Riesgos biológicos en el personal sanitario

Este trabajo es un revisión bibliográfica de los riesgos biológicos a los que se ve sometido el personal sanitario, y abarca varios aspectos relacionados con él, como son definición de riesgo biológico , vías de entrada , tipos de agentes patógenos ,cómo se puede reducir el riesgo , medidas preventivas ,vacunación del personal sanitario, tipos de sistemas de seguridad de los que disponemos en nuestro medio de trabajo , protocolo de actuación frente a un riesgo biológico , obligaciones del empresario frente a amenazas de riesgo biológico que afecten a sus trabajadores y cómo se notifica a la autoridades competentes

Contributions to the privacy provisioning for federated identity management platforms

Identity information, personal data and user’s profiles are key assets for organizations and companies by becoming the use of identity management (IdM) infrastructures a prerequisite for most companies, since IdM systems allow them to perform their business transactions by sharing information and customizing services for several purposes in more efficient and effective ways. Due to the importance of the identity management paradigm, a lot of work has been done so far resulting in a set of standards and specifications. According to them, under the umbrella of the IdM paradigm a person’s digital identity can be shared, linked and reused across different domains by allowing users simple session management, etc. In this way, users’ information is widely collected and distributed to offer new added value services and to enhance availability. Whereas these new services have a positive impact on users’ life, they also bring privacy problems. To manage users’ personal data, while protecting their privacy, IdM systems are the ideal target where to deploy privacy solutions, since they handle users’ attribute exchange. Nevertheless, current IdM models and specifications do not sufficiently address comprehensive privacy mechanisms or guidelines, which enable users to better control over the use, divulging and revocation of their online identities. These are essential aspects, specially in sensitive environments where incorrect and unsecured management of user’s data may lead to attacks, privacy breaches, identity misuse or frauds. Nowadays there are several approaches to IdM that have benefits and shortcomings, from the privacy perspective. In this thesis, the main goal is contributing to the privacy provisioning for federated identity management platforms. And for this purpose, we propose a generic architecture that extends current federation IdM systems. We have mainly focused our contributions on health care environments, given their particularly sensitive nature. The two main pillars of the proposed architecture, are the introduction of a selective privacy-enhanced user profile management model and flexibility in revocation consent by incorporating an event-based hybrid IdM approach, which enables to replace time constraints and explicit revocation by activating and deactivating authorization rights according to events. The combination of both models enables to deal with both online and offline scenarios, as well as to empower the user role, by letting her to bring together identity information from different sources. Regarding user’s consent revocation, we propose an implicit revocation consent mechanism based on events, that empowers a new concept, the sleepyhead credentials, which is issued only once and would be used any time. Moreover, we integrate this concept in IdM systems supporting a delegation protocol and we contribute with the definition of mathematical model to determine event arrivals to the IdM system and how they are managed to the corresponding entities, as well as its integration with the most widely deployed specification, i.e., Security Assertion Markup Language (SAML). In regard to user profile management, we define a privacy-awareness user profile management model to provide efficient selective information disclosure. With this contribution a service provider would be able to accesses the specific personal information without being able to inspect any other details and keeping user control of her data by controlling who can access. The structure that we consider for the user profile storage is based on extensions of Merkle trees allowing for hash combining that would minimize the need of individual verification of elements along a path. An algorithm for sorting the tree as we envision frequently accessed attributes to be closer to the root (minimizing the access’ time) is also provided. Formal validation of the above mentioned ideas has been carried out through simulations and the development of prototypes. Besides, dissemination activities were performed in projects, journals and conferences.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: María Celeste Campo Vázquez.- Secretario: María Francisca Hinarejos Campos.- Vocal: Óscar Esparza Martí

Estudio y puesta en marcha de una infraestructura de gestión de identidad federada basada en SAML 2.0

