Delegation in a Distributed Healthcare Context: A Survey of Current Approaches

  • Mila Katzarova
  • Andrew Simpson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4176)


The development of infrastructures to facilitate the sharing of data for healthcare delivery and research purposes is becoming increasingly widespread. In addition to the technical requirements pertaining to efficient and transparent sharing of data across organisational boundaries, there are requirements pertaining to ethical and legal issues. Functional and non-functional concerns need to be balanced: for resource sharing to be as transparent as possible, an entity should be allowed to delegate a subset of its rights to another so that the latter can perform actions on the former’s behalf, yet such delegation needs to be performed in a fashion that complies with relevant legal and ethical restrictions. The contribution of this paper is twofold: to characterise the requirements for secure and flexible delegation within the emerging distributed healthcare context; and to evaluate existing approaches with respect to these requirements. We also suggest how some of these limitations might be overcome.


Access Control Access Control Policy Authorization Policy Delegation Mechanism Delegation Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Oasis eXstensible Access Control Markup Language Committee, XACML V2.0,
  3. 3.
    Oasis Security Services Technical Committee, SAML V2.0,
  4. 4.
    The Caldicott Report (December 1997),
  5. 5.
  6. 6.
    Data protection act 1998. The Stationery Office Limited, London (1998)Google Scholar
  7. 7.
    Foster, I., Kesselman, C. (eds.): The Grid: Blueprint For A New Computing Infrastructure. Morgan Kaufmann, San Francisco (1999)Google Scholar
  8. 8.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)Google Scholar
  9. 9.
    Gasser, M., McDermott, E.: An architecture for practical delegation in a distributed system. In: IEEE Symposium on Research in Security and Privacy (May 1990), pp. 20–30 (1990)Google Scholar
  10. 10.
    Geddes, J., Lloyd, S., Simpson, A.C., Rossor, M., Fox, N., Hill, D., Hajnal, J., Lawrie, S., McIntosh, A., Johnstone, E., Wardlaw, J., Perry, D., Procter, R., Bath, P., Bullmore, E.: Neurogrid: Using grid technology to advance neuroscience. In: 18th IEEEd Symposium on Computer-Based Medical Systems, pp. 570–572 (2005)Google Scholar
  11. 11.
    Healthgrid white paper,
  12. 12.
    Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280 (April 2002)Google Scholar
  13. 13.
    Humber, M.: National Programme for Information Technology. British Medical Journal 328(7449), 1145–1146 (2004)CrossRefGoogle Scholar
  14. 14.
    Navarro, G., Sadhigi-Firozabadi, B., Rissanen, E., Borrell, J.: Constrained delegation in XML-based access control and digital rights management standards. In: Proceedings of Communication,Network and Information Security (December 2003)Google Scholar
  15. 15.
    Power, D.J., Politou, E.A., Slaymaker, M.A., Simpson, A.C.: Towards secure grid-enabled healthcare. Software: Practice and Experience 35(9), 857–871 (2005)CrossRefGoogle Scholar
  16. 16.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  17. 17.
    Seitz, L., Rissanen, E., Sandholm, T., Firozibadi, B.S., Mulmo, O.: Policy administration control and delegation using XACML and delegent. In: 6th IEEE/ACM International Workshop on Grid Computing (November 2005)Google Scholar
  18. 18.
    Wang, J., Vecchio, D.D., Humphrey, M.: Extending the security assertion markup language to support delegation for web services and grid services. In: IEEE International Conference on Web Services (ICWS 2005) (July 2005)Google Scholar
  19. 19.
    Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 Proxy Certificates for Dynamic Delegation. In: 3rd Annual PKI R&D Workshop (2004)Google Scholar
  20. 20.
    Zhang, L., Ahn, G.J., Chu, B.T.: A role-based delegation framework for healthcare information systems. In: SACMAT, pp. 125–134 (2002)Google Scholar
  21. 21.
    Zhang, L., Ahn, G.J., Chu, B.T.: A rule-based framework for role-based delegation and revocation. ACM Transactions on Information and System Security 6(3), 404–441 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Mila Katzarova
    • 1
  • Andrew Simpson
    • 1
  1. 1.Oxford University Computing LaboratoryOxfordUnited Kingdom

Personalised recommendations