Integrated trust, governance and access

Transcription

1 Introduction A major problem with many information infrastructures is the management and control of information sharing from within and beyond organisational boundaries. Traditionally this will be controlled through a security policy and implemented using either network controls and/or in-built software controls, defined and managed by each data access portal; but the scope of these policies are often just defined within that organisation. As more and more information crosses organisation and domain boundaries, it becomes increasingly difficult to manage the number of possible ways that information can be shared and aggregated. A key element of this is the increasing requirement for trust between organisations and units, especially with the move towards cloud-based services. The Symphonic product overcomes these problems by creating a formal structure for the abstraction, governance and implementation of trust relationships and security policies. It enables disparate systems and domains to open up access to their services in a highly governed and secure manner, confident in the knowledge that the services/data specified in their own managed can be accessed only by those with the necessary claims to gain permission. Symphonic can be used as a full end-to-end solution for policy abstraction, implementation and controlled access to services, or can integrate each of the elements as a Service to existing applications. Symphonic Suite The Symphonic Suite consists of three core components, each of which can operate as stand-alone products or can work with each other or existing systems to provide end-to-end integration. The core components are: Symphonic - This is a trust framework tool which enables the abstraction of roles, services, trust levels and defines their trust relationship. The export from this component provides the requirements for the information sharing/service aggregation policy. Symphonic - This takes, as an input, the abstraction of the trust framework, and provides a highly efficient rules engine to quickly and securely determine if an entity has the rights to access a given service based on their claims. This crosses domain boundaries and enables authentication and attribute provision from multiple identity and attribute providers. Symphonic Gateway - This takes the rules from the governance engine, and implements them within a real-time filtering system, which controls and audits all the accesses to services between the domains.

2 Features Figure 1 outlines some of the key features of Symphonic. These include: Extendable Policy. This allows for governance policies to be created which can define micro and macro relationships of individuals, roles and relationship to services. The data owner can have full rights to how data is then used within aggregated services. Overall, Symphonic abstracts trust relationships into domain boundaries where the relationship between each boundary is abstracted, and with the implementation of governance rules for the trust relationship. Integrated. This abstracts each of the accesses to data into well-managed services, which have defined exactly how the service can be used by other domains. Novel Modelling of Policy. Symphonic has patent pending technology which models the governance rules for their operation, including for rule shadowing, anomalies, and so on. Real-time Implementation and Control of Rules. The rules either run in a filtering engine or as-a- Service for other applications. This allows the governance of trust relationships to be changed in realtime, especially to add new services or to cope with security issues. Role, Relationship and. This involves the integration of a full use case of rights of trust, governance and access, including for role, consent, relationship and delegation. Integrated Federated Identity Provision. This allows for a range of identity/attribute providers to be built into the trust, governance and access relationships, and allocates levels of trust to each of the services. Static and dynamic rules. Symphonic implements both static rules which are defined for role-based trust and access, and can also implement dynamic rules which allow users to create their own trust relationship. Integration of full-rights infrastructure. Symphonic uses a data bucket concept where each element of data has an owner and the rights of access to the data as it is aggregated into other services is control by the data owner. This gives users complete control of their own data. Plug-in integration. Symphonic can be used as-a-service or can implement a full integration of trust, governance and access. Rules defined in a structured format. This provides trust relationships and governance rules in a structured English format, which can be easily interpreted by all the stakeholders, and can be easily audited. Foundation built on ontology. The complete infrastructure is built on a unique ontology built for the trust relationships, and which is then used to formally define the governance rules and filter between domains.

3 Pseudonyms used for rule definitions. The governance rules use pseudonyms in order to obfuscate the roles, and identities of the targets. Inter- and intra-domain rights. Symphonic can be used to define the rights of access within a domain and between domains, each defined in separate contracts. Extendable Policy - Micro to macro. - Cross domain. Integrated - Full service definition Health Care Social Care Novel Modelling of Policy - Rule Shadowing. - Anomolises. etc Real-time Implementation and Control of Rules Plug-in Integration - aas - As a Service or part/ full framework Static and Dynamic Rules - System creates rights as required Education Police Strong Infrastructure Integration of Full-rights Infrastructure - bucket integration supports end-to-end rights for service aggregation. Full use case rights - Integration of role, consent, relationship and delegation. Integrated Federated Identity Provision Rules defined in structure English format Foundation built on an Ontology of the Domain Interfaces Pseudonyms used for all rule defines Inter- and Intradomain rights - Full definition of rights Figure 1: Outline features of Symphonic

