Objective: To address database interoperability challenges to improve collaboration among disparate organizations.
Materials and methods: We developed a lightweight system to allow broad but well-controlled data sharing while preserving local data protection policies. We used 2 NIST-developed technologies-Next-generation Database Access Control (NDAC) and the Data Block Matrix (DBM)-to create a proof-of-concept system called the Secure Federated Data Sharing System (SFDS). NDAC controls access to database resources down to the field level based on attributes assigned to users. The DBM manages and shares authoritative user-attribute assignments across a federation of organizations, implemented using a modified open-source permissioned blockchain, to manage and share authoritative user-attribute assignments across a federation of organizations. We used synthetic data to demonstrate a clinical research data-sharing use case using the SFDS.
Results: We demonstrated, through consent, the onboarding of previously unknown users into NDAC via assignments to their DBM-validated attributes, allowing those users policy-preserving access to local database resources. The SFDS main system components-NDAC and DBM-also showed excellent performance metrics.
Discussion: The SFDS provides a generic data-sharing infrastructure that effectively and securely achieves data-sharing objectives. It is completely transparent to the otherwise normal business operations of participating organizations. It requires no changes to database management systems or existing methods of authenticating and authorizing local user access to local resources.
Conclusion: This efficiency, flexibility of deployment, and granularity of control make this new infrastructure solution practical for meeting the data-sharing and protection objectives of the clinical research community.
Keywords: access control; data sharing; distributed ledgers; privacy; security.
Published by Oxford University Press on behalf of the American Medical Informatics Association 2024.