Solución para la delegación de identidad en Sistemas de Gestión de Identidad paneuropeos basada en infraestructuras de certificación y lenguajes formales de asertos de seguridad

La estrategia i2010 de la UE tiene como objetivo garantizar el liderazgo europeo en materia de TIC y poner los beneficios de la Sociedad de la Información al servicio de la economía, la sociedad y la calidad de vida personal, teniendo presente que los éxitos de Europa hasta la fecha se han basado en favorecer la competencia leal en los mercados de las telecomunicaciones y crear un mercado sin fronteras para contenidos y medios de comunicación digitales. En esta línea, la Comisión Europea ha establecido que los distintos estados miembros deben contribuir activamente al desarrollo y uso seguro de los servicios telemáticos entre sus ciudadanos. Más concretamente, atribuye a las Administraciones Públicas, tanto a nivel nacional, regional como local, un papel dinamizador de la Sociedad de la Información que les obliga a ofrecer paulatinamente todos los actos administrativos a los ciudadanos a través de Internet. Como primer paso para el uso seguro de los servicios telemáticos que ofrecen las instituciones públicas se hace preciso dotar a los ciudadanos de una identidad digital que les permita identificarse ante un Proveedor de Servicio o ante otros ciudadanos de manera inequívoca. Por esta razón, la mayoría de países europeos – y otros en el resto del mundo – están promoviendo, sistemas fiables de gestión de identidad electrónica (eIDM), de tal manera que los ciudadanos, las empresas y departamentos gubernamentales (incluso en Estados miembros diferentes) pueden identificar y certificar sus operaciones con precisión, rapidez y sencillez. Sin embargo, la gestión de esta identidad por las Administraciones Públicas supone un importante desafío, acentuado cuando se hace necesaria la interoperabilidad entre Administraciones de diferentes países, puesto que personas y entidades tienen credenciales de identificación diferentes en función de su propio marco jurídico nacional. Consciente del problema, en la Unión Europea se han puesto en marcha una serie de proyectos con el objetivo de conseguir la interoperabilidad de los eIDMs entre las instituciones públicas de diferentes Estados miembros. A pesar de ello, las soluciones adoptadas hasta la fecha son insuficientes porque no prevén todos los posibles casos de interacción del usuario con las instituciones. En concreto, no tienen en cuenta un aspecto muy importante que se ofrece en los distintos sistemas jurídicos nacionales, a saber, la delegación de la identidad, mediante la cual un ciudadano puede autorizar a otro para que actúe en su nombre para acceder a determinados servicios prestados por las instituciones públicas. En esta tesis se realizan un conjunto de aportaciones que dan solución a distintos aspectos de los problemas planteados y que, de forma conjunta, permiten la interoperabilidad y la delegación de identidad en determinados Sistemas de Gestión de Identidad aplicados al entorno de las Administraciones Públicas. En el caso de la delegación, se ha definido un sistema de delegación dinámica de identidad entre dos entidades genéricas que permite solucionar el problema del acceso delegado a los servicios telemáticos ofrecidos por las Administraciones Públicas. La solución propuesta se basa en la generación de un token de delegación, constituido a partir de un Certificado Proxy, que permite a la entidad que delega establecer la delegación de identidad en otra entidad en base a un subconjunto de sus atributos como delegador, estableciendo además, en el propio token de delegación, restricciones en el conjunto de servicios accesibles a la entidad delegada y el tiempo de validez de la delegación. Adicionalmente, se presentan los mecanismos necesarios tanto para poder revocar un token de delegación como para comprobar sin un token de delegación ha sido o no revocado. Para ello se propone una solución para la identificación unívoca de tokens de delegación y la creación de una nueva entidad denominada Autoridad de Revocación de Tokens de Delegación. Entre las características del sistema de delegación propuesto destaca el que es lo suficientemente seguro como para ser utilizado en el entorno de la Administración Pública, que no requiere el uso de mecanismos off‐line para la generación de la delegación y que se puede realizar la delegación de forma instantánea y sin la necesidad de trámites complejos o la participación de un elevado número de entidades. Adicionalmente, el token de delegación propuesto es perfectamente integrable en las infraestructura de clave pública actual lo que hace que, dado que gran parte de las Administraciones Públicas europeas basan sus sistemas de identidad digital en el uso de la PKI y certificados de identidad X.509, la solución pueda ser puesta en marcha en un entorno real sin necesidad de grandes cambios o modificaciones de comportamiento. En lo referente a la interoperabilidad, se realiza un análisis exhaustivo y la correspondiente evaluación de las principales propuestas de Sistemas de Gestión de Identidad orientados a conseguir la interoperabilidad realizadas hasta la fecha en el marco de la Unión Europea y se propone, a alto nivel, una arquitectura de interoperabilidad para la gestión de identidad en las Administraciones Públicas. Dicha arquitectura es lo suficientemente genérica como para poder ser aplicada tanto en el entorno pan‐Europeo como en los entornos nacionales, autonómicos y locales, de tal forma que la interoperabilidad en la gestión de la identidad esté garantizada en todos los niveles de la Administración