1. PortalSecurity-1 CSE 5810 Collaborative Portal Security Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department The University of Connecticut 371 Fairfield Road, Box U-1155 Storrs, CT 06269-1155 steve@engr.uconn.edu http://www.engr.uconn.edu/~steve (860) 486 - 4818

2. PortalSecurity-2 CSE 5810 Security for Collaborative Web Portals  Collaborative Portals Rapidly Emerging as Means for Communication, Interaction, and Problem Solving over Distances  SourceForge MediaWiki  Microsoft Sharepoint  phpBB  Security Model and Enforcement Often Lacking  Consider WIKIs  Anonymous Users (Read Only)  Registered Users (Full Write Access)  Result: No Guarantee of Data Correctness  Need to Transcend Simplistic Approach for Application Level, Document Level (Author/View), and Look-and-Feel of Portal Itself

3. PortalSecurity-3 CSE 5810 What is a WIKI?  Repository for Information that Accessible to All  Collaborative Platform  Content Contribution/Creation/Modification  Document Authoring  Historical Tracking of Actions  Shared Platform to Facilitate Information Exchange, Joint Efforts, etc.  Runs in Web Environment (Browser) – No Software to Install  Limited Security: User Accounts/Passwords

4. PortalSecurity-4 CSE 5810

5. PortalSecurity-5 CSE 5810

6. PortalSecurity-6 CSE 5810

7. PortalSecurity-7 CSE 5810

8. PortalSecurity-8 CSE 5810 http://www.mediawiki.org/wiki/MediaWiki MediaWiki underlies WikiPedia

9. PortalSecurity-9 CSE 5810 MediaWiki from SourceForge

10. PortalSecurity-10 CSE 5810 A Wiki for Accreditation

11. PortalSecurity-11 CSE 5810 Creating an Account

12. PortalSecurity-12 CSE 5810 Viewing the Main Page

13. PortalSecurity-13 CSE 5810 Uploading Documents

14. PortalSecurity-14 CSE 5810 Creating and Modifying Content

15. PortalSecurity-15 CSE 5810 Viewing the Historical Record

16. PortalSecurity-16 CSE 5810 Customized Searching

17. PortalSecurity-17 CSE 5810 Uploading Images

18. PortalSecurity-18 CSE 5810 Problems with MediaWiki and Others  Not Very User Friendly, Particularly for Non- Computer Savvy Population  Difficult to Customize with Specialized Features and Capabilities beyond Basic Look and Feel Changes  Security Limited to User/Password Combinations  Everyone can do Anything  Set up as Shared and Collaborative for All  No Control on Incorrect Content Being Uploaded  Addition of Security Violates General WIKI Concept of Open and Available to All

19. PortalSecurity-19 CSE 5810 Current R&D on WIKIs  Led by Serebrum (www.serebrum.com) www.serebrum.com  Developing AXON WIKI with Capabilities that include:  Content Creating Editing (WYSISYG)  Document Publishing (Web, PDF, RTF)  Document Distribution (Email, Print, Fax)  Mobile Access (Limited with BlackBerry)  Security  Role-Based Access Control to Define Privileges  For Example, Physician, Provider, Patient, Clinical Researcher, etc.  Full Collaborative Environment

20. PortalSecurity-20 CSE 5810 Usage of Axon in Safety.Net  Used by Project Team (PIs, Co-PIs, Providers, etc.)  Repository for Planning Effort  Upload, Create, Review, Modify Documents  Allows Safety.Net Team to Familiarize Themselves with WIKI Technology/Web Portals  No Software to Install  Problems with Off-the-Shelf Product (MediaWiki)  Customization Time Consuming (and Limited)  Security Minimal – but Acceptable for this Use (Can’t store any Patient Related Information)  Limited User Friendliness May Result in Poor Opinion of Web Technology

21. PortalSecurity-21 CSE 5810 Usage of WIKIs in Safety.Net  Another Alternative – Use AXON Product  Still Web Solution (No Software to Download)  Professional Developers  Customize AXON for Use on Project  Multi-Pronged Approach  Start with AXON for PIs, Co-PIs, Providers as Means to Support the Grant  Explore the Potential Usage/Extensions of AXON to Support Patient Access to Health Care Data  Synergistic Teams (Serebrum, UCHC, UConn CSE) Submit Phase I Grants for Funding  In-Kind Software Contribution/Pay for Customization  Work Currently Funded

22. PortalSecurity-22 CSE 5810 Potential Usage of WIKIs in CTSA  Use of AXON as Enabling Technology for the Grant  Web-Based and Hand-Held Interfaces  Customization for Biomedical Informatics  Platform for  Clinical Research (Recruit Patients, Providers, etc.)  Information Dissemination (Newsletters, etc.)  Architectures and Solutions for  Integration with Healthcare Systems (EMR, EHR)  Security and HIPPA Compliance  XML Standards for Health Data  Document Extensions (Medical Images)  Visualization Extensions (Data Mining)  Going Independent Route for Team Project

