Older and Mining/Construction Health. Support System (OAMHSS)

Transcription

1 Older and Mining/Construction Health Support System (OAMHSS) Yitbarek, Rahel Abraham Zegeye, Emnetu Araya Master Thesis 30 hp + 30 hp Supervisor: Helena Lindgren Examiner: Frank Drewes April 16, 2013 i Umeå University

2 Abstract The main aim of this thesis is to develop web based application which has a tailored access to information through a semantic web. It begins by analyzing the problems of privacy and security implications of healthcare technologies, Semantic Web, Resources Description Framework, Web Ontology Language, Health Information Security and Social media Security by following a method of literature review to grasp a better technological backbone for developing web based health support system to two communities of users (older adults and mining/industry workers). As a result we propose a secured architecture and implement a prototype which is compatible to different devices including smart phone. The reason behind this thesis work is to address security and privacy of semantic web users in general, older and mining/construction works in particular. The need for security in web applications has become evident with the fast growth of internet technology. The transaction of information in the internet has raise major issues like authentication, authorization, data integrity, confidentiality and access control. Hence, the application will address the above issues by authenticating users to access resources based on their assigned role. It also provides the authentication service using SOAP web service technology. Every user has some level of security to use the application. This ensures the privacy and security issues at some level. ii

3 Acknowledgement Foremost our deepest gratitude goes to the almighty God for giving us the strength and knowledge to pursue our studies. We would also like to deeply appreciate our supervisor Helena Lindgren for providing us with continuous support and advice needed for our thesis. Her guidance helped us throughout our thesis work. Besides our advisor, we would like to thank the members of research group of ACKTUS specially Chunli Yan for responding to our questions without hesitations. Finally, our senior thanks are for our family and friends for all the support they gave us in every step of the way. iii

4 Contents 1. Introduction Methodology Semantic Web RDF (Resource Description Framework) OWL (Ontology Web Language) Security Semantic web Security Healthcare Information Security Privacy and Security on Social media ACKTUS Purpose of ACKTUS The Technology of ACKTUS ACKTUS Architecture Architecture Development UseCase of the System Functional Requirements Non-Functional Requirement Architecture and technology Ontology Development Design a prototype: generic GUI for mining/construction workers and also for older adults Technology Log in page Administrator prototype Users Security Secure registration and Authentication Access control and data storage Authentication service Mobile version of the web app Discussion Technology Authentication iv

5 8.3. Authentication Service Resources Security Graphical User Interface Conclusion Future Work References v

6 Table of Figures Figure 1 RDF Triple Structure 5 Figure 2 RDF Statement 5 Figure 3 OWL sublanguages 6 Figure 4 ACKTUS architecture 14 Figure 5 Use Case for Older Adult 16 Figure 6 Use Case for New User 16 Figure 7 Use Case for Older Adult Expert and Mining/Construction workers 17 Figure 8 Use Case for Mining/Construction worker 17 Figure 9 Architecture of the web application 20 Figure 10 Ontology Diagram for Older Adult people 22 Figure 11 Main Ontology Diagram for Older Adult 23 Figure 12 Ontology Diagram for older Adult Disease 24 Figure 13 Ontology Diagram for Mining /construction worker 25 Figure 14 Main Ontology Diagram for Mining/construction worker 26 Figure 15 Ontology Diagram for Mining/construction worker Disease 27 Figure 16 Over View of the web application 29 Figur 17 Login Page 30 Figur 18 Administrator Page 31 Figur 19 Default page 32 Figure 20 Older Adult Home page 33 Figure 21 Mining/Construction workers Home page 34 Figure 22 Authentication service 36 Figure 23 GUI for Smart Phone 37 vi

7 Acronym ACKTUS Activity-Centered Modeling of knowledge and Interaction Tailored to Users EKFV6 Efterfrågestyrd Kunskapsutveckling med Forskningsgrund Version 6 GUI HTML HTTP IDE IT JDBC JSF JSP OAMHSS OWL PC RDF RDFS SOAP SPARQL SQL URI W3C WSMF XML Grapical User Interface HyperText Markup Language Hypertext Transfer Protocol Integrated Development Environment Information Tecnology Java-Based Data Access JavaServer Faces JavaServer Page Older AND Mining Health Support System Ontology Web Language Personal Computer Resource Description Framework Resource Description Framework Schema Simple Object Access Protocol SPARQL Protocol and RDF Query Language Structured Query Language Uniform Resource Identifier World Wide Web Consortium Web Service Modeling Freamwork Extensible Markup Language vii

8 viii

9 1. Introduction Today User modeling and personalization have wide spread use in many applications and systems [7]. The systems contain information about users to provide personalized access. User modeling is an integral part of any personalized information retrieval system. The user model should be adaptable in order to capture the change in information needs of the users [28]. Personalization attempts to increase attention or motivation of the users, explicitly or implicitly, that the communication is designed specifically for you [34]. As the scale of online content grows, the ability to tailor information to the tastes and preferences of individual users is becoming critical for maintaining a positive user experience [21]. Providing a healthcare with personalized service has been a goal when developing IT solutions. There are various IT services which are already available and can support e.g., elders. However, most of them are designed without considering the individual preferences, needs and situations of care-receivers. Services designed for the general user may not be suitable for real users. This is particularly true for both elderly and Mining/industry workers, since they may be subjected to different bodily and mental limitations with respect to using services. This calls for the provisioning of personalized services, according to the individual needs of each user. While this personalization technology is critical for helping the user to combat the overload of information we come across with, in many cases, we may not even realize that the system that we use in our daily life are being tailored to our personal tastes and preferences because of the way of the outcome delivered system [21]. So in this work, we seek to address these challenges by making personalization more transparent. ACKTUS (Activity-Centered Modeling of knowledge and Interaction Tailored to Users) is a prototype system that is designed for aiding the knowledge assessment of medical and health related knowledge in the process of decision support system development. The objective of ACKTUS is to support collaborative knowledge building and personalization through the use of system, and to provide tailored support for reasoning and learning through the use of end-user applications. ACKTUS is a research project directed by the Department of Computing Science at Umeå University. Our system will be integrated with ACKTUS and will communicate using web service technology [1]. This thesis is carried out as part of research project, ACKTUS. It investigates the ACKTUS user and activity model to reuse and extend, to address the problem of privacy and security implications of healthcare technologies provide to two communities of users (older adults and mining/construction workers). Failure to get access to accurate healthcare information system often causes these two communities of users (older adults and mining/industry workers) to be unnecessarily admitted to the hospital and create unnecessary psychological tension. Alternative channels of communication could improve precaution measures need to be addressed before or after any kind of medical situations. Older and Mining/Construction Health Support System (OAMHSS) Page 1

