| The tees confidentiality model: an authorisation model for identities and roles |
| Full text |
 Pdf
(402 KB)
|
| Source
|
Symposium on Access Control Models and Technologies
archive
Proceedings of the eighth ACM symposium on Access control models and technologies
table of contents
Como, Italy
SESSION: Access Control Models and Mechanisms
table of contents
Pages: 125 - 133
Year of Publication: 2003
ISBN:1-58113-681-1
|
|
Authors
|
|
| Sponsors |
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 5, Downloads (12 Months): 51, Citation Count: 0
|
|
|
 ABSTRACT
We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based Access Control (IBAC) and RBAC in novel ways. A particular feature of the model is a rigorous definition of override, for granting access to data and resources in exceptional circumstances. Despite its power, the model can be implemented by a single algorithm, as an extension to RBAC. The basis of the model is a new concept of permission, which we call Confidentiality Permission. There are five types of confidentiality permission, for granting access rights for identities and roles; also negative confidentiality permissions, for denying access to data and resources, exist. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment; however confidentiality permissions may be assigned in other ways that do not depend on collections. We use a demanding scenario from Electronic Health Records to illustrate the power of the model. We have produced several demonstrators, one of which utilises the model to control data retrieval from commercial GP and Social Services systems.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
J J Longstaff, MG Thick, G Capper, MA Lockyer, Eliciting and recording eHR/ePR Patient Consent in the context of the Tees Confidentiality Model, HC2002 Conference, Harrogate, England, March 2002.
|
 |
2
|
|
| |
3
|
www.nhsia.nhs.uk/confidentiality/pages/consultation/
|
| |
4
|
J. J. Longstaff , M. A. Lockyer , M. G. Thick, A model of accountability, confidentiality and override for healthcare and other applications, Proceedings of the fifth ACM workshop on Role-based access control, p.71-76, July 26-28, 2000, Berlin, Germany
[doi> 10.1145/344287.344304]
|
| |
5
|
J J Longstaff, MG Thick, G Capper, MA Lockyer, eHR and EPR Confidentiality based on Accountability and Consent:Tools for the Caldicott Guardian, Health Informatics Journal, Vol 6 / No 1 March 2000, ISSN 1460-4582
|
| |
6
|
M G Thick, J J Longstaff, G Capper, M A Lockyer, An Authorisation Model Based on Accountability and Consent, Proceedings of TEPR 2001 Conference, Boston, USA, May 2001, Medical Records Institute
|
| |
7
|
|
| |
8
|
Michael M. Swift , Anne Hopkins , Peter Brundrett , Cliff Van Dyke , Praerit Garg , Shannon Chan , Mario Goertzel , Gregory Jensenworth, Improving the granularity of access control for Windows 2000, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.398-437, November 2002
[doi> 10.1145/581271.581273]
|
| |
9
|
Health Record Infrastructure, version 1.3, NHS Information Authority, 15 October 2002
|
| |
10
|
www.nhsia.nhs.uk/erdip . (Search on 'Tees', "Confidentiality and Consent", etc).
|
| |
11
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
D.4