A context-related authorization and access control method based on RBAC

A case study from the health care domain

Marc Wilikens, Simone Feriti, Alberto Sanna, Marcelo Masera

Research output: Chapter in Book/Report/Conference proceedingConference contribution

46 Citations (Scopus)

Abstract

This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources needed for performing clinical and logistics tasks in the application. The notion of trust constituency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a trust infrastructure including smart cards.

Original languageEnglish
Title of host publicationProceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)
Pages117-124
Number of pages8
Publication statusPublished - 2002
EventProceedings of Seventh ACM Symposium on Access Control Models and Technologies: SACMAT 2002 - Monterey, CA, United States
Duration: Jun 3 2002Jun 4 2002

Other

OtherProceedings of Seventh ACM Symposium on Access Control Models and Technologies: SACMAT 2002
CountryUnited States
CityMonterey, CA
Period6/3/026/4/02

Fingerprint

Health care
Access control
Smart cards
Logistics
Industry

Keywords

  • Role based access control (RBAC)
  • Secure health care system
  • Trust infrastructure

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Wilikens, M., Feriti, S., Sanna, A., & Masera, M. (2002). A context-related authorization and access control method based on RBAC: A case study from the health care domain. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002) (pp. 117-124)

A context-related authorization and access control method based on RBAC : A case study from the health care domain. / Wilikens, Marc; Feriti, Simone; Sanna, Alberto; Masera, Marcelo.

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). 2002. p. 117-124.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wilikens, M, Feriti, S, Sanna, A & Masera, M 2002, A context-related authorization and access control method based on RBAC: A case study from the health care domain. in Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). pp. 117-124, Proceedings of Seventh ACM Symposium on Access Control Models and Technologies: SACMAT 2002, Monterey, CA, United States, 6/3/02.
Wilikens M, Feriti S, Sanna A, Masera M. A context-related authorization and access control method based on RBAC: A case study from the health care domain. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). 2002. p. 117-124
Wilikens, Marc ; Feriti, Simone ; Sanna, Alberto ; Masera, Marcelo. / A context-related authorization and access control method based on RBAC : A case study from the health care domain. Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). 2002. pp. 117-124
@inproceedings{e10d0c2da31e4ad180872f0799156150,
title = "A context-related authorization and access control method based on RBAC: A case study from the health care domain",
abstract = "This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources needed for performing clinical and logistics tasks in the application. The notion of trust constituency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a trust infrastructure including smart cards.",
keywords = "Role based access control (RBAC), Secure health care system, Trust infrastructure",
author = "Marc Wilikens and Simone Feriti and Alberto Sanna and Marcelo Masera",
year = "2002",
language = "English",
pages = "117--124",
booktitle = "Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)",

}

TY - GEN

T1 - A context-related authorization and access control method based on RBAC

T2 - A case study from the health care domain

AU - Wilikens, Marc

AU - Feriti, Simone

AU - Sanna, Alberto

AU - Masera, Marcelo

PY - 2002

Y1 - 2002

N2 - This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources needed for performing clinical and logistics tasks in the application. The notion of trust constituency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a trust infrastructure including smart cards.

AB - This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources needed for performing clinical and logistics tasks in the application. The notion of trust constituency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a trust infrastructure including smart cards.

KW - Role based access control (RBAC)

KW - Secure health care system

KW - Trust infrastructure

UR - http://www.scopus.com/inward/record.url?scp=0242709331&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0242709331&partnerID=8YFLogxK

M3 - Conference contribution

SP - 117

EP - 124

BT - Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

ER -