Sabiá: Integrated Architecture for Authentication and Data Authorization Oriented to User Consent for Health Learning Ecosystems in Brazil
Authentication, authorization, user consent, health information systems, interoperability.
Health information systems in Brazil have been designed and developed in a heterogeneous manner based on local regional characteristics, resulting in a lack of health information integrity. In this context, the Brazilian Ministry of Health pointed out the need for interoperability solutions of health information systems, noting the importance of integration with national databases and alignment with Brazilian data protection laws as well its application in education to aid with continuing education for health professionals. Therefore, this work presents Sabiá, a platform for authentication, authorization and data delivery based on user consent for health information systems in Brazil and currently applied in the context of health educational ecosystems. Sabiá's architecture is designed to achieve the following requirements: R1) Provide a Federated Identity; R2) Be a Federated Resource Manager; R3) Collect user data from different information systems and; R4) Deliver user data to systems based on user consent. Sabiá consists of three main components: 1) Sabiá Authorization Server, responsible for implementing Open Authentication; 2) Sabiá Collector, responsible for collecting data from different information systems and; 3) Sabiá Resource Server, responsible for delivering data previously authorized by the user to the systems. After analyzing historical data, R4 functionality was selected to be submitted to performance testing because it is the process that most affects overall system performance. The tests aimed at analyzing Sabiá's behavior in the heaviest scenario based on historical data. The results showed no flaws and indicated system stability and consistency, in which the user perceives a system reaction instantaneous, whose response time averages remained below 100 ms.