10 In addition to the above problem, the need for privacy and security implications of healthcare technologies provide to the two communities of users become necessary. So we will work towards the aim of balancing privacy and security concerns to minimize the danger of compromising the security and privacy of these users. The primary goal of this master thesis project is to provide a tailored access to the secure information primarily to the elderly and mining/construction workers. The purpose is to improve the authentication functionality of ACKTUS applications, addressing security and personalization issues. Another goal is to develop a graphical user interface for smart phone, which mediates authentication functionality and when authenticated, the ACKTUS application contents associated to the particular user. This project report contains the before mentioned issues in more detail. In Chapter 1 the overview of the project with its goals and problem description are included. In Chapter 2 the methodology carried out for this work is covered. Chapter 3 describes the components and technologies of Semantic Web. In Chapter 4 Security of semantic web, healthcare, social network are addressed. Chapter 5 describes an analysis of ACKTUS. In Chapter 6 architecture development, functional requirement and non functional requirement are addressed. Chapter 7 describes the implementation of prototype generated for the web application. Chapter 8, Chapter 9 and Chapter 10 covers discussions, conclusion and future work respectively. Older and Mining/Construction Health Support System (OAMHSS) Page 2

11 2. Methodology In this project work, a combination of methods has been used because of the nature of our investigation requires multiple methods to get them answered. Combining methods offers a great promise on flexibility of the research and draw strengths from multiple methods [10]. The methodology behind deriving the final output architecture begins by outlining the theory underlying the issues of personalization and security provided to older adult and mining/construction worker, review the backbone technology and study of related existing architecture. The main intention is to know what kinds of application are delivered to these two comminute of users and to identify technological or application limitation so that we can develop architecture that resolve these issues. In order to create bare for development, previous works related to personalization and security issues was reviewed. Existing applications and comparison of improvements on the existing applications and ACKTUS was done in order to propose suitable software architecture. This was done by literature study of related work. In addition, we reuse and extend ACKTUS activity models to include useful information for security purposes. Older and Mining/Construction Health Support System (OAMHSS) Page 3

12 3. Semantic Web As the tremendous growth of Internet, leading the web to be more essential than ever with its new web applications and sites appearing with surprising reliability letting humans directly cooperate and communicate with each other. The computer became only a communication environment without understanding the knowledge people shared about real life through web pages that could be easily accessed from anywhere. The result was an amount of knowledge stored in a hectic and unstructured way [36]. The machines are unschooled ; they don t know what to do with all the data. So most of the information s remain unusable; they do not know how to distinguish an image from a video file or to make connections between data. This is when the questions like, how reality can be modeled from the perspective of computer and web expansion? And how knowledge can be represented in way that computers can also understand it? came to picture [36]. As result to these critical questions the concept of Semantic Web came to existence. In which the idea was propagate by the World Wide Web Consortium (W3C), an international standardization body for the Web. The Semantic Web is an extension of the current Web in which information is given welldefined meaning, better enabling computers and people to work in cooperation[6, pp36]". It is also highly intelligent and sophisticated web technology that needs less human intervention to perform tasks such as scheduling appointment, coordinating activities, searching for complex documents as well as integrating disparate databases and information system. While going through these developments of semantic web, current technologies such as ontology matching, intelligent agents and markup languages are making contributions [25]. Semantic web has brought benefits to the current web technology by using machine understandable language. it is the idea of having data on the web defined and linked in a way that it can be used for more effective discovery, automation, integration and reuse across various applications,data can be share and processed by automated tools as well as by people [38, pp1][44] RDF (Resource Description Framework) RDF Is a framework for describing resources stored in various locations designed to be read and understood by computers, not necessarily by people. It basically uses XML syntax but has support to express semantics [5]. The intention of RDF is to give a standard way of specifying data "about" something. It has a benefit of giving a structured approach to design an XML documents, facilitate a quickly recognition of the flaw and inconsistencies of non-rdf-compliant XML designs, enhanced understanding of our data and placement of this data for the Semantic Web [14]. RDF has received widespread acceptance as its documents are built using XML [5]. RDF is used as an essential data model with a basic building block of an object-attributevalue triple, called a statement (Figure 1 RDF Triple Structure). Every RDF statement (Figure 2 RDF Statement) is described in terms of these triples (subject, predicate, and object). As Older and Mining/Construction Health Support System (OAMHSS) Page 4

