HCLSIG/Security

From W3C Wiki
Jump to: navigation, search

HCLS Security-related activity

The utility of Semantic Web technologies for Health Care and Life Sciences is greatly enhanced if they can be applied with a reasonable security model. In general, security, access control and policies are enabling technologies, giving more agents more appropriate access to data. In health care, they are likely to give doctors and patients more access to the data they should see, and streamline data custodianship by enabling better write access to data. The rapid development of extensible languages provides a unique technical environment for matching an agent roles against data profiles (or persona, when that information is about a person).

Tools

Following is a list of ready-to-use tools at hand:

RDF over secure channels

In security models where agents known to each other exchange data via HTTP, these agents may exchange credentials before hand (e.g. public key or shared secret) and use a technology which secures the communications pipeline.

RDF/XML signed by XML-signature

XML Signature standardizes signatures over XML data. This is useful for authentication (I believe that Bob sent this message) and non-repudiation (I hold Bob responsible for the contents of this message). The signature may be embedded in the message or simply reference the message by URI.

This can be used to encapsulate any message, even none-XMLy messages like SPARQL requests:

  <Request>
    <Query id="q">
    INSERT { [] a :!PatientEncounter ;
                :!onPatient ?bob ;
                :!tests ( :!GlucoseBlood :!GlucoseUrine) . }
     WHERE { GRAPH <Patients> {
             ?bob :!patientId 12817 }
    </Query>
    <Signature><!SignedInfo><Reference URI="#q"/></!SignedInfo>...</Signature>
  </Request>


RDF/XML and XML-encryption

XML encryption selects the consumers of part or all of an XML document (only Bob may view his credit card details). As with XML Signature, encryption can be applied to an RDF/XML document. While use cases like monolithic Personal Healthcare Records motivate encryption of parts of RDF graphs, there are currently no known processors of encryption embedded in RDF/XML, e.g.

  <Patient id="bob">
    <foaf:givenName>Bob</foaf:givenName>...
    <paymentInfo>
      <!CreditCardPayment cardType="macy's">
      <!EncryptedData><ds:!KeyInfo>...</ds:!KeyInfo>
      <!CiphterData>
        rot13("<cardNumber>1234 5678 9012")
      </!CipherData>...


RDF (any form) over SSL

The proliferation of SSL and HTTPS have commoditized this otherwise complex technology to the point where almost any web agent can use SSL to both sign and encrypt the data stream. On the Semantic Web, these streams carry RDF data (e.g. the data in the above examples), SPARQL queries, and probably RIF rules. SSL libraries are easy to use and the web architecture continues to apply (ReSTful exchanges using HTTPS PUT, GET, ...).

Query Projection

A variety of tools allow one to write SPARQL queries to execute over relational stores. Most do this by re-writing to SQL, or by compiling directly to an execution plan native to a relational database. The SWObjects system adds security to query re-writes (either to SQL or to SPARQL) by injecting security constraints into the downstream query.

Identification/Authentication

Apart from secure message passing (addressed above) is the issue of distributed identity management. The simplest is to maintain a list of trusted agents, but this runs into scale and maintenance issues. Delegation and Proof Carrying Authentication ameliorate these issues with extra levels of indirection.

FOAF+SSL

FOAF+SSL relies on assertions in a social network to allow a person to grant access to not only the people he/she knows, but also, e.g. all the people that they know. While foaf:knows may not be appropriate for role delegation in health care, an analogous delegation property may assert useful privileges to roles.

Scenarios

The above technologies can be matched against the requirements of the use cases below:

Patient Privacy

Patient privacy is protected by medical ethics and a complex network of regional and national laws. Integrating the Health Enterprise (IHE) Patient Privacy Framework explores the practical requirements of a system with models and enforces these rules in a way that can be inspected and maintained.

Proof-based Data Access

Use Case: Granting Patient Data Access Based on Proof discusses a system granting specific roles (including the patient role) access to portions of a patient's data.

Resources