Pública. Por último, mediante la integración de la solución de delegación dinámica de identidad y la arquitectura de interoperabilidad propuestas se presenta una solución al problema de la delegación en un escenario pan‐Europeo de gestión de identidad, dando lugar a una arquitectura global de interoperabilidad pan‐Europea con soporte a la delegación de identidad. SUMMARY The i2010 European Union Plan aims to ensure European leadership in ICT and to promote the positive contribution that information and communication technologies can make to the economic, social and personal quality of life, bearing in mind that, to date, success in Europe has been based on promoting fair competition in telecommunications markets and on creating a borderless market for contents and digital media. In this line, the European Commission has established that the different member states should contribute actively to the development and secure use of telematic services among their citizens. More specifically, it is attributed to national, regional and local Public Administrations to have a supportive role of the Information Society, requiring them to gradually provide the citizens with Internet‐based access to all administrative procedures acts. As a first step for the secure use of telematic services offered by public institutions, it is necessary to provide the citizens with a digital identity to enable them to identify themselves unequivocally to a Service Provider or to other citizens. For this reason, most European countries ‐ and others in the rest of the world ‐ are promoting reliable systems for managing electronic identity (eIDM), so that citizens, businesses and government departments (even in different Member States) can identify and certify their operations with precision, speed and simplicity. However, the identity management by Public Administrations is a major challenge that becomes more difficult when interoperability between administrations of different countries is needed, due to the fact that individuals and entities have different identification credentials according to their own national legal framework. Aware of the problem, the European Union has launched a series of projects with the aim of achieving interoperability of eIDMs between public institutions of different Member States. However, the solutions adopted to date are insufficient because they do not foresee all possible cases of user interaction with the institutions. In particular, solutions do not take into account a very important aspect that is offered in different national legal systems, namely, the delegation of identity, by which a citizen can authorize another to act on his/her behalf to access certain services provided by public institutions. In this thesis a collection of contributions that provide solution to different aspects of the aforementioned problems are carried out. The solutions, in global, enable interoperability and identity delegation in some of the Identity Management Systems applied to Public Administration environment. In the case of delegation, a dynamic identity delegation system between generic entities is defined. This system makes it possible to solve the problem of delegated access to telematic services offered by Public Administrations. The proposed solution is based on the generation of a piece of information called delegation token. This delegation token, derived from a Proxy Certificate, allows the establishment of identity delegation by an entity that delegates (delegator) in other entity (delegatee) making use of a subset of delegator attributes. It also establishes restrictions on services that can be used by the delegated entity and the expiry date of delegation. In addition to this, the mechanisms necessary to revoke and check the revocation status of a delegation token are presented. To do this, a solution to univocally identify delegation tokens and the creation of a completely new entity, called Token Delegation Revocation Authority, are proposed. The most remarkable characteristics of the proposed delegation system are its security, enough for it to be used in the Public Administration environment, the fact that it does not require off‐line processes in order to generate the delegation, and the possibility of performing the delegation instantaneously and without neither complex processes nor the intervention of a large number of entities. The proposed delegation token can be completely incorporated into current Public Key Infrastructure (PKI). Thus, since most of the European Public Administrations base their digital identity systems on PKI and X.509 identity certificates, the solution can be adopted in a real environment without great changes or performance modifications. Regarding interoperability, an exhaustive analysis and evaluation of most significant proposals on Identity Management Systems that aim to achieve interoperability carried out in the European Union framework until now are performed. A high level identity management interoperability architecture for Public Administrations is also proposed. This architecture is sufficiently generic to be applied to both pan‐European environment and national, regional or local environments, thus interoperability in identity management at all Public Administration levels is guaranteed. Finally, through the integration of the proposed dynamic identity delegation solution and the high level interoperability architecture, a solution to the problem of identity delegation in a pan‐European identity management environment is suggested, leading to a pan‐European global interoperability architecture with identity delegation support.