13 most other resources on the Web, all components of a statement are uniquely identified using a URI. Figure 1 RDF Triple Structure Resources could be an HTML or XML documents that are accessible by an URI on the web and can be described using RDF statements. A property defines a relation between resource and an atomic value. A value can be either a simple character or a resource. In general RDF statement specifies a value for a property of a resource [31], [14]. Figure 2 RDF Statement In addition, RDF also lets users express resources using their own vocabularies. It does not make assumptions about any particular application domain, nor does it define the semantics of any domain. Is it up to the user to do so in RDF Schema (RDFS).RDFS is an extension of RDF that defines the vocabulary used in RDF data models. In RDFS we can define the vocabulary, specify which properties apply to which kinds of objects and what values they can take, and describe the relationships between objects [14]. The most commonly used query language for RDF is SPARQL. SPARQL is based on graph pattern matching. A pattern basically is a graph template formulated by using variables in subject, predicate or objects positions. The values obtained during graph pattern matching can be used again to create valid RDF which may but needs not be different from the input graph. Hence, SPARQL is a powerful mechanism for information extraction and reuse [33] OWL (Ontology Web Language) Older and Mining/Construction Health Support System (OAMHSS) Page 5

14 OWL is standardize ontology language designed for the Semantic Web and used to capture the knowledge in a machine understandable way. It has a purpose of developing ontologies that are compatible with the World Wide Web. OWL builds on RDF and RDF Schema, and uses RDF's XML syntax. It gathers information into ontologies, from normally stored Web documents written in RDF/XML. It supports expressive statements in a manner that allow scalability [15]. Since OWL is the latest Ontology language, it should be compatible with previous features of ontology language. There was already several ontology languages designed for use in the web by the time OWL appear. OWL has various desirable features while still retaining sufficient compatibility with the existing ontology languages [21]. In particular, OWL is expected to provide structured vocabularies that clarify the relationship among different objects or individuals, allowing machine and humans to interpret their meaning without unambiguity [21]. Ontology and ontology- based mark-up language could be used in e-commerce where they can facilitate communication by providing common vocabularies, web and grid service. They can also help to get rich service description in order to locate suitable services and search engine where they can help to obtain semantically the same page even though they are different syntactically. To be able to have these features, OWL needs to use and extend RDF and others previous technologies in an important ways [21]. OWL has more services for expressing meaning and semantics than XML, RDF, and RDF-S, and thus OWL goes beyond these languages in its capability to represent machine interpretable content on the Web [15]. OWL has three different sublanguages, each move toward fulfilling different aspects of requirements [15] (Figure 3 OWL sublanguages): OWL FULL: is the entire language with an advantage of fully upward compatible with RDF, both syntactically and semantically. Any legal RDF document is also a legal OWL Full document, and any valid RDF/RDF Schema conclusion is also a valid OWL Full conclusion. OWL DL: is a sublanguage of OWL Full which limits the way in which the constructors from OWL and RDF can be used. It has a benefit of allowing efficient reasoning support even if it loses full compatibility with RDF. OWL Lite: is a sublanguage which is both easier to grasp and implement with more restricted expressivity limits than OWL DL. Figure 3 OWL sublanguages Older and Mining/Construction Health Support System (OAMHSS) Page 6

15 4. Security Nowadays the development of information system technologies has resulted in automating several applications in various health areas. The surface of health care is changing as many technologies are currently being adopted and being incorporated into the existing infrastructure. The combination of these technologies will improve the quality of health care by making it more personalized and reduces medical errors. While there are benefits to technologies, related privacy and security issues need to be analyzed in order to endorse and maintain fundamental medical ethical principles and social expectations [26]. Information has become an essential resource in many organization especially data in health areas are very sensitive and therefore, it is very important to efficiently access to, share the data and extract information from the data [5]. These issues include access rights to data, how and when data is stored, security of data transfer, data analysis rights, and the governing policies. While there are current regulations for medical data, these must be reevaluated as an adoption of new technology changes how health care delivery is done. As described above, even if making use of information has become very significant, extracting secured information in the form of pattern and trends has also become important. Security and privacy are more than just user privileges and password enforcement. It is a multidimensional business authoritative; especially for platforms that are responsible for user s data [35]. One of our main focuses on this paper is security, concerning the semantic web. While the current ACKTUS system facilitates the integration of information from the syntactic point of view using the current web technologies, there is still a lot to be done to integrate various issues and security. That is, the current ACKTUS system is accessible through the web where players in different domain contribute with their experience, knowledge and skill [1]. In the mean time the system architecture that we are going to develop will have a communication with ACKTUS data source, sesame repository. However, it is also very important that ACKTUS is secure. Since our main technology will be the semantic web, we are going to investigate and research on the components that constitute the semantic web. The components include, XML, RDF and Ontologies. The components have to be integrated securely. To do all this, we critically need standards for securing the semantic web such as specification for secure XML, secure RDF and secure interoperability [5] Semantic web Security Resources and services on the web need to be secured from unauthorized access and software agents accessing online resources in place of a user. So a wide range of security related issues, such as authentication, access control, confidentiality, data integrity and Older and Mining/Construction Health Support System (OAMHSS) Page 7

16 privacy are important for secured web resource access. Currently, low level security, digital signature mechanism and others provide security infrastructure for web-based interactions [21]. However, there is still a big security hole on securing the semantic web using these mechanisms. We need to do more other than these security methods so that the information on the web can be managed, integrated and exchanged securely. Security for the semantic web is securing RDF and OWL which are components of the semantic web. RDF is the foundation of semantic web [5] and with it we need to ensure that security is preserved at the semantic level. We know that XML is the best in exchanging information through the web but it only provides a limited interoperability. Information is everywhere on the web and are essentially data that makes sense. Ontologies are playing a major role in information integration on the web. OWL is suitable for semantic web because it describes ontologies and provides interoperability across applications [22]. That is, ontologies may have security levels attached to them as certain parts of the ontologies could be secret while the other parts may be unclassified or not. Ontologies include not just a fixed property, role but any properties and constraints expressed in semantic language [5] Healthcare Information Security The emergence of internet technologies has transformed the health care sectors to experience an architectural shift in the enablement of healthcare services through internet and mobile technologies. For example, remote health monitoring, online consultation, e-prescription, e-clinical trials, patient information access and asset tracking among others. In the healthcare sector, it is often necessary to share data across organizational boundaries to support the larger interests of multiple stakeholders as well as agencies involved with public health. However, such web-enabled and mobilebased services open an intact scale of security risks and complex privacy problem. Privacy is viewed as a key leading principle of the patient physician relationship. Patients are required to share information with their physicians to facilitate correct diagnosis and treatment, and to avoid undesirable drug prescription. Over time, a patient s medical records build up significant personal information including identification, history of medical diagnosis, medical images, treatments, medication history, nutritional habits, genetic information, psychological profiles, employment history, income and physicians subjective assessments of personality and mental state. As personal health information is digitized, transmitted and quarried for effective care stipulation, new threats to patients privacy are becoming obvious [27]. Current healthcare systems are enormous networked systems managing patient data with a massive amount of users accessing health data for various contextual purposes within and across organizational boundaries. Managing information security risks for this complex healthcare system process will require investments in organizational resources and multipronged approaches. Recent policy-based studies generally classify privacy threats, or source of information security, into two areas [2]: Organizational Threats are threats arise from either from an unauthorized accesses of data by employee or an outside attacker (hacker) that break into an organization s information infrastructure to steal data or take advantage of a vulnerability of the information systems. Older and Mining/Construction Health Support System (OAMHSS) Page 8

17 Systemic threats are threats arise from people who are in the information flow chain and are authorized to access patient information. These threats occur while patient private information been used beyond its intended use. According to these recent policy based studies organizational threats has been again broadly categorized into five levels, listed in increasing order of sophistication [2] Accidental disclosure: accidental reveal of patients information by healthcare personnel to others ( e.g., message sent to wrong address or inadvertent web-posting of sensitive data ). Insider curiosity: reveling of patient s private information by authorized personnel out of inquisitiveness or personal purpose ( e.g., nurse accessing information about a fellow employee to determine possibility of a sexually transmitted disease or medical personnel accessing potentially embarrassing health information about a celebrity and transmitting it to the media ). Data breach by insider: access of patient information by personnel with the aim of passing on the information to outsider for financial purpose or vengeance. Data breach by outsider with physical intrusion: receiving of private patient information by outsider going to the facility and forcing to gain access to the system. Unauthorized intrusion of network system: Intruding of organization s network either by the outsider or previous employees, patients, or hackers to achieve access to patient information. Access to medical data is vital to many stakeholders within the healthcare domain to perform their employment in everyday circumstances, but heavily raises the potential of having privacy and security at risk. For that reason different security measures to secure both organizational threats and systematic security threats have been suggested and exercised in different organization currently. Regarding of controlling the access to private patients healthcare information, security solution like RSA security, hierarchical roles, individuals delegation of permission and resources [41] are being used. RSA security is a security solution that helps organizations detect and investigate threats that are often missed by other security tools. By combining, big data security collection, management, and analytics capabilities with full network, log-based visibility and automated threat [41] this type of security solution is used to provide organizations with the situational knowledge required to deal with their most critical security issues. This security solution support to avoid organizational threats by making a contribution on showing enterprise-wide visibility into network traffic and log event data, which lead the organization to have an inclusive view of their IT environment, enabling to prioritize threats quickly, investigate them, make quick decisions to pass security protection action[9]. On the other hand hierarchical role security solution is used to address the delegation of role base security right or denial by grouping the users [2] Privacy and Security on Social media Social networking sites on the web introduce mediated-communications into relationships development process among people [39]. It is a set of relationship that Older and Mining/Construction Health Support System (OAMHSS) Page 9

18 organizes social websites to exchange interpersonal information and connect individual together over the web. Today we have different controlling mechanisms for the exchange of interpersonal information on the social networking sites such as text messaging, instant message programs, online role playing -game, computer-supported collaborative work and online education. These applications enable individuals to communicate with one another but current known social networks limits themselves only to relationships with account on a single site. This shows us the current social web needs to extend across the entire web. Just as people can call without boundaries irrespective of which telephone provider belong to, one can send irrespective of his/her provider. So people should create networks of relationship using social web while preserving their privacy and data [43]. The question here is how these security issues will be handled in the social media. One of the major problems in social media experience by end user is lack of privacy. There is no full right for individuals to control what information stay inside privately and what leaks to the outside [39]. A user cannot manage how their information is viewed by others in different context on various social applications or even on the same social networking sites [43].This raises privacy issues. People want to have a means of controlling over their data and to communicate in a way they want. Privacy can be viewed from different perspectives and it is a complex topic. We can consider privacy as control over accessibility of social information in general. Individuals sharing information and fraternity pledging photo with their friends on social network sites probably do not expect these posted information are used as evidence to reprimand to the individual behavior [39]. Most users are not aware of their privacy in social network sites, they do not stop data leaking which may give users data to other companies or even for governments without permission of the user. Public key encryption could be one solution to keep data private [43]. There are also challenges in the health care setting while using social networking sites like FaceBook and Twitter. Health care organization requires to specify what types of personal information must be kept private. Today more employees are using social network sites, at the same time the danger of confidential information becoming public increases. For example, if an employee posts some patient record in social network sites, it will lead to the violation of Health care privacy of data rules. Employees using social networking sites are vulnerable to identity theft as well as to possibility of security violation via inference to the patient private records. Attributes of personal information such as a person s social security number, street address, phone number, financial information or confidential information is not recommended to be published online for security purpose. Posting sensitive data in the social network could lead to an organization s breach of confidentiality or an individual s breach of privacy. Any social network user should not share confidential information. He/she should only post information that he/she is comfortable with [39]. In addition, HTTPS Encryption is used as a mechanism of protecting private information in the social media. It is stated to be one of the social security solutions which is used by many social networking sites such as Google+ and Twitter. This method is used to Older and Mining/Construction Health Support System (OAMHSS) Page 10

19 guarantee that communications between individuals or entities remain secure and invisible to unwanted third parties [40]. Older and Mining/Construction Health Support System (OAMHSS) Page 11

20 5. ACKTUS Web-based applications have users with different education level, learning styles, interests, surroundings and preferences regarding information presentation over the Internet [20]. This has been the reason to research on interfaces that can be designed to recognize the motives and uniqueness of the user and adapt accordingly. In order to achieve adaptability of personalized information, it is important to observe the user s behavior, and make predictions based on those observations. The information pertaining to individual user obtained from such observations is known as a user model [20]. Application for healthcare domain service with customized environment according to the user s preference is fundamental. In this paper we will utilize and extend the ACTUS user and activity model for tailoring and develop an architecture to personalize for two communities of users (older adults and mining/industry workers) stored as RDF- database (Sesame repository) which is part of ACKTUS.[1] The common user model is implemented as an RDF/OWL ontology functioning as part of ACKTUS, a knowledge and interaction modeling prototype application for the health domain. The knowledge and interaction is primarily modeled by domain experts. Consequently, focus has been on their explicitly defined user scenarios where they adapt the knowledge to different characteristics by using simple rules. However, there is a need to extend the tailored support by supplementing the adaptability of ACKTUS applications with adaptive functionality [20] Purpose of ACKTUS ACKTUS is a collaborative knowledge modeling environment that designed to allow domain experts who are unfamiliar with knowledge engineering to create, maintain and model the knowledge content, and design knowledge-based applications interaction. Its main provision is to provide tailored support for reasoning and learning through the use of end-user application for medical and health related areas in decision support system [17]. The system is used for developing knowledge based support system: Provide personalized knowledge systems in the domains of dementia, rehabilitation of older adults and occupational health [1]. Provide adaptive communication interface between user and computer, with a low-tech profile, while encouraging its use by providing a simple and friendly interface, Develop interactive medium that allows people with the same incapacity or experience, common interest, and concerns to share information, experiences and advice. Help users such as elderly and mining/industry workers to monitor and take precaution measures in their health The Technology of ACKTUS ACKTUS is a growing semantic web application which is built up the activity-theory based ACTclin framework. ACKTUS consists of a service-oriented architecture, which includes RDF/OWL ontology, Sesame repositories and dedicated user interfaces [17]. Older and Mining/Construction Health Support System (OAMHSS) Page 12

21 The original version of RDF/OWL ontology produced for ACKTUS was build using Protégé 1 which is based on structured language like XML or RDF for initiating the distribution and reusing of knowledge. In ACKTUS, each domain repository have individual Case repository for storing information, reasoning and increasing querying capability. ACKTUS has a web interface application for the user to interact with it which is built on java. This knowledge provided to the users are structured in a Scalable vector graphics (SVG) that uses Graphviz 2 package technology which is embedded in XHTML ACKTUS Architecture Ontology is used to manage knowledge about some specific domain in a structured system of concept, properties and their relationship. ACKTUS consists of a devoted core ontology which provides a semantic model for both data structure, reasoning and interaction design. Each domain within ACKTUS uses this core ontology with some specific extension for each of them. The knowledge building in ACKTUS is performed in a collaborative way such that an expert in a specific domain can add knowledge in the system which is also can be viewed and altered by other expert users of the system. The schematic architecture of ACKTUS structure is shown in Figure 4 ACKTUS architecture. The figure focuses on the general structure of ACKTUS, its services, core ontologies and RDF repository. ACKTUS architecture allows expert users with a specified authentication to write application that can access and manipulate the information using readily available internet technologies like HTTP. The data on the semantic web or from the browser is modeled and represented in RDF. The server used in the ACKTUS system performs mapping of the data to the database content, and allows RDF to be browsed and searched after requests have been made from the web/browser. The ACKTUS architecture allows navigating through the sesame repository content and gives the end users RDF data in human readable format. The repository is used to store and retrieve information as well as provides querying capabilities to a user. Since ACKTUS is increasingly used and distributed over an increasing number of user categories, a scalable solution is needed for handling security and authentication. This is the main motivation of this project. 1 Protégé is a free, open source ontology editor and knowledge-base framework. 2 Graphviz is open source graph visualization software. Older and Mining/Construction Health Support System (OAMHSS) Page 13

