A context-related authorisation and access control method based on RBAC and Smart: A case study from the health care domain
This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources in clinical and logistics tasks in the application. The notion of trust consistency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a true infrastructure including smart cards.
Bibliographic Reference: An oral paper given at: SACMAT 2002: 7th ACM Symposium on Access Control Models and Technologies Organised by: ACM (Association for Computing Machinery), SIGSAC Held at: Monterey (US), 3-4 June 2002
Availability: Papers in the SACMAT 2002 Proceedings can be accessed online by SIGSAC members, and can be purchased online by non-members, at: http://portal.acm.org/browse_dl.cfm?linked=1&part=series&idx=SERIES10694&coll=portal&dl=ACM&CFID=3783645&CFTOK
Record Number: 200214965 / Last updated on: 2002-08-19
Original language: en
Available languages: en