Technical Perspective of Authentication Policy Extension for the Adaptive Social Services and e-Health Care Management

Technical Perspective of Authentication Policy Extension for the Adaptive Social Services and e-Health Care Management

Masakazu Ohashi (Chuo University, Japan), Nat Sakimura (Nomura Research Institute, Japan), Mituo Fujimoto (Nomura Research Institute, Japan), Mayumi Hori (Hakuoh University, Japan) and Noriko Kurata (Chuo University, Japan)
DOI: 10.4018/978-1-4666-3986-7.ch037


The substantiative study of private information box project of Japanese e-Government proved the effectiveness of the New Authentication Extension Technology to combine different social infrastructures to create new Secure services between Public Sector and Private Sector (Citizen). However, there are still issues to cope with outside of the realm of technology including accountability of each participants and the level of the service, OpenID and SAML are key federated identity protocols. Both SAML and OpenID define mechanisms in support of expressing assurance information on protocol messages, Authentication Context and the Provider Authentication Policy Extension (PAPE), respectively. In deployment scenarios that require proxying from one of the protocols to the other, it becomes necessary to map to and from the corresponding assurance mechanisms. This chapter provides theoretical study of Social and e-Health Data secure exchange methodology on this mapping and related issues.
Chapter Preview

Technical Method Of The Adaptive E-Health Care Management Based On Authentication Policy Extension

The extended authentication functions are developed in a way that health data retained by healthcare organizations and the public sector are safely obtained by citizens (private sector), and can be further transferred to doctors and healthcare providers. With this technology, a system is developed in which various medical data become available, and they are safely exchanged among healthcare organizations (doctors and the public sector) and citizens through an electronic private information box advocated by the government.

For authentication, the authors had developed the concept of “Reliable Social Infrastructure Network” for the government regulatory reform in 2005. This is based on the ideas of distributed social systems that foresaw the emergence of cloud computing which is currently in progress. In order to realize a safe information society based on a reliable network infrastructure, the following three infrastructures need to be established: security, identity, and services. Especially for the purpose of appropriate use of information, the identity infrastructure is essential along with digital information and the time stamp that proves its originality.

Appropriate Use of Information

The following are critical for appropriate use of information:

  • 1.

    Integrated management and operation of all identities utilizing the information system in the distributed environment (Identity Infrastructure).

  • 2.

    Strict authorization process (authentication, authorization, and attribute) and information access control (Identity Infrastructure).

  • 3.

    Recording each information access administered by individual entities, enabling the third-party to prove the originality of information (Time Stamp).

The five A’s:

  • 1.

    Authentication: Information required to identify users.

  • 2.

    Authorization: Authority information provided to users (information access and operation authorization).

  • 3.

    Attribute: Users’ attribute (affiliation, titles, etc).

  • 4.

    Administration: Appropriate operation and management of identity.

  • 5.

    Audit: Assurance or explanation of the absence of security problems.

Key Terms in this Chapter

E-Health: Healthcare practice supported by electronic processes and communication.

Social Services: A professional and academic discipline committed to the pursuit of social welfare, social change, and social justice. The Service improves the quality of life and to the development of the potential of each individual, group, and community of a society.

Proxing Assurance: Federation protocols like SAML and OpenID may be deployed in combination. Federated identity requires assurance information to flow along with identity information for anything but trivial applications. ’Policy interoperability’ requires that assurance policy can persist across the boundaries between protocols.

OpenID: Users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.

Authentication Extension: Protocol over the authentication.

Information Box Project: Japanese governmental project performed by Ministry of Economic Trade and Industry.

Contract Exchange: The specification that allows parties to exchange a mutually-digitally-signed contract leveraging on OpenID Authentication 2.0 and OpenID Attribute Exchange 2.0 via the appropriate bindings defined in the specification.

SAML: Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.

Complete Chapter List

Search this Book: