access control framework to integrate delegation constraints within existing policies. The novelty consists in the proactivity aspect of our framework to cope with dynamic delegation of authority in authorisation policies

Task Delegation Based Access Control Models for Workflow Systems

International audiencee-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model

A Secure Task Delegation Model for Workflows

International audienceWorkflow management systems provide some of the required technical means to preserve integrity, confidentiality and availability at the control-, data- and task assignment layers of a workflow. We currently observe a move away from predefined strict workflow enforcement approaches towards supporting exceptions which are difficult to foresee when modelling a workflow. One specific approach for exception handling is that of task delegation. The delegation of a task from one principal to another, however, has to be managed and executed in a secure way, in this context implying the presence of a fixed set of delegation events. In this paper, we propose first and foremost, a secure task delegation model within a workflow. The novel part of this model is separating the various aspects of delegation with regards tousers, tasks, events and data, portraying them in terms of a multi-layered state machine. We then define delegation scenarios and analyse additional requirements to support secure task delegation over these layers. Moreover, we detail a delegation protocol with a specific focus on the initial negotiation steps between the involved principals

Distributed healthcare framework using patient-centric role-based security modelling and workflow

Healthcare professionals are spending less time with patients and more time on administrative duties (Royal College of Nursing, 2008). This is due to a high bureaucratic demand (Brindley, 2007) on the caring process, patient population and longevity (Fougère and Mérette, 1999). A patient-centric system uses gathered information and includes the patient in its functional design (IBM, 2006). Patient-centric requirements have existed in UK healthcare IT since 2000 (Fairway, 2000). Some existing systems cannot be patient-centric. This is because the strategies that shape the requirements for IT systems have changed over time (Mackenzie, 2004); therefore, information technology solutions, built in different times, meet different healthcare requirements. The data created in these differing systems can become disparate and less useful (Singureanu, 2005). Patient information is sensitive; medical healthcare professional roles, such as doctors can only access a patient’s health record at appropriate times. Other healthcare professionals must ask for a patient’s permission to access their health record whilst other roles in the National Health Service (NHS) are only entitled to nonmedical information (Scottish Consumer Council, 2007). This implies that viewing patient data attributes are only permissible by role.The aim of this project is to provide a patient-centric prototype distributed system that can demonstrate approaches to reducing complexity through data and interface integration; increasing visibility through relevant role based information targeting; and reducing administrative overhead through electronic workflow.This report examines the history of IT strategies in the NHS, identifying some of the key aims from 1992 to 2008. It then discusses some of the standards defined to allow differing systems to communicate and highlights some of the existing IT systems in healthcare today.The system design allows patients to interact with the in same way as healthcare professional, it provides access to personal space that displays tasks for the patient or healthcare professional to complete. Data integration is used to build a patient record from local and disparate data sources. Information targeting allows the patient or healthcare professional to visit an area that only displays information relevant to the person there. Finite State Machine methodologies are used to design an electronic workflow, which maps a business process of making a referral.Using the Microsoft Office SharePoint Server information management framework, data integration is achieved through XML definition and the gathering of meta-data (Hoffman and Foster, 2007). Information targeting is achieved through personalised filtering and security permission modelling (Holiday et al., 2007); workflow is accomplished through the application of design; manipulation of the framework and dedicated workflow (Mann, 2007) code libraries built on top of popular ASP.NET web server technology (Walther, 2006).This project finds that whilst it is possible to implement these approaches in theoretical context, more research is required into the application of such approaches in real world scenarios. In addition this report finds that software boundaries within the framework suggest the capacity for vast record user, security and management (Curry et al., 2008), however, research into the factors that affect these boundaries, such as concurrency and healthcare professional/ patient activity on such systems, is required in order extrapolate accurate scalability..

Linked democracy : foundations, tools, and applications

Chapter 1Introduction to Linked DataAbstractThis chapter presents Linked Data, a new form of distributed data on theweb which is especially suitable to be manipulated by machines and to shareknowledge. By adopting the linked data publication paradigm, anybody can publishdata on the web, relate it to data resources published by others and run artificialintelligence algorithms in a smooth manner. Open linked data resources maydemocratize the future access to knowledge by the mass of internet users, eitherdirectly or mediated through algorithms. Governments have enthusiasticallyadopted these ideas, which is in harmony with the broader open data movement

AN OBLIGATION MODEL FOR USAGE CONTROL

ABSTRACT How to control the access and usage of digital resources is one of the most important issues in computer security nowadays. Among them, how to control the resources when they have been passed to the client-side is a research hot spot. The Usage Control Model (UCON) has been proposed to solve this problem. In this research, we focus on one core component of the UCON model, the obligation. We propose a new obligation model to solve the problems the current ones can not deal with, especially for post-obligation. We also offer two testing scenarios, propose an architecture for a prototype based on the proposed model and apply the scenarios to the prototype architecture for proof-of-concept

The role of Spatial Data Infrastructures in the Digital Government Transformation of Public Administrations

Spatial Data Infrastructures (SDIs) play a pivotal role in Digital Government Transformation (DGT) of countries. They constitute one of the main building blocks for effective data sharing and their development in the past years has taught some important lessons to public authorities in terms of collaboration across sectors, centricity of users’ needs as well as usefulness of platforms and Application Programming Interfaces (APIs). However, the specific analysis of the role that SDIs play in Digital Government Transformation has not been the object of many studies so far. With practitioners and academics acknowledging more and more the links between these two concepts, there is a need to provide an initial picture of how SDIs have contributed to Digital Government Transformation until now and what could be their role in the future. The present study is a first attempt to examine this relation and develop a methodology for apprehending the role of SDIs in the Digital Transformation of the public sector. It first develops an analytical framework for examining different aspects that can provide an explanation of the relationship between SDIs and DGT and notably institutional aspects, technical aspects and impact aspects. It then tests this framework on twenty-nine countries (all European Member States plus Norway) in order to assess the validity of this instrument for the collection of data as well as for the wider understanding of this topic. From these analytical and data collection efforts, it emerged the strength of the relationship that SDIs and Digital Government Transformation entertain and the variety of ways in which countries have understood and cultivated it. The study also provides an attempt to link the OECD Recommendation on Digital Governments with the SDIs and Digital Transformation experience of the countries in scope. This also helped understanding that SDIs already significantly support Digital Government Transformation, even from the OECD perspective, and that this relationship will only be stronger in the future.JRC.B.6-Digital Econom