4 , and Access In modern service-oriented infrastructures a user must gather claims to consume a service. Too often the service is bound to a specific authentication infrastructure which limits the scalability of the provision of the service. For more dynamic infrastructures there is no direct communication between the service and the gathering of the claims around identity and the attributes required to consume a service. Figure 2 outlines this process, where there are Terms of Service (ToS) between a user and their identity and attribute provider, another ToS between them and the service, and so on. It is the focus of the and infrastructure to define a contract which binds these terms of service together. This contract pre-defines the requirements for the claims to the service, and then is trusted to actually issue the contract for the user to consume the service. Symphonic thus abstracts the trust relations from well-defined policies. A trusted broker will then pass the requirements for a user to consume a service, and the will provide back the claims that are required to be able to consume the service. The user will then gather the claims, and the broker then passes these to the for it to check its running rules for rights to the service. If these are acceptable it will issue a service token to consume the service, which can be given back to the user, via the broker (or the service can be invoked on their behalf, and the link to the service can be returned to the user). A key element of the is the concept of role, relationship, consent and delegation, where an access can claim rights of access to a referrer. In this way the owner of the data can have rights of access based on their role (such as whether they are a GP), their relationship (such as whether they are the GP of a specific patient), their consent (whether someone has given them rights), or their delegation (where they have given delegation of authority to another person). Terms of Service Terms of Service Service (RP) Portal Policy Policy Referrer ID Terms of Service ed Broker ed / Contract Personal Storage (Consent) ed Storage (Role,, Relationship) Gateway (SPoC) Figure 2:, and Access

5 and as a Service With the complex relationships that organisations have in rights of access to services, it is becoming increasing important to abstract and fully define the trust and the levels of access to services. Symphonic provides the ability to extract the trust relationship between two domains, and then implement this as a set of rules. These are then defined in the and the, which can be easily integrated into existing applications. Figure 3 outlines a basic use case, where a broker deals with the requests from a user. It will then use the to define the requirements of the claim to a service, and the to check these rights against the actual rules of access to a service. Dynamic trust relationships can be built up for identity and attribute providers, and how these map to the role, relationship, consent or delegation that an individual has to consume a service. The service itself can be invoked by the broker or a service token can be sent back to the user for them to give to the service. In this way both legacy services and new trusted services can be integrated into the infrastructure. Referrer ID 1. Service Access 6. Claims collection 5. Claim 7. Claims ed Broker 3. Service 4. Claims Requirement 2. base 8. Claims 9. Rights ed /Atrp 10. Service Invoke [ID,Items] Service (RP) Figure 3: and as a Service

6 Symphonic Gateway Symphonic can also implement a filtering gateway which takes the rules from the, and runs them with a Gateway, which then directly runs the rules, in a similar way that a network firewall will implement the filtering of network packets. Figure 4 outlines the full integration where the abstraction of the trust relationships are used to create the rules, which are then implemented within a gateway, which in turn provides securely controlled access to the services based on the trust relationships defined back in the trust framework. This type of architecture fully implements an end-toend solution for trust relationships, where the requirements can be audit and reviewed, with control of each stage. It can also integrate with a wide range of stakeholders, using trusted identity infrastructures. 1. Service Access 5. Claim 7. Claims Referrer ID 6. Claims collection ed Broker 2. base 3. Service 4. Claims Requirement ed /Atrp 8. Claims 9. Rights 10. Service Invoke [ID,Items] Domain Ontology Service Definition Service (RP) Referrer ID ed /Atrp Rules Policy Definition Services Domain A SPoC (Gateway) Domain B Figure 4: Full integration Symphonic technology is the culmination of over 5 years research and development within Edinburgh Napier University, through collaborations with both commercial and other academic partners, aimed at revolutionising the way organisations govern the sharing of information, allowing those that operate in highly-regulated environments such as health, social care, law and finance to securely share critical, timedependent and sensitive information. The innovative architecture created by ENU allows integration of complex trust and governance frameworks for information-sharing and legal policies to be integrated into the Symphonic solution, so that any information sharing which occurs meets compliance by design.