Identity Management in E-Health: A Case Study of Web of Things application using OpenID Connect Marlon Cordeiro Domenech, Eros Comunello and Michelle Silva Wangham Laboratory of Embedded and Distributed Systems and 4Vision Lab University of Vale do Itajaí – Florianópolis, Brazil {marloncdomenech, eros.com, wangham}@univali.br Abstract—Providing identity management (IdM) in the scene of Web of Things (WoT) is an important requirement to ensure protection of user data made available or consumed by the medical devices in WoT. This work aims to purpose the use of a user-centric IdM system in an ambient assisted living (AAL) environment in the WoT scenario. The IdM system is based on OpenID Connect that attends some of the main security requirements of an AAL environment. I. I NTRODUCTION Population growth have required a more broad and effi- cient health system [1]. It should be noted the need of new technological solutions to take care the increasing number of people with chronic illness or elderly with frail health [2]. In this sense, the concept of ambient assisted living (AAL) became interesting because it covers whole medical assistance to patients in their houses, trying to keep them independent of the health infrastructures, like hospitals [2], [3]. Enabling technologies for AAL communications include ubiquitous computing, wireless communication, and intelligent user interfaces. These technologies can be specially adapted to the different health conditions of the patients [2]. AAL has a strong relationship to “Ambient Intelligence”, which is one technology leading to the Internet of Things (IoT)[3]. The IoT concept covers a hardware, software and services infrastructure that connect physical objects to the Internet [4]. The IoT is supposed to being capable of providing all characteristics necessary for an AAL environment. The possibility of having low-cost devices monitoring patient’s health condition in real time contributes for making possible AAL. The integration with cloud services is facilitated, due to the full connectivity of these devices with the Internet [4]. An important concept in the IoT scenario is the Web of Things (WoT). The WoT aims the interaction among IoT devices using Web protocols. It facilitates the communication among devices and other Internet applications [5]. A way to permit this interaction is through the use of RESTful web ser- vices. Such web services follow the REST (REpresentational State Transfer) architectural principles. The characteristics of the web make it a good choice for sharing health information in an interoperable and friendly way with the patient and professionals involved in his/her treatment. The technological development of AAL solutions has raised questions about the patient’s right to privacy. In the cases that the distribution of health information is necessary, the patients must be consulted beforehand [6]. Due to the sensitive nature of medical data, it must be accessed just by the patient and those people who are directly involved in his/her treat- ment. Consequently, appropriate security mechanisms must be provided. Such mechanisms must provide privacy while they allow data access just for authorized people [7]. In an AAL environment, services embedded in medical devices (cyber-physical systems - CPSs) need to ensure sev- eral security requirements, due to the high sensitivity of the information and due to the exposure of the devices on the Internet [8], [9]. In these environments, it is necessary to provide device and user authentication. It is also necessary to provide access control to the information that is going to be consumed or offered by the devices [10]. A way to provide such mechanisms is through the use of an Authentication and Authorization Infrastructure (AAI). An AAI makes it possible to provide Identity Management (IdM) [11] in an AAL environment. IdM is the set of processes and technologies used to guarantee (i) the identity of an entity or a device, (ii) the quality of identity information (identifiers, credentials and attributes) and (iii) for providing authentication, authorization and audit services [12]. In this paper, we describe the use of user centric IdM system in an AAL environment in the WoT scenario. In the proposed solution, the OpenID Connect framework is used to authenticate users and devices and to establish the trust relationships among users and other entities. The remainder of this paper is structured as follows. The Section II reviews some concepts relating to IdM and IoT. The Section III presents some related works. The use of OpenID Connect with the e- health application is presented in the Section IV. The Section V presents a case study and Section VI concludes the paper. II. BACKGROUND This section presents the main concepts and technologies related to the research problem and to the proposed solution. A. Identity Management in E-Health systems An IdM system has three main entities [13]: (i) Iden- tity Provider (IdP), responsible for generating identities, for maintaining user information and for authenticating users; (ii) Service Provider (SP), which offers resources and services to users; and (iii) the user or device, the entity that uses a service and needs to be authenticated. IdM systems follow models classified as traditional, cen- tralized, federated and user-centric [13]. In the traditional model, the SP operates as both SP and IdP. In this model 2014 IEEE 16th International Conference on e-Health Networking, Applications and Services (Healthcom) 978-1-4799-6644-8/14/$31.00 ©2014 IEEE 158