Solving identity delegation problem in the e-government environment

At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed.

[access To Basic Health Services And Associated Factors: A Population-based Study].

This study sought to identify factors involved in access to the services of a basic health unit. It is a cross-sectional, population-based study involving 101 randomly-selected families residing in the area covered by the health unit. An adult resident of each household was interviewed. The response variable was whether or not the resident frequented the health unit if he/she or anyone in the family required assistance to resolve a health issue. The independent variables investigated were service provision aspects, demographic and socio-economic characteristics, individual habits, morbidities and use of the health unit. In addition to descriptive and univariate analysis, logistic regression was applied in the multivariate analysis. The results show that access to the basic health unit is associated with the treatment received previously (OR = 3,224) with accessibility (OR = 0,146) and micro-area of residence (OR = 10,918). These findings suggest that access is related to the impressions created by the care received at the health unit and is based on experiences with the service, but can also be strongly modulated by individual aspects and factors related to the territory.

Inequalities in access and utilization of dental services: a cross-sectional study in an area covered by the Family Health Strategy

This cross-sectional study aimed to investigate the presence of inequalities in the access and use of dental services for people living in the coverage area of the Family Health Strategy (FHS) in Ponta Grossa, Paraná State, Brazil, and to assess individual determinants related to them. The sample consisted of 747 individuals who answered a pre-tested questionnaire. Data analysis was performed by chi-square test and Poisson regression analysis, obtaining explanatory models for recent use and, by limiting the analysis to those who sought dental care, for effective access. Results showed that 41% of the sample had recent dental visits. The lowest visit rates were observed among preschoolers and elderly people. The subjects who most identified the FHS as a regular source of dental care were children. Besides age, better socioeconomic conditions and the presence of a regular source of dental care were positively associated to recent dental visits. We identified inequalities in use and access to dental care, reinforcing the need to promote incentives to improve access for underserved populations.

Influence of self-perceived oral health and socioeconomic predictors on the utilization of dental care services by schoolchildren

The influence of socioeconomic factors and self-rated oral health on children's dental health assistance was assessed. This study followed a cross-sectional design, with a multistage random sample of 792 12-year-old schoolchildren from Santa Maria, a city in southern Brazil. A dental examination provided information on the prevalence of dental caries (DMFT index). Data about the use of dental service, socioeconomic status, and self-perceived oral health were collected by means of structured interviews. These associations were assessed using Poisson regression models (prevalence ratio; 95% confidence interval). The prevalence of regular use of dental service was 47.8%. Children from low socioeconomic backgrounds and those who rated their oral health as "poor" used the service less frequently. The distribution of the kind of oral healthcare assistance used (public/private) varied across socioeconomic groups. The better-off children were less likely to have used the public service. Clinical, socioeconomic, and psychosocial factors were strong predictors for the utilization of dental care services by schoolchildren.

Health services performance for TB treatment in Brazil: a cross-sectional study

Background: Researches to evaluate Primary Health Care performance in TB control in Brazil show that different cities aggregate local specificities in the dynamics of coping with the disease. This study aims to evaluate health services' performance in TB treatment in cities across different Brazilian regions. Methods: This cross-sectional study was conducted in five cities that are considered priorities for TB control in Brazil: Itaborai (ITA), Ribeirao Preto (RP) and Sao Jose do Rio Preto (SJRP) in the Southeast; Campina Grande (CG) and Feira de Santana (FS) in the Northeast. Data were collected through interviews with 514 TB patients under treatment in 2007, using the Primary Care Assessment Tool adapted for TB care in Brazil. Indicators were constructed based on the mean response scores (Likert scale) and compared among the study sites. Results: ""Access to treatment"" was evaluated as satisfactory in the Southeast and regular in the Northeast, which displayed poor results on 'home visits' and 'distance between treatment site and patient's house'. ""Bond"" was assessed as satisfactory in all cities, with a slightly better performance in RP and SJRP. ""Range of services"" was rated as regular, with better performance of southeastern cities. 'Health education', 'DOT' and 'food vouchers' were less offered in the Northeast. ""Coordination"" was evaluated as satisfactory in all cities. ""Family focus"" was evaluated as satisfactory in RP and SJRP, and regular in the others. 'Professional asking patient's family about other health problems' was evaluated as unsatisfactory, except in RP. Conclusions: Two types of obstacles are faced for health service performance in TB treatment in the cities under analysis, mainly in the Northeast. The first is structural and derives from difficulties to access health services and actions. The second is organizational and derives from the way health technologies and services are distributed and integrated. Incentives to improve care organization and management practices, aimed at the integration of primary, secondary and tertiary services, can contribute towards a better performance of health services in TB treatment.