22 Figure 4 ACKTUS architecture[17] Older and Mining/Construction Health Support System (OAMHSS) Page 14

23 6. Architecture Development This section describes the architecture of the older and mining health support system (OAMHSS) web application. It begins with identification of the system users (older adult, mining\construction workers) and move to the modeling of usecases for these users. Then we have listed both functional and non-functional requirements to provide more detailed functionalities that are used for designing the web application. The final section shows the architecture that is designed which illustrates the usage of the architecture and its components from a more practical perspective. The server-side architecture showed in this section is implementation-independent, in other word, it makes no assumptions or requisites on what technologies are used to implement the system. In our design, we have also considered the service oriented architecture design. Service Oriented Architecture is a set of principles and methodologies for designing and developing software in the form of interoperable service [19, pp4] and this time it attracts several organizations and companies by providing flexible services and cost effective to re-use functionalities captured in loosely coupled services. Semantic web service researchers are recognizing the potential of combining SOA and semantic web. The combination of OWL-S and web service modeling framework (WSMF) are aimed to providing an extensive ontology- based description framework [25]. In our work we analyzed the combination of ontology s and SOA so that we incorporate the concept of service oriented in the development of the architecture. The system will be built up on a semantic data model and will be implemented using RDF/OWL ontologies. These technologies enable to share knowledge and reuse information. The architecture allows older adult, Mining workers and domain specific experts to access and manipulate information in the form of http UseCase of the System The overall structure of the main actors of the system is presented in the form of use cases in the below figures. UseCase for Older adults: (Figure 5 Use Case for Older Adult) in this UseCase the actor (older adult) interact with the functionalities mentioned in the diagram. The main functions are, Authentication, view information from the data resources and search for health information. Older and Mining/Construction Health Support System (OAMHSS) Page 15

24 Figure 5 Use Case for Older Adult UseCase for a new user: (Figure 6 Use Case for New User) a new user to the application must first have a valid user name and password to log in to the system. So in order to have this access, he/she must apply and get register to be a user of the application Figure 6 Use Case for New User UseCase for an expert of both older adult and mining/construction workers: (Figure 7 Use Case for Older Adult Expert and Mining/Construction workers) an Older and Mining/Construction Health Support System (OAMHSS) Page 16

25 expert interacts with system to model knowledge resources and manage health related contents which are displayed in the user interfaces. Figure 7 Use Case for Older Adult Expert and Mining/Construction workers UseCase for mining/constriction: (Figure 8 Use Case for Mining/Construction worker) represent those users who have access to view work related health information after he/she successfully logged in to the system. Figure 8 Use Case for Mining/Construction worker Older and Mining/Construction Health Support System (OAMHSS) Page 17

26 6.2. Functional Requirements In this section we describe the requirements needed for the development of our system. For each requirement a brief description is given. Personalizing content and layout own preference The system allows the registered users to display personalized content displacement. That is a user can choose the way they want to view the retrieved content from the repository in different format like text or vocal. The users of the system can define and save a personalized composition of content, including only the content they would like to access. For example, a user may prefer having access to only the news about dementia. Login Functionality The system shall require users to login to access all the functions. The user information is stored in the system and based on the stored information; a user can get access, retrieve and view information. a) Existing users have to login to the system in order to get access from the system. b) To be able to login the users need to provide their username ( ), password and domain. There are three type of domain; admin, user and guest. c) The system will verify the given username, password and domain. d) If the user provides wrong username, password and/or domain, the system will prompt out an error message telling the user to re-enter their authentication information again. Assure users privacy protection: The system will avoid identity disclosure, unauthorized user information usage and unauthorized user access control. Authentication content restriction from the system: The system will allow the users to read and search health related information depending on the access they have on the system. Reasoning service: The system will allow the user to do assessment related to health, which are analyzed by the system and used as base for providing the user tailored advices, prepositions, conclusions or new assessment to be done. Collected Data: The system will let the user save and view the test result they took during their browsing time on the system Non-Functional Requirement The system must also conform to the following non-functional requirements. Older and Mining/Construction Health Support System (OAMHSS) Page 18

27 Ease of Use: This requirement is particularly relevant to users who are seniors or have limited knowledge of computer technology. Backend Customization: Administrators of a system can customize the source of services provided by the system using a content management system, and such modification should be transparent to the users. Web services: The system must able to seamlessly integrate heterogeneous medical services implemented on different platforms and with different technologies. Such implementation details should be transparent to users of the system Architecture and technology As the diagram in Figure 9 Architecture of the web application indicates, the web application architecture has several subcomponents. The main components of this architecture are Postgre SQL database which is used for authentication part of the system, sesame repository for storing the knowledge resource and mapping of data in RDF format, security manager and the interface. Even though it is scalable, the Sesame contains three separate repositories, one for older adult and the other one is for Mining/construction workers and care repository which are used by all users. Older and Mining/Construction Health Support System (OAMHSS) Page 19

28 Figure 9 Architecture of the web application The detailed descriptions of the main users of the system are listed below. Older adult: Older adults interact with the web application built on top of Java. The web interface provided for the older adult is used as a component which provides the communication between them and the developed web application. The web application built on the web interface will enable the Older and Mining/Construction Health Support System (OAMHSS) Page 20

29 older adult to access the data on the repositories in the form of RDF and display health related data to the users. Mining /construction workers: are also end user of the system who interacts with the user interface to retrieve health related information from their respective repositories. The information accessed by this type of user are specific to the work related information. In this case, the working environments are construction and mining industries. So, the interface will display information based on the input gathered from the user in the form of quiz which will be finally used to provide additional information to the user as an advice or recommendation. Domain expert: Tailoring activities can be defined in different ways; they include customization, end-user modification, extension, personalization. For maintaining and making sure that the system being developed provides tailored activity, we included the presence of Domain experts. The domain expert will be able to add or modify, maintain, upgrade and personalize knowledge to the users Ontology Development We have used Ontology diagram to model and show the relationship of our conceptual classes. We chose ontologies because it provides the critical semantic foundation and are focused on web-based knowledge representation. At the same time the repositories we are accessing are built on Sesame RDF technology which is a suitable for semantic web. The design schema of the database of the repository is based on ontologies. This is more declarative and beyond the human-to-human communication model. An ontology diagram for older adult is shown Figure 10 Ontology Diagram for Older Adult people. It illustrates that one of the actor of the system is a person and he/she has role which could be user, older adult or health domain expert. In addition the older adult has a property to access disease information. Older and Mining/Construction Health Support System (OAMHSS) Page 21

