Security Labeling Service
Project Scope Statements
Key objectives targeted by this project: Specify interoperable Security Labeling functional capabilities that are exposed through well-defined, technology agnostic service interfaces. Functional capabilities will likely include the following component services and infrastructure:
- Security Labeling Manager (SLM), which determines how applicable policy is conveyed using security labels
- Security Labeling Service (SLS), which applies security labels per policy under direction of SLM
- Policy Adjudication Engine (PAE), which harmonizes two or more policies applicable to an IT resource
- Ontology reasoner over clinical information (clinical facts) infers applicability of security and privacy policies
- Policy inference logic – e.g., for sensitivity + policy => classification + Handling caveats; integrity confidence reflects qualitative/policy related to the set of integrity measures (quantitative)
- Trust Fabric Services for
- Monitoring reliability
- Verification of identity assertions and authorization claims
- Monitoring compliance of users with handling caveats
- Security and Privacy Ontology based terminology service
- Addition of two handling caveat tag sets: Value Dependent and Context-based controls
- Label field specification for label ID and policy ID (policy may be the result of adjudication)
- Classifier/declassifier ID, type, date, authority
- “Derivation from” provenance
- “Aggregated to” provenance
- Privacy Protective Services that enable enforcement of security label handling caveats by e.g., applying appropriate metadata to transport wrappers, encryption, redaction, masking, de-identification methods, security agents, token and key management
Generally, communication and cooperation in healthcare requires intelligent and transparent methods for communicating and imposing security and privacy aspects in an open environment.
Security labels enable the binding of more or less detailed policies to objects serving this communication and cooperation. This Access Control Information and the derived Access Control Decision Information can be standardized to enable interoperability in health and social care by respecting the required legal conditions and patient‘s intentions.
The use of Security Labels requires structuring and classifying medical multimedia information as well as a common security domain.
Driver for the development of a SLS: The increasing need to segment health data per policy into discrete units of clinically meaningful information (content management) for purposes of intra- and inter-enterprise access control and privacy protection using standard protocols and interoperable metadata vocabulary.