23. PortalSecurity-23 CSE 5810 A First Snapshot of AXON

24. PortalSecurity-24 CSE 5810 A First Snapshot of AXON Infolet – Piece of Information that can be Easily Created, Edited, Classified, etc.  Infolets organized into Accordions (US Travel, Project Brainstorm, etc.)  For Our Purposes – HIT Related Topics

25. PortalSecurity-25 CSE 5810 A First Snapshot of AXON  Accordions Contain a Topic Topics  Parent Topics, Child Topics, GrandChild Topics  Customizable Based on Domain  PHR: Parent Topics of: History, Meds, Visits, etc.  Each Topic has Document (Editable) and Attached Documents  The Topic Tree is Customizable by User/Role so that Different Information visible to Different Users This is an editable document associated with the Selected Topic Docs can be Images, Word, PDF, anything…

26. PortalSecurity-26 CSE 5810 Other AXON Features  Intended to be Fully Fledged Collaborative Tool  Work Over Distance Full-text search Easy Content Creation Hierarchical topic tree Integrated CMS + DMS History + Audit Trail

27. PortalSecurity-27 CSE 5810 Editing Topic Documents  For Each Topic,Associated Document can be Created/Edited with Full WYSISYG editor  Other WIKIs Don’t have this Capability  Extending this to Spreadsheet Creation  Word-like Interface for Document Creation and Modification

28. PortalSecurity-28 CSE 5810 Other AXON Features  This allows Documents to be Assembled  From Topic Down  Combines Docs  Creates New Doc  This is the WIKIBerry Interface  Limited Access  View and Edit Content  Synchs with Server

29. PortalSecurity-29 CSE 5810  Grayed Boxes (Elicitation Toolkit and Ontology) are Application Dependent/Customizable Architecture Promotes Customizability

30. PortalSecurity-30 CSE 5810 Security Concepts and Permissions in Axon  A user is identified by:  Username (unique), userid (unique),  User duration (userstarttime and userendtime that the user is active).  A role can be defined for any capability  Standard roles: guest, author, manager, admin  For each role, there is a list of allowable topics  A user associated with one or more roles in axon  User authenticated (user name, password)  User selects from list of authorized roles a set of  Axon customizes itself based on the chosen role using the permissions stored in the database  Able to change roles during a session.  Multiple separate sessions each with its own role.

31. PortalSecurity-31 CSE 5810 Security Concepts and Permissions in Axon  To isolate user from role: group abstraction  Each User is the member of one or more Groups  Group is identified by: GroupName (unique), GroupID (unique), and Group duration (GroupStartTime and GroupEndTime  Users in multiple groups and have multiple roles  Each group can have zero or more users  Active Session for a User limits the User to a particular Group  Active Session for a User limits the User to a particular Group  From a security perspective (see next slide):  Permissions will be assigned to Roles  Roles will be assigned to Users/Groups  Users/Groups will be assigned to Accordions.

32. PortalSecurity-32 CSE 5810

33. PortalSecurity-33 CSE 5810 Current AXON Main Scren

34. PortalSecurity-34 CSE 5810 Other Important Concepts  A Project contains multiple Accordions  E.g. US Travel, Brainstorm, EGuru, and Report  For Each Accordions, a Topic Tree, a Document List, and an Index is maintained  Each Accordion can have one or more Users,  Each Accordion can have zero or more Groups  University Accordions: Just like Peoplesoft  Faculty, Student, Grad Program Director  Faculty Accordion (corresponding to the Faculty Role) would have Record Grade, Permission Numbers, Advisee List, and other Child Topics  PHR Accordions:  Patient History, Education Materials, Appointments, etc.

35. PortalSecurity-35 CSE 5810 Other Important Concepts  The Topic Tree contains three levels of parent, child, and grandchild topics:  Each topic in this tree is associated with exactly one xhtml page.  Each topic in this tree is associated with zero or more documents of all types (Word, PPT, PDF, GIF, etc.).  The DOCS tab contains a list of documents. specifically, for the selected topic - all documents for the topic and its descendants are shown.

