Secured Web Services Specifications

The proliferation of XML based web services in the IT industry not only gives rise to opportunities but challenges too. Namely the challenges of security and a standard way of maintaining it across domains and organisational boundaries. OASIS, W3C and other organisations have done some great work in bringing about this synergy. What I look in this paper are some of the more popular standards in vogue today and clubbed under WS-* specification. I will try to give an overview of various frameworks and protocols being used to keep webservices secure. Some of the major protocols looked into are WS-Security, SAML, WS-Federation, WS-Trust, XMLEncryption and Signature. This paper will give you a brief introduction to impact of using WS-* on time complexity due to the extra load of encrypting and certificates. Windows communication foundation (WCF) is one of the best designed toolset for this though WCF is not the topic of discussion in this paper

Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice

1. Introduction The research project as a whole examined the factors that bear on the accessibility of online published professional information within the National Health Service (NHS) in England, and the implications that these have for library and information services. The overall aim of this study was to investigate the apparent disjunction between stated policy regarding evidence-based practice and professional learning, and actual IT (information technology) strategy, service delivery and security practice at NHS trust level, from both technical and organisational perspectives. The presentation discusses the following specific issues: 1) the nature and extent of restrictions on access to websites and web applications within NHS organisations; 2) the impacts of these on professional information seeking and working practices; 3) the technical and organisational factors which bear on how web security is implemented within NHS trusts, in relation to overall organisational priorities and strategies. 2. Methods The study adopted a qualitative case study method, taking three NHS trusts of different types for its setting. The lead researcher [CE] conducted a total of 40 semi-structured interviews with library and workforce development staff, IT managers, information governance managers, and clinical professionals. Interview findings are set in the context of the trusts’ and other relevant reports, policies, strategies and standards. 3. Results Staff in the teaching hospital trust experienced the greatest number of obstacles to information seeking caused by the blocking of legitimate websites (‘false positives’). This affected the work of clinical educators in particular. Much decision-making in relation to information security issues seemed to be tacit. IT security managers reported not having the time to evaluate the effectiveness or impact of the web security devices they deploy on NHS networks. They were likely to accept the default configurations and categorisations of content offered by the suppliers. The focus of their attention appeared to be on the potential security risks posed by ‘recreational’/non-work use of the web. 4. Conclusions Little attention has been paid within the NHS information systems community to the issue of access to legitimate published information. The focus is heavily on the secure and appropriate management of clinical records and systems. Community-based staff appeared to be more likely (than their hospital-based colleagues) to be significantly disadvantaged by restrictive access control policies

Impact of Mobile and Wireless Technology on Healthcare Delivery services

Modern healthcare delivery services embrace the use of leading edge technologies and new scientific discoveries to enable better cures for diseases and better means to enable early detection of most life-threatening diseases. The healthcare industry is finding itself in a state of turbulence and flux. The major innovations lie with the use of information technologies and particularly, the adoption of mobile and wireless applications in healthcare delivery [1]. Wireless devices are becoming increasingly popular across the healthcare field, enabling caregivers to review patient records and test results, enter diagnosis information during patient visits and consult drug formularies, all without the need for a wired network connection [2]. A pioneering medical-grade, wireless infrastructure supports complete mobility throughout the full continuum of healthcare delivery. It facilitates the accurate collection and the immediate dissemination of patient information to physicians and other healthcare care professionals at the time of clinical decision-making, thereby ensuring timely, safe, and effective patient care. This paper investigates the wireless technologies that can be used for medical applications, and the effectiveness of such wireless solutions in a healthcare environment. It discusses challenges encountered; and concludes by providing recommendations on policies and standards for the use of such technologies within hospitals