The paper ‘Exploring the Enforcement of Private, Dynamic Policies on Medical Workflow Execution’ presents ongoing work in adapting Brane, a workflow execution framework, for use cases involving privacy-sensitive medical data. Brane is extended with a new policy interface, letting each organisation control the way Brane uses their resources at a fine granularity.
Under the hood, automated services create, cryptographically sign, and share meta-data about who authorises what. This ensures that authorisations can always be traced back to their source, for example, to enable auditing the system’s good behaviour.
The research explores two important questions. Firstly, what are the details of this policy interface? For this, each organisation expressed their requirements to Brane in the form of formally-specified policies, whose meaning is understood by both human users and automated services.
Secondly, what if the policies themselves contain sensitive data? The researchers let each organisation decide how to balance keeping their policies private, with cooperating in Brane’s execution.
Click on the button to know more.