30 Figure 10 Ontology Diagram for Older Adult people Figure 11 Main Ontology Diagram for Older Adult is the extension of Figure 10 Ontology Diagram for Older Adult people. It also shows the example users instance Tom and John for the class older adult and health domain expert respectively. Tom and John have properties such full name, user name, password and etc. the other section of this diagram shows the communication of this application with ACKTUS and Social Network. This application consumes some services from external application. For examples it consumes reasoning services from ACKTUS as well as store resources in the case repository. Older and Mining/Construction Health Support System (OAMHSS) Page 22

31 Figure 11 Main Ontology Diagram for Older Adult Older and Mining/Construction Health Support System (OAMHSS) Page 23

32 Ontology diagram for older adult disease: (Figure 12 Ontology Diagram for older Adult Disease) it shows the mapping of resource in the triple format for reasoning service. For example, it shows how one class of resource (Dementia) is linked to others class of resources (mental disease, Alzheimer) for conforming of a conclusion or premises of having that disease or not. Figure 12 Ontology Diagram for older Adult Disease Ontology design of mining/construction workers: (Figure 13 Ontology Diagram for Mining /construction worker) it shows the overall view. The diagram show the flow of accessing health related information provide to these user by the web application. In addition it demonstrates that an actor of the application will have a role as mining people, mining health experts and/or user. Older and Mining/Construction Health Support System (OAMHSS) Page 24

33 Figure 13 Ontology Diagram for Mining /construction worker Figure 14 Main Ontology Diagram for Mining/construction illustrates the detailed information of Figure 13 Ontology Diagram for Mining /construction worker. It shows retrieval paths of resource and attributes of the mining/construction workers. It shows also how the web application designed for this user consume ACKTUS reasoning service, social network and store information in the ACKTUS Case repository. Older and Mining/Construction Health Support System (OAMHSS) Page 25

34 Figure 14 Main Ontology Diagram for Mining/construction worker Older and Mining/Construction Health Support System (OAMHSS) Page 26

35 Ontology Diagram for mining/construction worker disease: (Figure 15 Ontology Diagram for Mining/construction worker Disease) the set of triplet in this figure defines, the class describing the types of diseases and injuries in work environment. One of the injuries in Mining and construction work environment is Vibration. In this diagram, the handling of vibration is illustrated if it occurs in work place. Figure 15 Ontology Diagram for Mining/construction worker Disease Older and Mining/Construction Health Support System (OAMHSS) Page 27

36 7. Design a prototype: generic GUI for mining/construction workers and also for older adults The web is the repository for various documents, photos and videos and used for sharing information like news, research, and personal information and be a part of social media. RDF is designed to be read and understood by machines. However, most current Semantic Web contains humans as creators of data, programmers and last but not least as end user. As this overload of information we come across with increase the essentiality and convenience of Graphical User Interface to maintain simplicity, good design and features for displaying and browsing these resources become vital. We have developed a generic GUI (Graphical User Interface) for older adult as well as an end user interface for the mining/industry workers. By generic interface we mean an interface which can be accessed with both mobile and computers Technology We have built the web application using 3-tier architecture in which the client, server and database constitute the main elements. In our web application, we built our interface using myeclipse 10 IDE by using Java Server Faces components. We chose this technology as it provides a better web interface building components such as icefaces, jsf, html, and etc. The JSP pages in myeclipse are the front-ends of our application. We have also used Postgre SQL and sesame repository at the back end of the web application for storage and retrieval of system data. In addition to these technologies, the web application was developed under Tomcat on a Linux server and java programming language. Java stack works with a variety of databases and is particularly well-tuned to mainstream of databases. It also works with myeclipse development environment that is making it better to write applications. During the development of the architectural process strong emphasis was placed on the consistency of the three layers. In the beginning prototype of the user interface(jsp Pages) was created that consisted of HTML mock-up pages then developing of the Java classes was made by based on the database tables and the JSP pages. The developed web application using the above listed technologies has an overall view of the web as shown in the below diagram (Figure 16 Over View of the web application). Older and Mining/Construction Health Support System (OAMHSS) Page 28

37 Figure 16 Over View of the web application 7.2. Log in page The first page a user encounters when using the OAMPSS system is the login page. This page can be seen in Figur 17 Login Page. In the prototype developed for the web application we have prepared 3 types of domain type where every user is assigned only one of the domain type (Admin, user, guest). However people have several users roles, for example older adult, mining person and expert on mining or older adult where they can have the accesses to be redirected to different application depending on the role they chose. Here the user may choose to either log in to the system as one of the 3 types of domain choices. If the user chooses to log in to the system he/she must use a valid username, password and domain type in order to pass the authentication process. A new user is created by filling out a form consisting of some personal information such as name, address, telephone number and also identify question on the desired username( address ),user type and user role. After all the fields in the form have been validated the user will send a registration request to the administrator where this information will be stored on the Postgre SQL database and be visible in the administrator page. However administrator must authenticate and generate temporary password to the new user before it can be used to log in to the Older and Mining/Construction Health Support System (OAMHSS) Page 29

38 system. Figur 17 Login Page 7.3. Administrator prototype Administrator user type assigned to person who are working with the project of ACKTUS and involved in the administration projects work. The Administrator is responsible adding, deleting and updating user privileges to the system. The administration pages and the user pages were clearly separated to avoid difficulties with respect to security of the internal Web pages. Older and Mining/Construction Health Support System (OAMHSS) Page 30