Actualmente el uso de infraestructuras que permitan realizar tareas de gestión de identidad se ha convertido en un requisito indispensable para la mayoría de las empresas. Un sistema de gestión de identidad permite cubrir las necesidades clave de seguridad de una organización, otorgándole a la vez la libertad de crecer tan rápido como le permita su negocio. Los sistemas de gestión de identidad separan las tareas de provisión de servicios, de aquellas que tienen como propósito gestionar identidades. De este modo, permite liberar a los proveedores de servicios de la gestión de datos relativos al acceso del usuario. Por lo que no tienen que preocuparse de llevar a cabo tareas tan tediosas como el almacenamiento de contraseñas y certificados de los usuarios que acceden al sistema. Además, desde el punto de vista del usuario, este tipo de sistemas tiene como objetivo la facilidad de uso, por lo que permiten realizar procesos de inicio y cierre de sesión únicos. Para ello, este sólo necesita autenticarse en un proveedor de identidad, que comunicaría al resto de los proveedores con los que tenga establecida una relación de confianza, que el usuario ha sido autenticado. En los ultimos años han surgido diversas iniciativas que tienen como objetivo definir marcos de trabajo basados en gestión de identidad. Entre ellas, podemos destacar el lenguaje de asertos y la infraestructura definida por OASIS, SAML (Security Assertion Markup Language), las iniciativas desarolladas por Liberty Alliance, WS-Federation y OpenID. Otra iniciativa a destacar es la de Shibboleth, que está basada en SAML 2.0. De ellas, la única que se encuentra estandarizada hasta el momento es SAML. Todos estos marcos de trabajo tienen como objetivo reducir la complejidad de los proveedores de servicios y permitirles centrarse en su n ucleo, a la vez que proporcionan una experiencia satisfactoria a los usuarios que acceden a sus servicios. El objetivo nal de este proyecto, es realizar un estudio práctico acerca de la especificación SAML 2.0 y de las funcionalidades que proporcionan los distintos perfiles y casos de uso para gestión de identidad federada contemplados en el estándar. Dicho estudio incluye la puesta en marcha de una infraestructura de gestión de identidad basada en desarrollos de código abierto como son ZXID y Lasso. Además se han desarrollado nuevos componentes para explorar funcionalidades no cubiertas en las implementaciones utilizadas. En concreto, nos hemos centrado en los perfiles de Single-Sign-On y Single-Logout, con el fin de hacer pruebas de integración e interoperabilidad de los distintos proveedores que constituyen la plataforma de gestión de identidad desplegada en este proyecto. __________________________________________Using identity management infrastructures is usual nowadays because it has become a prerequisite for most companies. An identity management system can meet the key needs of an organization's security, while giving the freedom to grow as fast as his business allows. This systems separate identity management tasks from of service provisioning. Thus, service providers are freed from managing the data for user access. Therefore, they don't have to worry about carrying out tedious tasks such as storing passwords and certificates of the users accessing the system. Moreover, from the user's perspective, this type of systems is aimed at ease of use, so it allows single sign on and single logout. Thus, the user only needs to authenticate to an identity provider, who will communicate to other providers with which it has established a relationship of trust that the user has been authenticated. There are various initiatives currently that aim at defining frameworks based on identity management. Among them, we can highlight the language of assertions and infrastructure defined by OASIS, SAML (Security Assertion Markup Language), the initiatives Liberty Alliance, WS-Federation and OpenID. Another initiative worth noting is that of Shibboleth, which is based on SAML 2.0. Of these, the one that is standardized so far is SAML. All these frameworks aim to reduce the complexity of service providers and enabling them concentrate on their core business, while providing a satisfactory experience to users who access their services. The main aim of this project is to carry out a study on SAML version 2.0 and functionalities provided by different profiles and use cases for federated identity management covered by the standard. Such study includes the deployment of the infrastructure based on open source developments such as ZXID and Lasso. In addition, new components have been developed in order to cover functionalities that are not involved in the used implementations. Specifically, we have focused on the profiles of Single Sign On (SSO) and Single Logout (SLO) to perform tests of integration and interoperability between providers that are part of the identity management platform deployed in this project.Ingeniería de Telecomunicació

El pensamiento del profesorado sobre la educación en la compleja sociedad actual

Con esta investigación se profundiza en el pensamiento de los maestros y maestras de primaria para saber cómo ven y cómo sienten ellos todos los cambios tan vertiginosos que se están produciendo en nuestra sociedad. Obviamente, estos cambios repercuten en la educación y en la visión que tiene la sociedad de ella, el tema central de la investigación será hablar de todos esos cambios y de cómo afectan individualmente a un grupo de maestros entrevistados. Además, se hace un contraste con la educación de hace unos treinta años para evidenciar aún más estos cambios y sus consecuencias.This research delves into the thinking of primary teachers to know how they see and feel all the changes so dizzying that are occurring in our society. Obviously, these changes have an impact on education and society's vision of it, the central theme of the research will be to talk about all those changes and how individually affect a group of teachers interviewed. In addition, there is a contrast with the education of some thirty years ago to further evidence these changes and their consequences.Universidad de Granada. Facultad de Ciencias de la Educación. Grado de Educación Primari

FamTV : an architecture for presence-aware personalized television

Since the advent of the digital era, the traditional TV scenario has rapidly evolved towards an ecosystem comprised of a myriad of services, applications, channels, and contents. As a direct consequence, the amount of available information and configuration options targeted at today's end consumers have become unmanageable. Thus, personalization and usability emerge as indispensable elements to improve our content-overloaded digital homes. With these requirements in mind, we present a way to combine content adaptation paradigms together with presence detection in order to allow a seamless and personalized entertainment experience when watching TV.This work has been partially supported by the Community of Madrid (CAM), Spain under the contract number S2009/TIC-1650.Publicad

Improving privacy in identity management systems for health care scenarios

Privacy is a very complex and subjective concept with different meaning to different people. The meaning depends on the context. Moreover, privacy is close to the user information and thus, present in any ubiquitous computing scenario. In the context of identity management (IdM), privacy is gaining more importance since IdM systems deal with services that requires sharing attributes belonging to users’ identity with different entities across domains. Consequently, privacy is a fundamental aspect to be addressed by IdM to protect the exchange of user attributes between services and identity providers across different networks and security domains in pervasive computing. However, problems such as the effective revocation consent, have not been fully addressed. Furthermore, privacy depends heavily on users and applications requiring some degree of flexibility. This paper analyzes the main current identity models, as well as the privacy support presented by the identity management frameworks. After the main limitations are identified, we propose a delegation protocol for the SAML standard in order to enhance the revocation consent within healthcare scenarios.Proyecto CCG10-UC3M/TIC-4992 de la Comunidad Autónoma de Madrid y la Universidad Carlos III de Madri

SuSSo: seamless and ubiquitous single sign-on for cloud service continuity across devices

The great variety of consumer electronic devices with support of wireless communications combined with the emerging Cloud Computing paradigm is paving the way to real anytime/anywhere computing. In this context, many services, such as music or video streaming, are delivered to the clients using Cloud-based providers. However, service continuity when moving across different terminals is still a major challenge. This paper proposes SuSSo, a novel middleware architecture that allows sessions initiated from one device to be seamlessly transferred to a second one, as might be desirable in the enjoyment of long running media.Publicad

A metric-based approach to assess risk for "on cloud" federated identity management

The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidencebased trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.This work was supported in part by the Spanish Ministry of Science and Innovation under the project CONSEQUENCE (TEC2010-20572-C02-01).Publicad

An identity aware wimax personalization for pervasive computing services

Mobile Internet access is becoming more and more pervasive in the new 4G scenarios, where WiMAX is to play a crucial role. WiMax has advantages when considering both energy consumption and bandwidth, when compared with HSDPA and LTE. However, we have found some limitations in IEEE 802.16 security support, which may limit authentication and authorization mechanisms for ubiquitous service development. In this article we analyze weaknesses and vulnerabilities we have found in WiMAX security. WiMax, with the adequate identity management support, could be invaluable for developing new pervasive computing services. We propose the introduction of identity management in WiMAX, as a pervious step to the definition of identity aware WiMax personalization of pervasive computing servicesProyecto CCG10-UC3M/TIC-4992 de la Comunidad Autónoma de Madrid y la Universidad Carlos III de Madri

Propuesta de un sistema de evaluación del desempeño laboral en la Gerencia Regional de Trabajo y Promoción del Empleo Chiclayo – Lambayeque

El presente trabajo se enmarca dentro de investigación descriptiva, ofreciendo resultados analizados en la influencia del desempeño laboral de los colaboradores de la Gerencia Regional de Trabajo y Promoción del empleo de Chiclayo. El presente trabajo nos permite realizar un diagnóstico situacional sobre los factores del desempeño laboral, así mismo permite identificar los problemas que sirve para la elaboración de estrategias y un mejor desempeño laboral, mejorando las capacidades de los colaboradores y directivos de la Gerencia Regional de Trabajo y Promoción del empleo de Chiclayo. El presente trabajo permite tener un enfoque de la importancia de mejorar las competencias y estar siempre en capacitación, además de ser líderes en todo momento. Además tiene como objeto estudiar la gestión del desempeño laboral en la Gerencia Regional de Trabajo y Promoción del empleo de Chiclayo.Tesi