6 resultados para security practices
em Repositório Científico do Instituto Politécnico de Lisboa - Portugal
Resumo:
A família de especificações WS-* define um modelo de segurança para web services, baseado nos conceitos de claim, security token e Security Token Service (STS). Neste modelo, a informação de segurança dos originadores de mensagens (identidade, privilégios, etc.) é representada através de conjuntos de claims, contidos dentro de security tokens. A emissão e obtenção destes security tokens, por parte dos originadores de mensagens, são realizadas através de protocolos legados ou através de serviços especiais, designados de Security Token Services, usando as operações e os protocolos definidos na especificação WS-Trust. O conceito de Security Token Service não é usado apenas no contexto dos web services. Propostas como o modelo dos Information Cards, aplicável no contexto de aplicações web, também utilizam este conceito. Os Security Token Services desempenham vários papéis, dependendo da informação presente no token emitido. São exemplos o papel de Identity Provider, quando os tokens emitidos contêm informação de identidade, ou o papel de Policy Decision Point, quando os tokens emitidos definem autorizações. Este documento descreve o projecto duma biblioteca software para a realização de Security Token Services, tal como definidos na norma WS-Trust, destinada à plataforma .NET 3.5. Propõem-se uma arquitectura flexível e extensível, de forma a suportar novas versões das normas e as diversas variantes que os Security Token Services possuem, nomeadamente: o tipo dos security token emitidos e das claims neles contidas, a inferência das claims e os métodos de autenticação das entidades requerentes. Apresentam-se aspectos de implementação desta arquitectura, nomeadamente a integração com a plataforma WCF, a sua extensibilidade e o suporte a modelos e sistemas externos à norma. Finalmente, descrevem-se as plataformas de teste implementadas para a validação da biblioteca realizada e os módulos de extensão da biblioteca para: suporte do modelo associado aos Information Cards, do modelo OpenID e para a integração com o Authorization Manager.
Resumo:
One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter's computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election's integrity. For instance, it is possible to write a virus that changes the voter's vote to a predetermined vote on election's day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter's vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors. We propose the use of Code Voting to overcome insecurity of the client platform. Code Voting consists in creating a secure communication channel to communicate the voter's vote between the voter and a trusted component attached to the voter's computer. Consequently, no one controlling the voter's computer can change the his/her's vote. The trusted component can then process the vote according to a cryptographic voting protocol to enable cryptographic verification at the server's side.
Resumo:
Several antineoplasic drugs have been demonstrated to be carcinogenic or to have mutagenic and teratogenic effects. The greatest protection is achieved with the implementation of administrative and engineering controls and safety procedures. Objective: to evaluate the improvements on pharmacy technicians' work practices, after the implementation of operational procedures related to individual protection, biologic safety cabinet disinfection and cytotoxic drug preparation. Method: case-study in a hospital pharmacy undergoing a certification process. Six pharmacy technicians were observed during their daily activities. Characterization of the work practices was made using a checklist based on ISOPP and PIC guidelines. The variables studied concerning cleaning/disinfection procedures, personal protective equipment and procedures for preparing cytotoxic drugs. The same work practices were evaluated after four months of operational procedures implementation. Concordance between work practices and guidelines was considered to be a quality indicator (guidelines concordance practices number/total number of practices x 100). Results: improvements were observed after operational procedures implementation. An improvement of 6,25% in personal protective equipment practice was achieved by changing second pair of gloves every thirty minutes. The major progress, 10%, was obtained in disinfection procedure, where 80% of tasks are now realized according to guidelines.By now, we hot an improvement of only 1% at drug preparation procedure by placing one cytotoxic drug at a time inside the biological safety cabinet. Then, 85% of practices are according to guidelines. Conclusion: before operational procedures implementation 80,3% of practices were according to the guidelines, while now is 84,4%. This indicates that is necessary to review the procedures frequently in the benefit to reduce the risks associated with handling cytotoxic drugs and maintenance of drug specifications.
Resumo:
To mimic the online practices of citizens has been declared an imperative to improve communication and extend participation. This paper seeks to contribute to the understanding of how European discourses praising online video as a communication tool have been translated into actual practices by politicians, governments and organisations. By contrasting official documents with YouTube activity, it is argued that new opportunities for European political communication are far from being fully embraced, much akin to the early years of websites. The main choice has been to use YouTube channels fundamentally for distribution and archiving, thus neglecting its social media features. The disabling of comments by many heads of state and prime ministers - and, in 2010, the European Commission - indicates such an attitude. The few attempts made to foster citizen engagement, in particular during elections, have had limited success, given low participation numbers and lack of argument exchange.
Resumo:
Mestrado em Gestão e Empreendedorismo
Resumo:
Mestrado em Intervenção Sócio-Organizacional na Saúde - Área de especialização: Políticas de Administração e Gestão de Serviços de Saúde
