Smart Cities are complex distributed systems which may involve multiple stakeholders, applications, sensors, and IoT devices. In order to be able to link and use such heterogeneous data, spatial data ...infrastructures for Smart Cities can play an important role in establishing interoperability between systems and platforms. Based on the open and international standards of the Open Geospatial Consortium (OGC), the Smart District Data Infrastructure (SDDI) concept integrates different sensors, IoT devices, simulation tools, and 3D city models within a common operational framework. However, such distributed systems, if not secured, may cause a major threat by disclosing sensitive information to untrusted or unauthorized entities. Also, there are various users and applications who prefer to work with all the systems in convenient ways using Single-Sign-On. This paper presents a concept for securing distributed applications and services in such data infrastructures for Smart Cities. The concept facilitates privacy, security and controlled access to all stakeholders and the respective components by establishing proper authorization and authentication mechanisms. The approach facilitates Single-Sign-On (SSO) authentication by a novel combination in the use of the state-of-the-art security concepts such as OAuth2 access tokens, OpenID Connect user claims and Security Assertion Markup Language (SAML). An implementation of this concept for the district Queen Elizabeth Olympic Park in London is shown in this paper and is also provided as an online demonstration. Such access control and security federation based realization has not been considered in spatial data infrastructures for Smart Cities before.
Multi-cloud adaptive application provisioning can solve the vendor lock-in problem and allows optimising user requirements by selecting the best from the multitude of services offered by different ...cloud providers. To this end, such provisioning type is increasingly supported by new or existing research prototypes and platforms. One major concern, actually preventing users from moving to the cloud, comes with respect to security, which becomes more complex in multi-cloud settings. Such a concern spans two main aspects: (a) suitable access control on user personal data, VMs and platform services and (b) planning and adapting application deployments based on security requirements. As such, this paper addresses both security aspects by proposing a novel model-driven approach and architecture which secures multi-cloud platforms, enables users to have their own private space and guarantees that application deployments are not only constructed based on but can also maintain a certain user-required security level. Such a solution exploits state-of-the-art security standards, security software and secure model management technology. Moreover, it covers different access control scenarios involving external, web-based and programmatic user authentication.
Multi-cloud adaptive application provisioning can solve the vendor lock-in problem and allows optimising user requirements by selecting the best from the multitude of services offered by different ...cloud providers. To this end, such provisioning type is increasingly supported by new or existing research prototypes and platforms. One major concern, actually preventing users from moving to the cloud, comes with respect to security, which becomes more complex in multi-cloud settings. Such a concern spans two main aspects: (a) suitable access control on user personal data, VMs and platform services and (b) planning and adapting application deployments based on security requirements. As such, this paper addresses both security aspects by proposing a novel model-driven approach and architecture which secures multi-cloud platforms, enables users to have their own private space and guarantees that application deployments are not only constructed based on but can also maintain a certain user-required security level. Such a solution exploits state-of-the-art security standards, security software and secure model management technology. Moreover, it covers different access control scenarios involving external, web-based and programmatic user authentication.
•FLAG induction produces 70% overall response rates in secondary AML.•Induction mortality rate was 3% and duration of neutropenia was shorter with FLAG.•FLAG induction allowed half of all patients to ...proceed to consolidation therapy.•FLAG represents a highly effective, lower-cost approach to treating secondary AML.
Patients with secondary acute myeloid leukemia (sAML) have poor outcomes, with CR/CRi rates of 25–35% with standard 7 + 3 induction chemotherapy, while single center non-comparative analyses suggest promising outcomes with FLAG. We conducted a single-center, retrospective cohort study assessing outcomes in treatment-naïve patients with sAML treated with fludarabine, high-dose cytarabine, and granulocyte colony-stimulating factor (FLAG, n = 40) compared with 7 + 3 (n = 66). Median patient age was 63 years (range: 27–82) in the FLAG group and 60 years (range: 21–76) in the 7 + 3 group (P = 0.968). Patients treated with FLAG achieved higher overall response rates (CR + CRi + MLFS) compared to 7 + 3 (70% vs. 48%, P = 0.043). FLAG was well tolerated, with only one induction death (30-day mortality rate, 3% vs. 8%, P = 0.405) and no cases of cerebellar toxicity. Duration of neutropenia was significantly shorter with FLAG (median 16 vs. 23 days, P < 0.001). Half of the FLAG-treated patients proceeded to consolidative therapy compared with only 27% of those who received 7 + 3 (P = 0.022). Overall survival was comparable between groups (8.5 mos, FLAG vs. 9.1 mos, 7 + 3; P = 0.798). Thus, FLAG may represent a low-cost treatment strategy in sAML that produces higher response rates and promising survival outcomes with minimal treatment-related toxicity. Further studies are required to prospectively compare FLAG to the newly FDA-approved CPX-351 in sAML.
