An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verificatio...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2012-05-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | http://www.mdpi.com/1424-8220/12/5/6129 |
| id |
doaj-d7601ba87d7d418599c608e3f51eb0fd |
|---|---|
| record_format |
Article |
| spelling |
doaj-d7601ba87d7d418599c608e3f51eb0fd2020-11-25T00:15:22ZengMDPI AGSensors1424-82202012-05-011256129615410.3390/s120506129An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-HealthFabio SanvidoPatricia AriasRosa Sánchez-GuerreroFlorina AlmenárezAndrés MarínDaniel Díaz-SánchezCredential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.http://www.mdpi.com/1424-8220/12/5/6129identity managementprivacyuser-centricfederationrevocation consentdelegationhealth careeventtheory queue |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Fabio Sanvido Patricia Arias Rosa Sánchez-Guerrero Florina Almenárez Andrés Marín Daniel Díaz-Sánchez |
| spellingShingle |
Fabio Sanvido Patricia Arias Rosa Sánchez-Guerrero Florina Almenárez Andrés Marín Daniel Díaz-Sánchez An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health Sensors identity management privacy user-centric federation revocation consent delegation health care event theory queue |
| author_facet |
Fabio Sanvido Patricia Arias Rosa Sánchez-Guerrero Florina Almenárez Andrés Marín Daniel Díaz-Sánchez |
| author_sort |
Fabio Sanvido |
| title |
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health |
| title_short |
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health |
| title_full |
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health |
| title_fullStr |
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health |
| title_full_unstemmed |
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health |
| title_sort |
event driven hybrid identity management approach to privacy enhanced e-health |
| publisher |
MDPI AG |
| series |
Sensors |
| issn |
1424-8220 |
| publishDate |
2012-05-01 |
| description |
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism. |
| topic |
identity management privacy user-centric federation revocation consent delegation health care event theory queue |
| url |
http://www.mdpi.com/1424-8220/12/5/6129 |
| work_keys_str_mv |
AT fabiosanvido aneventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT patriciaarias aneventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT rosasanchezguerrero aneventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT florinaalmenarez aneventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT andresmarin aneventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT danieldiazsanchez aneventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT fabiosanvido eventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT patriciaarias eventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT rosasanchezguerrero eventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT florinaalmenarez eventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT andresmarin eventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth AT danieldiazsanchez eventdrivenhybrididentitymanagementapproachtoprivacyenhancedehealth |
| _version_ |
1725387202655944704 |