My private cloud--granting federated access to cloud resources

We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owners of, based on their identity attributes. Once users open one of their accounts, they can upload and download files to it. Not only that, but they can then grant access to their file resources to anyone else in the federated system, regardless of whether their chosen delegate has used the cloud service before or not. The system uses standard identity management protocols, attribute based access controls, and a delegation service. A set of APIs have been defined for the authentication, authorisation and delegation processes, and the software has been released as open source to the community. A public demonstration of the system is available online

Enabling the Autonomic Management of Federated Identity Providers

The autonomic management of federated authorization infrastructures (federations) is seen as a means for improving the monitoring and use of a service provider’s resources. However, federations are comprised of independent management domains with varying scopes of control and data ownership. The focus of this paper is on the autonomic management of federated identity providers by service providers located in other domains, when the identity providers have been diagnosed as the source of abuse. In particular, we describe how an autonomic controller, external to the domain of the identity provider, exercises control over the issuing of privilege attributes. The paper presents a conceptual design and implementation of an effector for an identity provider that is capable of enabling cross-domain autonomic management. The implementation of an effector for a SimpleSAMLphp identity provider is evaluated by demonstrating how an autonomic controller, together with the effector, is capable of responding to malicious abuse

Leveraging social networks to gain access to organisational resources

We describe a federated identity management service that allows users to access organisational resources using their existing login accounts at social networking and other sites, without compromising the security of the organisation’s resources. We utilise and extend the Level of Assurance (LoA) concept to ensure the organisation’s site remains secure. Users are empowered to link together their various accounts, including their organizational one with an external one, so that the strongest registration procedure of one linked account can be leveraged by the other sites’ login processes that have less stringent registration procedures. Coupled with attribute release from their organizational account, this allows users to escalate their privileges due to either an increased LoA, or additional attributes, or both. The conceptual and architectural designs are described, followed by the implementation details, the user trials we carried out, and a discussion of the current limitations of the system

Combined effects of individual and neighbourhood socioeconomic status on older adults’ mortality: a retrospective follow-up study in Hong Kong

Objectives This study examined the interaction effects of individual and neighbourhood socioeconomic status (SES) in older adults in Hong Kong, considering all-cause and cause-specific mortality from respiratory disease, cancer, cardiovascular diseases, ischaemic heart disease, stroke, nonmedical disease and suicide.Design A retrospective follow-up study.Setting Hong Kong Special Administrative Region, a rapidly ageing society with 16.1% residents aged 65 years or older in 2020.Participants 43 910 people aged 65 years or older were enrolled at baseline. They had participated in health check-ups during 2000–2003 in one of the Elderly Health Centres. Observation periods started on the date of the participant’s first health check-up, and ended at death, or 31 December 2011, whichever occurred first.Outcome measures All-cause and cause-specific mortality over the study timeframe.Analysis Cox’s proportional hazards regression models were applied to estimate the adjusted HRs of mortality, by including covariates at neighbourhood (deprivation) and individual levels (poverty, education and type of housing).Results The ‘double tragedy theory’ (ie, lower SES persons living in lower SES neighbourhoods have worst health outcomes) was more related to cancer, while the ‘psychosocial comparison theory’ (ie, lower SES persons living in higher SES neighbourhoods have poorer health outcomes) was more related to cardiovascular, ischaemic heart disease, and stroke.Conclusion There were important interaction effects between neighbourhood and individual factors on mortality. Policies based on the interaction between individual and neighbourhood SES should be considered. For instance, for cancer, targeted services (ie, free consultation, relevant treatment information, health check-up, etc) could be allocated in socioeconomically deprived areas to support individuals with low SES. On the other hand, more free public services to reduce psychological stresses (ie, psychological support services, recreational services, health knowledge information, etc) could be provided for those individuals with low SES living in higher SES areas to reduce stroke, cardiovascular and ischaemic heart diseases

Adding Federated Identity Management to OpenStack

OpenStack is an open source cloud computing project that is enjoying wide. While many cloud deployments may be stand-alone, it is clear that secure federated community clouds, i.e., inter-clouds, are needed. Hence, there must be methods for federated identity management (FIM) that enable authentication and authorisation to be flexibly enforced across federated environments. Since there are many different FIM protocols either in use or in development today, this paper addresses the goal of adding protocol independent federated identity management to the OpenStack services. After giving a motivating example for secure cloud federation, and describing the conceptual design for protocol independent federated access, a detailed federated identity protocol sequence is presented. The paper then describes the implementation of the protocol independent system components, along with the incorporation of two different FIM protocols, namely SAML and Keystone proprietary. Finally performance measurements of the protocol independent components, and the two different protocols dependent components are presented, before the paper concludes with the current limitations

Secretory Stanniocalcin 1 promotes metastasis of hepatocellular carcinoma through activation of JNK signaling pathway

© 2017 Elsevier B.V. The hypoxic microenvironment is well-characterized in hepatocellular carcinoma (HCC). Delineation of hypoxia-responsive events is an integral part to understand the pathogenesis of HCC. We studied the functional role and clinical relevance of Stanniocalcin 1 (STC1), a hypoxia-induced molecular target, in HCC. In our clinical cohort, STC1 transcript was up-regulated in HCC tumor tissues. Moreover, STC1 protein was detected in the sera of HCC patients. A higher serum STC1 level was correlated with larger tumor size and poorer 5-year disease-free survival. Functionally, recombinant STC1 protein (rhSTC1) promoted cell migration and cell invasion in vitro; and the effect was abolished by co-treatment of anti-STC1 neutralizing antibody. By in vivo mouse model, silencing of STC1 in HCC cells downregulated secretory STC1 level and suppressed lung metastasis. Furthermore, we found that rhSTC1 activated the JNK pathway, as evidenced by altered expression of the key molecular targets pJNK and p-c-Jun. The functional effects conferred by rhSTC1 were abrogated by co-treatment of JNK inhibitor. In summary, secretory STC1 enhances metastatic potential of HCC via JNK signaling. It potentially serves as a prognostic serum biomarker and a therapeutic target for HCC.Link_to_subscribed_fulltex