The EUBIROD Network

1^st Annual EUBIROD meeting

Dasman Center for Research and Treatment of Diabetes, Kuwait City

Kuwait City, Kuwait, 2^nd-4^th May 2009

Security, Integration and Implementation

P.Beck, Joanneum Research, Austria

First BIRO Academy Residential Course, Kuwait City, Kuwait, 2nd May 2009

The BIRO system includes routines to send aggregate tables towards an automated server, pooling results from all sites and delivering the European Diabetes Report. Such routines must be part of a secure environment that is in charge of safeguarding the BIRO network.

In this presentation, Eng. Peter Beck, a senior software engineer from Joanneum Research, describes the information flow used for secure communication in BIRO. The Consortium has regarded web services as the most suitable approach for communications. Several protocols/standards have been selected for the scope. SOAP, a lightweight protocol intended for exchanging structured information in a decentralized, distributed environment, has been adopted for its use of XML technologies to define an extensible messaging framework, providing a message construct that can be exchanged over a variety of underlying protocols.

Peter describes how the BIRO framework has been designed to be independent of any particular programming model and other implementation specific semantics. The web service allows to support interoperable machine-to-machine interaction over a network. It provides a standard means of interoperating between different software applications, running on a variety of platforms and frameworks.

In particular, Peter Beck explains why Apache Axis2 was considered as the most suitable and reliable product: it is a core engine for creating web services and transmitting SOAP messages according to the implementation of the W3C’s SOAP submission, and a fully consistent open-source framework written in Java and licensed under the Apache Software License.

In terms of security, BIRO adopts Apache Rampart for its possibility to integrate OASIS’ WSS-specification in Apache Axis2. From the point of view of Service Provider and Service Requester, the communication software adopts the Public Key Infrastructure as a term used for a framework that enables secure exchange of information based on public key cryptography. By this means, the system allows identities (of people, organizations, etc.) to be bound to digital certificates and provides a means of verifying the authenticity of certificates. It encompasses keys, certificates, public key encryption, and trusted Certification Authorities who generate and digitally sign certificates.

The above solutions have been implemented in the form of Java libraries that are distributed and fully integrated with the current release of the BIRO software. In the future, bidirectional communication between the central and local sites will be ensured through appropriate solutions, that will require more meta-data related to communication. These developments are part of a new plan for the continuation of the program.