Sabiá: arquitetura integrada de autenticação e autorização de dados orientada ao consentimento do usuário para ecossistemas de aprendizagem em saúde no Brasil

Abstract

Health information systems in Brazil have been designed and developed in a heterogeneous manner, besides taking as a base local regional characteristic, resulting in a lack of information integrity. In this context, the Brazilian Ministry of Health pointed out the need for interoperability solutions of Health Information Systems, noting the importance of integration with national databases and alignment with Brazilian data protection laws as well its application in education to aid with continuing Education for healthcare professionals. Therefore, this work presents Sabiá, a platform for authentication, authorization and data delivery, based on user consent for Health Information Systems in Brazil and currently applied in the context of educational ecosystems in this area. Sabiá’s architecture is designed to achieve the following requirements: R1) provide a Federated Identity; R2) be a federated resource manager; R3) collect user data from different Information Systems and; R4) deliver user data to systems based on user consent. Sabiá consists of three main components: 1) Sabiá Authorization Server, responsible for implementing Open Authentication; 2) Sabiá Coletor, responsible for collecting data from different Information Systems and; 3) Sabiá Resource Server, responsible for delivering data previously authorized by the users to the systems. After analyzing historical data, R4 functionality was selected to be submitted to performance tests because it is the process that most affects overall system performance. The tests aimed at analyzing Sabiá’s behavior in the heaviest scenario – based on historical data. The results showed no flaws and indicated system stability, consistency and performance, in which the user perceives a system reaction instantaneous, whose response time averages remained below 100 milliseconds.