The variability and predictors of quality of AIDS care services in Brazil

Background: Since establishing universal free access to antiretroviral therapy in 1996, the Brazilian Health System has increased the number of centers providing HIV/AIDS outpatient care from 33 to 540. There had been no formal monitoring of the quality of these services until a survey of 336 AIDS health centers across 7 Brazilian states was undertaken in 2002. Managers of the services were asked to assess their clinics according to parameters of service inputs and service delivery processes. This report analyzes the survey results and identifies predictors of the overall quality of service delivery. Methods: The survey involved completion of a multiple-choice questionnaire comprising 107 parameters of service inputs and processes of delivering care, with responses assessed according to their likely impact on service quality using a 3-point scale. K-means clustering was used to group these services according to their scored responses. Logistic regression analysis was performed to identify predictors of high service quality. Results: The questionnaire was completed by 95.8% (322) of the managers of the sites surveyed. Most sites scored about 50% of the benchmark expectation. K-means clustering analysis identified four quality levels within which services could be grouped: 76 services (24%) were classed as level 1 (best), 53 (16%) as level 2 (medium), 113 (35%) as level 3 (poor), and 80 (25%) as level 4 (very poor). Parameters of service delivery processes were more important than those relating to service inputs for determining the quality classification. Predictors of quality services included larger care sites, specialization for HIV/AIDS, and location within large municipalities. Conclusion: The survey demonstrated highly variable levels of HIV/AIDS service quality across the sites. Many sites were found to have deficiencies in the processes of service delivery processes that could benefit from quality improvement initiatives. These findings could have implications for how HIV/AIDS services are planned in Brazil to achieve quality standards, such as for where service sites should be located, their size and staffing requirements. A set of service delivery indicators has been identified that could be used for routine monitoring of HIV/AIDS service delivery for HIV/AIDS in Brazil (and potentially in other similar settings).

E-contracting with price configuration for Web services and QoS

The large amount of information in electronic contracts hampers their establishment due to high complexity. An approach inspired in Software Product Line (PL) and based on feature modelling was proposed to make this process more systematic through information reuse and structuring. By assessing the feature-based approach in relation to a proposed set of requirements, it was showed that the approach does not allow the price of services and of Quality of Services (QoS) attributes to be considered in the negotiation and included in the electronic contract. Thus, this paper also presents an extension of such approach in which prices and price types associated to Web services and QoS levels are applied. An extended toolkit prototype is also presented as well as an experiment example of the proposed approach.

Monitoring Services for Industrial Applications

Sao Paulo Research Foundation (FAPESP) in Brazil

Improvement of radiology services based on the process management approach

The health sector requires continuous investments to ensure the improvement of products and services from a technological standpoint, the use of new materials, equipment and tools, and the application of process management methods. Methods associated with the process management approach, such as the development of reference models of business processes, can provide significant innovations in the health sector and respond to the current market trend for modern management in this sector (Gunderman et al. (2008) [4]). This article proposes a process model for diagnostic medical X-ray imaging, from which it derives a primary reference model and describes how this information leads to gains in quality and improvements. (C) 2010 Elsevier Ireland Ltd. All rights reserved.

A New Approach for Video Adaptation through Overlay Services Networks

Video adaptation is an extensively explored content providing technique aimed at appropriately suiting several usage scenarios featured by different network requirements and constraints, user`s terminal and preferences. However, its usage in high-demand video distribution systems, such as CNDs, has been badly approached, ignoring several aspects of optimization of network use. To address such deficiencies, this paper presents an approach for implementing the adaptation service by exploring the concept of overlay services networks. As a result of demonstrate the benefits of this proposal, it is made a comparison of this proposed adaptation service with other strategies of video adaptation.

Towards modular and coordinated manufacturing systems oriented to services

Nowadays, there is a trend for industry reorganization in geographically dispersed systems, carried out of their activities with autonomy. These systems must maintain coordinated relationship among themselves in order to assure an expected performance of the overall system. Thus, a manufacturing system is proposed, based on ""web services"" to assure an effective orchestration of services in order to produce final products. In addition, it considers special functions, such as teleoperation and remote monitoring, users` online request, among others. Considering the proposed system as discrete event system (DES), techniques derived from Petri nets (PN), including the Production Flow Schema (PFS), can be used in a PFS/PN approach for modeling. The system is approached in different levels of abstraction: a conceptual model which is obtained by applying the PFS technique and a functional model which is obtained by applying PN. Finally, a particular example of the proposed system is presented.

Working in public health services in Brazil: The relationship between different rationalities

Success in a public health system is related to its ability to change its production process and to deal with general principles of the health system, such as universality and equity. The frameworks proposed by service marketing scholars have been developed primarily for private services; they focus on acceptance by the targeted client-users, and on the technical specifications of the new service delivery processes. Little attention has been given to the employees` point of view and their activities to maintain service operations modulated by innovation. In a public health system, workers make decisions in real time related to users` needs and the technical specifications of the process; therefore, it is very important to understand how the changes impact on employees` activities and on the quality delivered for citizens. This article discusses how changes implemented in Sao Paulo, Brazil impact the organizational parameters and working activities for front-line workers. (C) 2008 Elsevier Ltd. All rights reserved.

Universal Set-top Box: A Simple Design to Provide Accessible Services

This paper presents the design of a low cost accessible digital television set-top box. This set-top box was designed and tested to the International ISDB-T system and considered the adoption of solutions that would provide accessible services in digital television in the simplest digital television receiver. The accessible set-top box was evaluated regarding the processing and memory requirements impacts to provide the features for accessible services. The work presents also the access services bandwidth consumption analysis(1).