39 Figur 18 Administrator Page 7.4. Users The target users in these web applications are older adults and mining peoples. These users have to fill the registration form to be able to get access to OAMHSS. After they receive their account information from the admin via , they can log to the main page of the system where the system end users can accesses and manipulate information in the form of http. The resources displayed in this page are stored in the form of RDF in Rehab, EKFV6 and case repositories which are allowed to be accessible to all types of users. This page is also used by the end user to choose the user role to access the specific applications. Users are grouped into a role and their access rights are based on that role. For users who have multiple user roles once they are logged to the system they can switch from one application to the other application without providing username and password again. Older and Mining/Construction Health Support System (OAMHSS) Page 31

40 Figur 19 Default page Older adult: Older adults interact with the system and access information which are stored in the rehab repositories and access the data on the repositories in the form of RDF and display health related data to the user. The default page of the Older Adult contains compilation of the tasks specific users have to perform in the system. For an older adult, this page will show both personal and health related information which is retrieved from the rehab repository. To view their profile and modify account information, the older has to press Profile button. Under the Profile button there several task that the older adult can perform like see their personal information, change their password, access external links which directs them to other application and join the social network. And also when an Older Adult pressed My Stuff, they will have sub tasks they can perform like take a precaution exam related to the doubt. They have to their health, view health related information and check their previous concerns they have stored under history. Older and Mining/Construction Health Support System (OAMHSS) Page 32

41 Figure 20 Older Adult Home page Mining and construction workers: are also end user of the system who interacts with the user interface to retrieve health related information from EKF (V6) repositories. The information accessed by this type of user is specific to health related information of the mining and construction work environment. Once a user logged in as a mining user, he/she can get access the following service from the repositories o o Profile: In this part the user can view his/her profile details. We designed user friendly interface that enable the user to get an access to the repository and display basic personal information. There is also functionalities that enables the user to modify his/her account information. In addition to these, in this section there are external links which directs the user to other application. My stuff: In this section, mining and construction workers may want to read some tips about their work related health information. So, here they can view information about their health while they are in work, how to avoid injuries, what precaution to take in case of accident and other important information. This page is also Older and Mining/Construction Health Support System (OAMHSS) Page 33

42 o interactive by providing a kind of exam to the users and display some recommendation based on the input of the users. Social Network: here the users view and interact with their friends. Figure 21 Mining/Construction workers Home page 7.5. Security The usage of computers for sensitive tasks leads to an emergent need of computer security. The overall goal of this thesis was to design web application with appropriate security functionality by structuring a security policy that protects the contents from unauthorized disclosure and authentication control. The security of a web application framework is not only the consciousness of the application, but also the underlying platform and the various technologies that have been used. So we implemented application-layer security measures to protect the web application as well as the underlying servers and databases that support them. This requires restricting access based on a username/password and domain combination, Older and Mining/Construction Health Support System (OAMHSS) Page 34

43 protecting the bean from unauthorized access and limiting a user to access only to certain functionalities. The combinations of the above three security measures are used for securing our web application. Restricting access: It checks to ensure that the user name, password and domain were contained in the database was granted access to all functionalities within the system without further verification. Protecting the Bean: the application authorized the user to executed restricting methods on the bean. Access to certain functionalities: with this security measure the user with the same role type are provided to have a different privilege to accesses to resources in the same repository Secure registration and Authentication Our web application ensures that users register their personal details (e.g. address) in a secure way during the request to get a privilege for either the Older Adult or Mining\construction web application. During this registration request the profiles of the user are stored in our Postgre SQL database which has its own security called Message Digest 5 Algorithm (MD5). It is a cryptographic function technology that is used to encrypt the some sensitive profile information of the user in the Postgre SQL database [37]. The login authentication implemented on our web application authenticates the users registered and receive the approved authentication information when accessing the web application. The web application displays the name of the authenticated user. In addition to this users are able to change their password whenever they want to Access control and data storage All files and data stored in our Postgre SQL database are protected from reading by any account other than the super account. Therefore, a user must possess the proper clearances to gain access to resources. The connection from the developed Web application to the Postgre SQL database or to the sesame repository is done with a JDBC driver. The JDBC driver provides the middle tier from Java classes to the database and sesame repository. The JDBC driver serves to translate the Java SQL statement format that the user request to access an application to the database-specific format, so that it checks the authentication of the user to the application that they are requesting for to returns the desired application page 7.6. Authentication service The authentication service we propose aims at providing secure authentication for different application to consume. With this feature, we assume that anyone can consume our authentication services, is able to obtain and login with the correct authentication privilege. Older and Mining/Construction Health Support System (OAMHSS) Page 35

44 The Provision of authentication service for consumers of our web application is performed by invoking Simple Object Access Protocol (SOAP) messages over the internet using the HTTP protocol. It is the standard protocol that has an XML-based documents format. This protocol enables to exchange information without having to know any detail about the sender and receiver. The client sends a SOAP request to the server and then the web service sends a SOAP response back to the client. The below diagram (Figure 22 Authentication service) shows the operations provided as a services and client application that consumes this authentication services Mobile version of the web app Figure 22 Authentication service We have implemented an HTML-enable web pages that is accessible though PC and also extend the possibilities to use mobile devices for browsing. It should be noted that technical development of hardware components and browsers preferable feature is excluded from the focus of the study, although technical aspects do have an impact on the usability of mobile web applications we much more focused on providing the web application through the mobile device addressing the below aspects : Navigation by this aspect we were making sure that the web application will let the users to go from home page to getting useful work done. Usability: the communication of the user and the mobile device is prepared to be easy to use. Older and Mining/Construction Health Support System (OAMHSS) Page 36