Community Research and Development Information Service - CORDIS

Abstract

This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources in clinical and logistics tasks in the application. The notion of trust consistency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a true infrastructure including smart cards.

Additional information

Authors: WILIKENS M, European Commission, Joint Research Centre, Institute for the Protection and Security of the Citizen, Ispra (IT);MASERA M, European Commission, Joint Research Centre, Institute for the Protection and Security of the Citizen, Ispra (IT);FERITI S, Scientific Institute, Hospital San Raffaele, Milano (IT);SANNA A, Scientific Institute, Hospital San Raffaele, Milano (IT)
Bibliographic Reference: An oral paper given at: SACMAT 2002: 7th ACM Symposium on Access Control Models and Technologies Organised by: ACM (Association for Computing Machinery), SIGSAC Held at: Monterey (US), 3-4 June 2002
Availability: Papers in the SACMAT 2002 Proceedings can be accessed online by SIGSAC members, and can be purchased online by non-members, at: http://portal.acm.org/browse_dl.cfm?linked=1&part=series&idx=SERIES10694&coll=portal&dl=ACM&CFID=3783645&CFTOK
Record Number: 200214965 / Last updated on: 2002-08-19
Category: PUBLICATION
Original language: en
Available languages: en