Cloud-based Identity and Access Control for Diagnostic Imaging Systems

The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Migrating DI systems to cloud platform is cost-effective and improves the quality of DI services. However, a major challenge is managing the identity of various participants (users, devices, applications) and ensuring that all service providers offer equivalent access control in cloud ecosystem. In this paper, we propose an access control infrastructure for secure diagnostic image sharing among Diagnostic Imaging Repositories and heterogeneous PACS (Picture Archiving and Communication Systems) in cloud. We utilize an open standard “OpenID Connect” to provide user-centric Single Sign-On solution, and present the extensions for integrating with patient consent directives and system access control policies. Through combining with the dominant access control model XACML in existing DI systems, the extended OpenID Connect authorization server can provide fine-grained access control. Keywords-diagnostic imaging; cloud; federated identity; access control; OpenID Connect; XACML.