Secure Access Control Realization Based on Self-Sovereign Identity for Cloud CDM

Abstract

Public healthcare has transformed from treatment to preventive care and disease management. The Common Data Model (CDM) provides a standard data structure defined to utilize hospitals’ data. Digital identity takes a significant role as the body of information about an individual used by computer systems to identify and establish trust among organizations. The CDM research network, composed of users handling medical information, has several digital identities associated with their activity. A high central authority cost can be reduced by Distributed Ledger Technology (DLT). It enables users to control their identities independently of a third party. To preserve the privacy of researchers in clinical studies, secure identification is the main concern of identifying the researcher and its agents. To do so, they should pose a legally verifiable credential in the cloud CDM. By presenting the proof represented by the capability that the user has, each identity has access control that is linked to an authentication credential that the cloud CDM can verify. Assurance in one’s identity is confirmed by asserting claims with the identity and its capability, providing its verifiable credential to the authentication entity in the cloud CDM. This paper describes the user-centric claim-based identity operation model based on use cases to handle researcher identity in the cloud CDM. In this model, credentials are designed as a capability and presented to them to access SPs in the cloud CDM. To provide well-controlled access control in the cloud CDM, we build and prototype a capability based CDM management system.