With the rapid advancement of Web-based technologies, healthcare information systems are becoming increasingly heterogeneous in terms of their architecture, composition, and runtime characteristics. A healthcare system can be composed of several stand-alone service components, such as Web services available from various distributed sources for runtime execution. We use the terms Web services and service interchangeably in this chapter to refer to the same concept. A healthcare application system can be composed of multiple autonomous geographically dispersed software services. A healthcare software service is autonomous as it has its own executable code and uses its own data or files. The composition of a healthcare system can be dynamic or static, depending on how services are connected to each other to provide the services. Some of the services are downloaded directly from the Internet and executed dynamically with the application system. The use of independent services in the healthcare information system is appealing because it supports reusability of code and far efficient utilization of network resources, and it might be cost efficient.
Key Terms in this Chapter
Security Precondition: An invariant in a sense that other entities must satisfy this before a composition takes place. It is a precondition the service user must ensure to the service provider that the required security properties are met and their validity is ensured before a service can be obtained.
Healthcare Services: A platform-independent, self-contained software with defined functionality that can provide healthcare related computing services. It provides a standard way to integrate mechanism with healthcare applications over the Web. A service can perform one or more functionalities for the complex healthcare application system.
Healthcare Service Functionality: A functionality provided by a service is a task offered by the service to its environment. A healthcare service may have one or more functionalities to offer. The client healthcare application system could use these functionalities at runtime.
Security Property: An implementation element used in a security function. A set of security properties can form a security function. A security property is an element at the lowest level of the implementation.
Security Function: The implementation of a security policy as well as a security objective. It enforces the security policy and provides required capabilities. Security functions are defined to withstand certain security threats, vulnerabilities, and risks. A security function usually consists of one or more principals, resources, security properties, and security operations.
Security-Aware Service: A service that has its own security requirements to be satisfied by the service user; in return, it guarantees certain security requirements. The approach also provides a mechanism to verify the compliance of the security requirements of the service as well as the service user.
Security Reasoning Engine: Verifies the security compliance between a service and the service user. The reasoning engine could use rules that comprise a set of criteria that could be used to assess security properties between two services. A security reasoning engine tests whether a security function has the desired security properties.
Security Postcondition: An ensured security property is a postcondition in a sense that it is the responsibility of the service or the application system to maintain the committed security assurances during the composition.