Academic libraries need a reliable, secure, and easy to manage authentication system to verify campus users. Until early 2021, Buswell Library of Wheaton College provided authentication for ...electronic collections using EZproxy for on- and off-campus access. During 2020, Buswell Library was given the opportunity to trial OpenAthens to see if authentication through SAML and SSO might be a better fit for the Wheaton College campus. This article will explore the two authentication methods and the pros and cons of each. In addition, the migration process and management of the two systems will also be discussed.
The Paul Meek Library at the University of Tennessee at Martin (UTM) migrated to the FOLIO platform in July 2021. Consequently, the library decided to make the transition from EZproxy as the primary ...off-campus authentication system to OpenAthens. In this article, the authors describe the two-phased implementation process and discuss how staff collaborated closely with EBSCO throughout the process. Lessons and tips learned during the implementation will be addressed. In addition, EBSCO's inputs and suggestions are included in relation to UTM's implementation experience.
Transformation of myelodysplastic syndromes (MDS) into secondary acute myeloid leukemia (sAML) is defined by an arbitrary boundary of ≥20% bone marrow blasts but does not necessarily reflect a ...defined biological transition. The more obvious distinction lies between MDS patients that have an isolated bone marrow failure phenotype and those with excess blasts. Subtyping of MDS might be more accurately stratified into clonal cytopenias and oligoblastic leukemias, using the degree of dysplasia and blast percentage as risk features, respectively, rather than as diagnostic criteria. Transformation from MDS to sAML often involves clonal evolution or expansion of existing subclones that can be assessed by changes in variant allele frequencies of the somatic mutations that define them. There are a number of predictors for transformation that have been identified: these include mutations of genes in growth signaling pathways (NRAS, KRAS, PTPN11, FLT3), mutations in genes more commonly observed in AML (NPM1, WT1, IDH2), certain cytogenetic abnormalities (monosomy 7, complex karyotype, loss of 17p). Gene expression profiles that divide MDS into two major categories identify a progenitor gene signature subtype associated with a high risk of AML transformation. Assessing for these genetic abnormalities may better identify MDS patients at greatest risk of transformation.
We describe the design, implementation, and use of the META-pipe Authorization service. META-pipe is a complete workflow for the analysis of marine metagenomics data. We will provide META-pipe as a ...web based data analysis service for ELIXIR users. We have integrated our Authorization service with the ELIXIR Authorization and Authentication Infrastructure (AAI) that allows single sign-on to services across the ELIXIR infrastructure. We use the Authorization service to authorize access to data on the META-pipe storage system and jobs in the META-pipe job queue. Our Authorization server was among the first SAML2 service providers that integrated with ELIXIR AAI. The code is open source at:
https://gitlab.com/uit-sfb/AuthService2
.
Identity Providers are an integral part of Identity Federations. Many different and complex technologies are needed to create an Identity Provider. In order to be able to fully utilize all the ...benefits of Identity Federations, adequate hardware resources are needed for Identity Provider deployment. Containers address the complexity and resources issues, while enabling faster deployment and keeping the functionalities and core concepts intact at the same time. Containers cannot be perceived as a replacement for virtual machines or bare metal servers, as they are meant to co-exist and have already found a wide range of use cases. This paper proposes using containers for easier implementation of Identity Providers, while lowering resource usage and complexity imposed by deployment requirements.
PDF
