COASTmed: software architectures for delivering customizable, policy-based differential web services
Pages 634 - 637
Abstract
Inter-organizational exchange of personal information raises significant challenges in domains such as healthcare. First, trust among parties is not homogenous; data is shared according to complex relations. Second, personal data is used for unexpected, often divergent purposes. This tension between information need and provision calls for custom services whose access depends on specific trust and legal ties. Current Web services are "one-size-fits-all" solutions that do not capture nuanced relations nor meet all users' needs. Our goal is providing computation-enabled services which: (a) are accessible based on providers' policies, and; (b) allow user-controlled customization within the authority granted. We present our proposed solutions in COASTmed, a prototype for electronic health record (EHR) management which leverages novel architectural principles and formal policies.
References
[1]
A. Anderson. An introduction to the web services policy language (WSPL). In 5th IEEE International Workshop on Policies for Distributed Systems and Networks., pages 189–192, 2004.
[2]
M. Y. Becker and P. Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks, pages 159–168, 2004.
[3]
D. M. Eyers, J. Bacon, and K. Moody. OASIS role-based access control for electronic health records. IEE Proceedings-Software, 153(1):16–23, 2006.
[4]
M. M. Gorlick, K. Strasser, and R. N. Taylor. Coast: An architectural style for decentralized on-demand tailored services. In Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture, pages 71–80, 2012.
[5]
L. Kagal, T. Finin, and A. Joshi. A policy based approach to security for the semantic web. In The Semantic Web - ISWC 2003, number 2870 in Lecture Notes in Computer Science, pages 402–418. Springer Berlin Heidelberg, Jan. 2003.
[6]
L. Kagal, T. Finin, M. Paolucci, N. Srinivasan, K. Sycara, and G. Denker. Authorization and privacy for semantic web services. IEEE Intelligent Systems, 19(4):50–56, 2004.
[7]
R. Kazman, G. Abowd, L. Bass, and P. Clements. Scenario-based analysis of software architecture. IEEE Software, 13(6):47–55, 1996.
[8]
P. Kumaraguru, L. Cranor, J. Lobo, and S. Calo. A survey of privacy policy languages. In 3rd ACM Symposium on Usable Privacy and Security, 2007.
[9]
A. Rezgui, M. Ouzzani, A. Bouguettaya, and B. Medjahed. Preserving privacy in web services. In 4th international workshop on Web information and data management, pages 56–62, 2002.
[10]
J. Wong and J. I. Hong. Making mashups with marmite: Towards end-user programming for the web. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’07, pages 1435–1444, New York, NY, 2007. ACM.
[11]
E. Yuan and J. Tong. Attributed based access control (ABAC) for web services. In IEEE International Conference on Web Services, 2005.
Index Terms
- COASTmed: software architectures for delivering customizable, policy-based differential web services
Recommendations
Using Semantics for Policy-Based Web Service Composition
Proliferation of Web technologies and the ubiquitous Internet has resulted in a tremendous increase in the need to deliver one-stop Web services, which are often composed of multiple component services that cross organizational boundaries. It is ...
Web Services Policies
In addition to the basic Web services architecture, various specifications already exist for adding security, reliable messaging, and transaction mechanisms to Web services messages. All of these include numerous options to let them meet various ...
Composing Web Services: A QoS View
An Internet application can invoke several services--a stock-trading Web service, for example, could invoke a payment service, which could then invoke an authentication service. Such a scenario is called a composite Web service, and it can be specified ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2014
741 pages
ISBN:9781450327688
DOI:10.1145/2591062
- General Chair:
- Pankaj Jalote,
- Program Chairs:
- Lionel Briand,
- André van der Hoek
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
- TCSE: IEEE Computer Society's Tech. Council on Software Engin.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 31 May 2014
Check for updates
Author Tags
Qualifiers
- Article
Conference
ICSE '14
Sponsor:
ICSE '14: 36th International Conference on Software Engineering
May 31 - June 7, 2014
Hyderabad, India
Acceptance Rates
Overall Acceptance Rate 276 of 1,856 submissions, 15%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 123Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 22 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in