36. PortalSecurity-36 CSE 5810 Axon Permissions  Basic Topic Tree Permissions  Each Role can have one or more topics  Each Group can have zero or more topics  Each Accordion can have zero or more topics  Upon Successful Login, the Accordions for a User in a Group with a Role are Displayed  Advanced Topic Tree Permissions:  View Means that the User has permission to View the xhtml page associated with that topic  Edit Means that the User has permission to modify, delete, update, etc., the xhtml page associated with that topic

37. PortalSecurity-37 CSE 5810 Axon Permissions  Edit/History Permissions  Edit having a value of Yes means the Edit button is enabled  If the Topic Tree has a Permission of Edit for a Topic, then the permission for the Topic Button Edit should be set to Yes.  History View and History Rollback are assigned on a Yes/No basis to each Role.  Button Permissions:  Buttons: Global Menu for Hide, History, Import, Export, Email, Fax, and Print.  Permissions are Yes/No on a role-by-role basis. No means that the associated ICON doesn’t appear

38. PortalSecurity-38 CSE 5810 Axon Permissions Axon Permissions  Topic Icon Permissions: Five Icons are:  New Topic to Create a new Topic  Copy to Make a Copy of an Existing Topic  Paste to Paste a Copy of an Existing Topic  Rename to Change the Name of a Topic  Archive to Store a new Version of the xhtml page associated with the topic  Permissions are Yes/No on a role-by-role basis. No means that the associated ICON doesn’t appear

39. PortalSecurity-39 CSE 5810 Axon Permissions  Document Permissions  View: Open Document (word, PPT, etc.) with associated desktop viewer but do not save changes.  Add: Be able to Import a Document  Replace: Be able to Substitute a new Document for an Existing Document  Replace is really "Substitute this new document while saving all versions of the old one."  Archive: Transition a document to being "logically offline" as it exists at that point in time and remove it from the list of active documents  Users will not be able to view the archived documents.  An Administrator has the authority to restore archived documents if required

40. PortalSecurity-40 CSE 5810 Realizing RBAC in Axon  Combination of LDAP and Custom RBAC  Lightweight Directory Access Protocol Tracks Directory Info on Users/Sessions  Customize via RBAC Look and Feel (prior slides)  Other Technologies Possible  XACML – Web Services Policy Constraint Lang.  Different Implementations Available  Not Mature as yet  Bandit Role Engine  RBAC based on NIST and Sun’s XACML  Limited Functionality  Our Approach – Custom, Relational DB Solution with Enforcement Built into Axon

41. PortalSecurity-41 CSE 5810 UML ER Diagram

42. PortalSecurity-42 CSE 5810 Relational Database Tables for RBAC  Top Level Tables: ProjectInfo AccordionInfo ProjectAccordions  Top Level Tables: ProjectInfo AccordionInfo ProjectAccordions  Master Tables: All Projects, Accordions, and P-A  Topic/Subtopic Tables: Topic SubTopic1 SubTopic2  Topic/Subtopic Tables: Topic SubTopic1 SubTopic2  Master Tables for All Parent, Child, and Grandchild Topics

43. PortalSecurity-43 CSE 5810 Relational Database Tables for RBAC  Versions: TopicVersion  Versions: TopicVersion  Different Versions of xhtml Page for Each Tree Entry  Attachments: Attachment AttachmentVersion  Attachments: Attachment AttachmentVersion  Various Attachments (Documents –Word, PPT, etc.) Associate with Each Topic + Versions

44. PortalSecurity-44 CSE 5810 Relational Database Tables for RBAC  Permissions: UserInfo PermissionInfo GroupInfo RoleInfo UserGroupAuthorization UserRoleAuthorization  Permissions: UserInfo PermissionInfo GroupInfo RoleInfo UserGroupAuthorization UserRoleAuthorization  The User, Roles, Groups, and their Permissions

45. PortalSecurity-45 CSE 5810 Relational Database Tables for RBAC  Authorizing Topics to Users, Groups, and Roles  Authorization – Option A: TopicUserAuth TopicGroupAuth TopicRoleAuth  Authorization – Option A: TopicUserAuth TopicGroupAuth TopicRoleAuth  Authorization – Option B: TopicAuth  Authorization – Option B: TopicAuth

46. PortalSecurity-46 CSE 5810 Relational Database Tables for RBAC  Wiki Look and Feel Authorization: WikiLookandFeelAuthorization Widget WidgetPrivilegeType  Wiki Look and Feel Authorization: WikiLookandFeelAuthorization Widget WidgetPrivilegeType  Tracking the Different Widgets and their Availability based on Role

47. PortalSecurity-47 CSE 5810 Sample Table Entries

48. PortalSecurity-48 CSE 5810 Concluding Remarks: Portal Security  Expand WIKI Security Beyond Coarse Grained  Transition and Generalize to Web Portals  Security for:  Application Level  Document Level  Portal Look-and-Feel  Truly Collaborative and Secure  Other Work  Extending Axon with MAC (Navy SBIR)  Dealing with Delegation, Separation of Duty, etc.  Leveraging the Concepts for Team Project