COAST Services: Achieving Service Customization and Policy-Based Differential Access in Personal Information Systems
- Author(s): Baquero Merino, Alegria
- Advisor(s): Taylor, Richard N.
- et al.
People and organizations constantly exchange personal information such as health data. However, the use and exchange of this information poses two salient challenges. First, trust among data users and providers is not homogenous, but data is supplied according to individual authority and rights. Second, people and organizations use this data for uncountable and often divergent purposes. State-of-the-art web services are rigid, "one-size-fits-all" solutions that do not meet all users' needs nor allow providers to distinguish among users. This tension between information need and service provision calls for sophisticated mechanisms to simultaneously enable customization and service access based on specific trust relationships. Our goals are twofold: first, enable differential access to a provider's services--data and computation capability--according to privacy and operational policies. Second, enable consumer-controlled service customization to access and computationally manipulate data to fulfill specific needs within the authority granted by the provider. Our approach leverages the COAST architectural style's principles and implementation mechanisms and the Rei policy language. The context of our work is decentralized information systems, where constituent personal services operate under multiple, distinct authorities. We evaluate our approach in the context of the healthcare domain and present COASTmed, an EHR management system prototype which exhibits the proposed solutions to the described challenges.