Tutorial: Identity Management Systems and Secured Access Control

Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Today’s computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions

Identity in eHealth - from the reality of physical identification to digital identification.

Mestrado em Informática MédicaMaster Programme in Medical Informatic

Assessing the Solid Protocol in Relation to Security and Privacy Obligations

The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and privacy requirements for such a framework. The legislation places some obligations on pod providers, much like cloud services. However, what is more interesting is that Solid has the potential to support GDPR compliance of Solid apps and data users that connect, via the protocol, to Solid pods containing personal data. A Solid-based healthcare use case is illustrated where identifying such controllers responsible for apps and data users is essential for the system to be deployed. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements

Security management for services that are integrated across enterprise boundaries

This thesis addresses the problem of security management for services that are integrated across enterprise boundaries, as typically found in multi-agency environments. We consider the multi-agency environment as a collaboration network. The Electronic Health Record is a good example of an application in the multi-agency service environment, as there are different authorities claiming rights to access the personal and medical data of a patient. In this thesis we use the Electronic Health Record as the main context. Policies are determined by security goals, goals in turn are determined by regulations and laws. In general goals can be subtle and difficult to formalise, especially across admin boundaries as with the Electronic Health Record. Security problems may result when designers attempt to apply general principles to cases that have subtleties in the full detail. It is vital to understand such subtleties if a robust solution is to be achieved Existing solutions are limited in that they tend only to deal with pre- determined goals and fail to address situations in which the goals need to be negotiated. The task-based approach seems well suited to addressing this. This work is structured in five parts. In the first part we review current declarations, legislation and regulations to bring together a global, European and national perspective for security in health services and we identify requirements. In the second part we investigate a proposed solution for security in the Health Service by examining the BMA (British Medical Association) model. The third part is a development of a novel task-based CTCP ICTRP model based on two linked protocols. The Collaboration Task Creation Protocol (CTCP) establishes a framework for handling a request for information and the Collaboration Task Runtime Protocol (CTRP) runs the request under the supervision of CTCP. In the fourth part we validate the model against the Data Protection Act and the Caldicott Principles and review for technical completeness and satisfaction of software engineering principles. Finally in the fifth part we apply the model to two case studies in the multi- agency environment a simple one (Dynamic Coalition) for illustration purposes and a more complex one (Electronic Health Record) for evaluating the model's coverage, neutrality and focus, and exception handling.EThOS - Electronic Theses Online ServiceArabian Gulf Oil Co.GBUnited Kingdo