ABSTRACT
Inter-organizational exchange of personal information raises significant challenges in domains such as healthcare. First, trust among parties is not homogenous; data is shared according to complex relations. Second, personal data is used for unexpected, often divergent purposes. This tension between information need and provision calls for custom services whose access depends on specific trust and legal ties. Current Web services are "one-size-fits-all" solutions that do not capture nuanced relations nor meet all users' needs. Our goal is providing computation-enabled services which: (a) are accessible based on providers' policies, and; (b) allow user-controlled customization within the authority granted. We present our proposed solutions in COASTmed, a prototype for electronic health record (EHR) management which leverages novel architectural principles and formal policies.
- A. Anderson. An introduction to the web services policy language (WSPL). In 5th IEEE International Workshop on Policies for Distributed Systems and Networks., pages 189–192, 2004. Google ScholarDigital Library
- M. Y. Becker and P. Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks, pages 159–168, 2004. Google ScholarDigital Library
- D. M. Eyers, J. Bacon, and K. Moody. OASIS role-based access control for electronic health records. IEE Proceedings-Software, 153(1):16–23, 2006.Google ScholarCross Ref
- M. M. Gorlick, K. Strasser, and R. N. Taylor. Coast: An architectural style for decentralized on-demand tailored services. In Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture, pages 71–80, 2012. Google ScholarDigital Library
- L. Kagal, T. Finin, and A. Joshi. A policy based approach to security for the semantic web. In The Semantic Web - ISWC 2003, number 2870 in Lecture Notes in Computer Science, pages 402–418. Springer Berlin Heidelberg, Jan. 2003.Google Scholar
- L. Kagal, T. Finin, M. Paolucci, N. Srinivasan, K. Sycara, and G. Denker. Authorization and privacy for semantic web services. IEEE Intelligent Systems, 19(4):50–56, 2004. Google ScholarDigital Library
- R. Kazman, G. Abowd, L. Bass, and P. Clements. Scenario-based analysis of software architecture. IEEE Software, 13(6):47–55, 1996. Google ScholarDigital Library
- P. Kumaraguru, L. Cranor, J. Lobo, and S. Calo. A survey of privacy policy languages. In 3rd ACM Symposium on Usable Privacy and Security, 2007.Google Scholar
- A. Rezgui, M. Ouzzani, A. Bouguettaya, and B. Medjahed. Preserving privacy in web services. In 4th international workshop on Web information and data management, pages 56–62, 2002. Google ScholarDigital Library
- J. Wong and J. I. Hong. Making mashups with marmite: Towards end-user programming for the web. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’07, pages 1435–1444, New York, NY, 2007. ACM. Google ScholarDigital Library
- E. Yuan and J. Tong. Attributed based access control (ABAC) for web services. In IEEE International Conference on Web Services, 2005. Google ScholarDigital Library
Index Terms
- COASTmed: software architectures for delivering customizable, policy-based differential web services
Recommendations
Using Semantics for Policy-Based Web Service Composition
Proliferation of Web technologies and the ubiquitous Internet has resulted in a tremendous increase in the need to deliver one-stop Web services, which are often composed of multiple component services that cross organizational boundaries. It is ...
Web Services Policies
In addition to the basic Web services architecture, various specifications already exist for adding security, reliable messaging, and transaction mechanisms to Web services messages. All of these include numerous options to let them meet various ...
Composing Web Services: A QoS View
An Internet application can invoke several services--a stock-trading Web service, for example, could invoke a payment service, which could then invoke an authentication service. Such a scenario is called a composite Web service, and it can be specified ...
Comments