A context-related authorization and access control method based on RBAC: A case study from the health care domain

Marc Wilikens, Simone Feriti, Alberto Sanna, Marcelo Masera

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources needed for performing clinical and logistics tasks in the application. The notion of trust constituency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a trust infrastructure including smart cards.

Original languageEnglish
Title of host publicationProceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)
Pages117-124
Number of pages8
Publication statusPublished - 2002
EventProceedings of Seventh ACM Symposium on Access Control Models and Technologies: SACMAT 2002 - Monterey, CA, United States
Duration: Jun 3 2002Jun 4 2002

Other

OtherProceedings of Seventh ACM Symposium on Access Control Models and Technologies: SACMAT 2002
CountryUnited States
CityMonterey, CA
Period6/3/026/4/02

Keywords

  • Role based access control (RBAC)
  • Secure health care system
  • Trust infrastructure

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'A context-related authorization and access control method based on RBAC: A case study from the health care domain'. Together they form a unique fingerprint.

  • Cite this

    Wilikens, M., Feriti, S., Sanna, A., & Masera, M. (2002). A context-related authorization and access control method based on RBAC: A case study from the health care domain. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002) (pp. 117-124)