Table 2.
Security requirements for different image sharing topologies
| Requirements | Central repository and distributed security | Distributed repository and central security | Distributed repository and distributed security | |
|---|---|---|---|---|
| Data transformation | De-identification | Need consistent de-identification approach | Need consistent de-identification approach | |
| Research identifier | Need global identifier | Need global identifier | ||
| Privacy preserving transformation | Consistent transformation | Consistent transformation | ||
| Encryption | Encryption by each repository using same mechanism | Encryption by each repository using same mechanism | ||
| Signature | Signature for each repository | Signature for each repository | ||
| Honest Broker | Consistency between brokers critical | Consistency between brokers critical | ||
| Infrastructure | Policy management | Consistent policies in different systems and coordinate different systems | Consistent policies in different systems and coordinate different systems | |
| User identity management | Each organization manages own users | Each organization manages own users | ||
| User role and attribute management | Cross-institutional roles important | Cross-institutional roles important | ||
| Authentication | Authentication against local identity provider. Security token needs to be acceptable by all | Authentication against local identity provider. Security token needs to be acceptable by all | ||
| Audit log management | Log may need to be managed by and potentially replicated at multiple sites. Log mining would require accessing multiple log repositories | Log may need to be managed by and potentially replicated at multiple sites. Log mining would require accessing multiple log repositories | ||
| Trust management | Critical to have well established trust fabric between security components | Critical to have well established trust fabric between security components | ||
| Data access and movement | Authorization | May need to combine multiple authorization policies | Each repository needs to enforce authorization | May need to combine multiple authorization policies. Each repository needs to enforce authorization |
| Delegation | ||||
| Audit logging | May need to log to multiple log management services | May need to log to multiple log management services | ||
| Non-repudiation | ||||
| Transmission protection |