Secure links are an extension of Context Management Architecture support for common links. In a Secure Link common context system, only applications and agents with access privilege can get or set context data of a secure subject.
The Context Management Architecture support for secure links leverages the interfaces that were defined in common links and leaves them unchanged. Additional security related interfaces are defined to support secure links. The additional interfaces are SecureContextData and SecureBinding interfaces. The SecureContextData interface is modeled after the common link's ContextData interface. The SecureBinding allows establishment of trusted relationships between participant applications and context components. The ContextAgent interface is used to establish trusted relationship between context manager and context agents. The necessary security is achieved by adding capabilities to establish a “chain of trust” among the Secure Link enabled applications and associated CMA components and adding the ability to securely communicate context throughout the common context system. Secure Link-enabled applications and CMA components mutually authenticate their interactions to safe guard context data from unpasteurized access. Secure mapping agents and secure annotation agents also have to implement the CMA security policies and secure interfaces defined to implement secure links necessary to participate in a secure link context system.
The context subject definition can indicate whether or not a subject is a secure subject. When subject is marked as secure, context manager will only allow applications with proper access privilege to get or set context data for the subject. If the subject is not marked secure, any context participant can get or set the context data for the subject (e.g. the case of common link).
When the subject data definitions are set to “Secure subject, authenticated gets and sets”, the context manager allows applications and agents with appropriate privileges to get or set the subject’s context data. When data definitions is set to “Secure subject, authenticated sets only”, the context manager only allows applications and agents with appropriate privileges to set the subject’s context data. It is the context manager’s responsibility to prevent unauthorized applications and agents from getting or setting secure context data. Any application can set the user subject to empty. This is because setting the user subject to empty will allow any application to log a user off from all User Linked applications that are participants in a context session.
In addition to context management interfaces for common links, a context manager implements SecureBinding and SecureContextData interface. An application must establish a secure communication binding using SecureBinding interface before using the SecureContextData interface. The process for performing a context change transaction to set a secure context is essentially the same as the process for common subjects. A context manager implementation-specific configuration process designates, on a per subject basis, which applications can set and get the items for subjects.
The secure link architecture allows an institution to ensure only authorized users are allowed to access to a common context system and can implement single sign-on capability for a clinical desktop.