Initial Experiences of Building Secure Access to Patient Confidential Data via the Internet

A project to enable health care professionals (GPs, practice nurses and diabetes nurse specialists) to access, via the Internet, confidential patient data held on a secondary care (hospital) diabetes information system, has been implemented. We describe the application that we chose to distribute (a diabetes register); the security mechanisms we used to protect the data (a public key infrastructure with strong encryption and digitally signed messages, plus a firewall); the reasons for the implementation decisions we made; the validation testing that we performed and the preliminary results of the pilot implementation

Blocking Java Applets at the Firewall

This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet

Secure Data Sharing With AdHoc

In the scientific circles, there is pressing need to form temporary and dynamic collaborations to share diverse resources (e.g. data, an access to services, applications or various instruments). Theoretically, the traditional grid technologies respond to this need with the abstraction of a Virtual Organization (VO). In practice its procedures are characterized by latency, administrative overhead and are inconvenient to its users. We would like to propose the Manifesto for Secure Sharing. The main postulate is that users should be able to share data and resources by themselves without any intervention on the system administrator's side. In addition, operating an intuitive interface does not require IT skills. AdHoc is a resource sharing interface designed for users willing to share data or computational resources within seconds and almost effortlessly. The AdHoc application is built on the top of traditional security frameworks, such as the PKI X.509 certificate scheme, Globus GSI, gLite VOMS and Shibboleth. It enables users rapid and secure collaboration

SOAP Services with Clarens: Guide for Developers and Administrators

The Clarens application server enables secure, asynchronous SOAP services to run on a Grid cluster such as one of those of the TeraGrid. There is a Client, who wants to use the service and understands the application domain enough to form a reasonable service request; a Developer, who is a power-user of the TeraGrid, who understands both Clarens and the application domain, and creates and deploys a service on a TeraGrid head node; and there is a Root system administrator, who controls the Clarens installation and the cluster on which it runs. The purpose of this document is to provide all of the information a service developer needs to know in order to deploy a Clarens service, with information also provided for the system administrator of the Clarens installation. First we discuss how each of the three roles see the service