Trusted Architecture for Trusted Architecture for Securely Shared Services Securely Shared Services Generic Architecture Architecture Generic for Securely Securely Managing Managing for Employability & Healthcare Employability & Healthcare Personal Information Information Services Services Personal Web: http://tas3.eu Email: tas3@ls.kuleuven.be TAS³ is an IST FP7 funded Integrated Project TAS³ contract number 216287 Duration: 1 Jan 2008 - 31 Dec 2011 Research budget: 13.200.000 € EC Funding: 9.400.000 €
What is TAS 3 About? • TAS 3 focuses federated identity management • TAS 3 consolidates scattered research in – Security, Trust, Privacy, Digital identities, Authorization, Authentication… • TAS 3 integrates adaptive business-driven end2 end Trust Services based on personal information: – Semantic integration of Security, Trust, Privacy components • TAS 3 provides dynamic view on application-level end2 end exchange of personal data: – Distributed data repositories Trusted Architecture for Securely Shared Services 2
18 TAS 3 Partners • Coordinators: – K.U.Leuven & Synergetics • 9 Research Institutes: – Universities of Eindhoven, Karlsruhe, Kent, Koblenz-Landau, Leuven, Nottingham, Brussel, Zaragoza – Consiglio Nazionale delle Ricerche • 9 Companies & Organizations: – Custodix, Eifel ASBL, Intalio Ltd, Kenteq, Medisoft, Oracle, Risaris Ltd, SAP Research, Synergetics Trusted Architecture for Securely Shared Services 3
TAS 3 Phased Approach Phase II Phase I Phase III Requirements Analysis Update of Requirements System Design / Architect . Def. Update of System Design / Architecture Definition Final Baseline Setup Development I Development II Development III Docum . Test bed Test bed Test bed Test Bed Setup phaseI phaseII phaseIII increasing functionality as well as deepness of integration Final Versions of all TAS³ services services AdvancedVersions of all TAS³ services services services services services First Versions of all TAS³ services 6 M 12 M 18 M 24 M 30 M 36 M 42 M 48 M Trusted Architecture for Securely Shared Services 4
Support for Cross-Context Adaptable Business Processes! L 3 M 11 11 L 4 M 10 L 2 M 8 L 1 10 M 2 L 5 M 12 M 3 12 Cont Co ntext L t L M 1 M 4 K 4 K 1 M 6 M 9 K 3 M 7 K 5 K 2 M 5 Cont Co ntext K t K Cont Co ntext M t M Trusted Architecture for Securely Shared Services 5
TAS 3 ’s 4 Core Layers • Layer 1 – Authentication – Federated identities • Layer 2 – Authorization – Federated attributes • Layer 3 – Trustworthiness & Reputation scores – End-user controlled – Fine-grained role-based • Layer 4 – Data-protection policy enforcement – Sticky policies associated with information elements Trusted Architecture for Securely Shared Services 6
Business Process Service Requester Directories Service Provider Trusted Architecture for Securely Shared Services 7
Business Process Service Requester Directories Service Provider Trusted Architecture for Securely Shared Services 8
Business Process TAS3 Entry TAS3 Exit Point Point Service Requester TAS 3 Registry Service Requester • Service Providers Process Engine • Service Types • IdPs Obligations Watchdog Trust & Audit Privacy Authentication Guard Negotiator Authorities (IdPs) Policies Verifier Authorization, Dash Board Trust & Reputation • Audit Aspects Response Request Authorities • Policy Aspects Verifier Preparer Directories Response Obligations Watchdog Audit Guard Request Verifier Preparer External Policies Credentials Service Provider Log Verifier Clearing PEP Process Engine Analysis Service Dash Board Credential Actual Application • Audit Aspects Clearing PDP Engine • Policy Aspects Service Provider Trusted Architecture for Securely Shared Services 9
Business Process TAS3 Entry TAS3 Exit Point Point Service Requester TAS 3 Registry Service Requester • Service Providers Process Engine • Service Types • IdPs Obligations Watchdog Trust & Audit Privacy Authentication Guard Negotiator Authorities (IdPs) Policies Verifier Authorization, Dash Board Trust & Reputation • Audit Aspects Response Request Authorities • Policy Aspects Verifier Preparer Directories Response Obligations Watchdog Audit Guard Request Verifier Preparer External Policies Credentials Service Provider Log Verifier Clearing PEP Process Engine Analysis Service Dash Board Credential Actual Application • Audit Aspects Clearing PDP Engine • Policy Aspects Service Provider Trusted Architecture for Securely Shared Services 10
Trusted Employability Platform Employability Employability Repository Portfolio Companies Schools Private Employment Universities Trusted Trusted Services Em ployability Em ployability Platform Platform Public Training Employment Institutes Services Social Employability Network Service Social Providers Security Certification Services Services Trusted Architecture for Securely Shared Services 11
Healthcare Demonstrator Platform Services Patient • Repositories with Parties (Personal) Health • Primary care Records • Secondary care • Registries Trusted • Home care Trusted • … Healthcare Healthcare Platform Platform Associations Security Services • Patient • Authentication • Professional • Credentials • Scientific • Auditing • … Legal & Ethical Trusted Architecture for Securely Shared Services 12
eHealth – Break the Glass Service 1. (6). Access patient record Policy Policy 2. Denied 8. Granted Enforcement Decision 3. Break the Glass Point Point 5. Granted 7. Retrieve Record Obligations Patient • Break-the-Glass service Service Record – Only activated after strong authentication 4. Enforce Data – Triggers advanced & fine grained monitoring Protection Policy – Audit trail provides hard evidence Data Protection Audit Policy Guard Trail Trusted Architecture for Securely Shared Services 13
Contact Information • Web: http://tas3.eu • Email: tas3@ls.kuleuven.be Trusted Architecture for Securely Shared Services 14
Recommend
More recommend
