Automated Policy: USE CASE AUTHORING AND MODELING ENVIRONMENT

Lead Institution: Vanderbilt University

Project Leader: Janos Sztipanovits

Research Progress

  • Abstract
    The Use Case Authoring and Modeling Environment provides a web-based graphical modeling environment for user-friendly specification of simple information use and disclosure processes (use cases). The models capture the participating entities, information flows and their characterization in terms of models with rigorous underlying semantics on a common framework with the policy models.

  • Focus of the research/Market need for this project
    Current service models are built on highly complex, hard-to-use business process models where formal semantics are very hard to obtain or do not exist. Their integration with formal policy models is unfeasible.

  • Project Aims/Goals
    The goal was to develop a new use case authoring and modeling environment to support the policy authoring environment and the policy verification tool and with them address the shortcomings mentioned in the previous sections.

  • Key Conclusions/Significant Findings/Milestones reached/Deliverables
    We developed a Use Case Authoring and Modeling Environment for the policy modeling tool suite. This modeling aspect enables the modeler to compose the policy model with the architecture and data flow of the system that policies govern. This composition enables analysis that is not possible using the policies alone. It is possible to perform gap analysis and determine whether the system can support the enforcement of the specified polices. It is also makes possible the simulation of the information flows and use-cases. The UCAME’s interface provides a simple workflow with keeping all the needed functionality at close reach. UCAME’s use case models are an adoption of UML’s use case and data-flow models tailored for easy use in the context of privacy policy verification. On the vertical Axis of the Use Case model are the Actors (top half) and Systems (bottom half) involved the Use Case modeled. The horizontal axis is the timeline of the use case with events. The Documents involved in the use case are contained by the cells of the table defied by the cross product of the actors and the timeline. All artifact types (Actor, System, and Document) are typed and their types are anchored to the underlying ontologies. The Document types also support additional attributes in the form of key value pairs where the values could be either references to artifacts in the Use Case or a reference to an Ontology element.

    Figure 2. A simple use case with creation of a Clinical Document and the disclosure with patient authorization.

    The UCAME tool also provides a functionality to generate executable code using the Generative Integration Tool (GI Tool). The generated code can be used for verification and validation of the Use Case Model and the related policy models. With the help of the GI Tool, the UCAME tool is capable of generating FORMULA code composed from the associated ontologies, policy models and the use case model itself. The FORMULA code is then sent to the POVER engine that determines whether the document request and transfers happen according to the Policies specified.

    We have also completed the development of an ontology library that provides the basic context definition layer for all the templates, models, and import tool. The ontology library uses the emerging standard JavaScript Object Notation for Linked Data (JSON-LD). JSON-LD provides an RDF-like notation for the standard JSON format, and it is being standardized inside of the W3C RDF Working Group.

    The Policy Authoring Environment together with the other tools and libraries that were developed at VU during the SHARPS grant leveraging the results of other parallel research efforts (such as the PolicyForge portal developed under NSF funding) will provide different communities a consistent, widely accessible framework.

  • Materials Available for Other Investigators/interested parties
    Use Case Authoring and Modeling Environment – Available on https://policyforge.org/ as a project add-on tool with documentation in the policyforge help project.

  • Market entry strategies
    PolicyForge.org is an open collaboration website that is similar to the established open source community sites such as SourceForge or GitHUB, but it is specifically tailored for policy formalization. We use the PolicyForge.org website to provide access to the prototype Use Case Modeling Environment. For more information see the Market Entry Strategy for the Policy Authoring Environment.

Bibliography
PolicyForge: A Collaborative Environment for Formalizing Privacy Policies in Health Care
Andras Nadas, Laszlo Juracz, Janos Sztipanovits, Mark E. Frisse, and Ann J. Olsen
Software Engineering in Health Care (SEHC), 5th International Workshop, May 2013

A Model-Integrated Authoring Environment for Privacy Policies
Andras Nadas, Tihamer Levendovszky, Ethan K. Jackson, Istvan Madari, and Janos Sztipanovits
Science of Computer Programming, January 2013

Modeling Privacy Aware Health Information Exchange Systems
Andras Nadas, Mark E. Frisse, and Janos Sztipanovits
The 1st International Workshop on Engineering EHR Solutions (WEES) at Amsterdam Privacy Conference 2012, Amsterdam, the Netherlands; October 2012