Authorisation Models for Complex Computing Applications

Longstaff, Jim; Lockyer, Mike; Nicholas, John

doi:10.1007/978-3-322-84982-3_10

Jim Longstaff¹,
Mike Lockyer² &
John Nicholas³

99 Accesses

Abstract

This paper presents the Tees Confidentiality Model, an authorisation model which is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity-Based Access Control (IBAC) and Role-Based Access Control (RBAC) in novel ways. The model is based on a range of permission types, called Confidentiality Permission Types, which are processed in a defined order. Confidentiality Permissions may have negative values (ie they may deny access), and may be overridden by authorised users in carefully specified ways. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment. We use a demanding scenario from Electronic Health Records to illustrate the power of the model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

D F Ferraiolo, R Sandhu, S Gavrila, D R Kuhn, R Chandramouli (2001) “Proposed NIST Standard for Role-Based Acess Control”, ACM TISSEC, Vol 4, No 3.
Google Scholar
J J Longstaff, MG Thick, G Capper, MA Lockyer (2002) “Eliciting and recording eHR/ePR Patient Consent in the context of the Tees Confidentiality Model”, HC2002 Conference, Harrogate, England.
Google Scholar
J J Longstaff, MA Lockyer, J Nicholas (2003) “The Tees Confidentiality Model: an authorisation model for identities and roles”, ACM SACMAT 2003, Como, Italy, June 2003.
Google Scholar
UK NHS Confidentiality Workstream (2003) www.nhsia.nhs.uk/confidentiality/pages/consultation/
Google Scholar
NHS National Programme for Information Technology (2003) Integrated Care Records Service, Output Based Specification.
Google Scholar
Oasis standards organisation (2003) Oasis http://www.oasis-open.org/home/index.php
Google Scholar
“ERDIP” (2003) www.nhsia.nhs.uk/erdip.
Google Scholar

Download references

Author information

Authors and Affiliations

School of Computing, Teesside University, Middlesbrough, TS1 3BA, UK
Jim Longstaff
Teesside University, UK
Mike Lockyer
Tees Health Authority, UK
John Nicholas

Authors

Jim Longstaff
View author publications
You can also search for this author in PubMed Google Scholar
Mike Lockyer
View author publications
You can also search for this author in PubMed Google Scholar
John Nicholas
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Longstaff, J., Lockyer, M., Nicholas, J. (2004). Authorisation Models for Complex Computing Applications. In: Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_10

Download citation

DOI: https://doi.org/10.1007/978-3-322-84982-3_10
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-528-05887-6
Online ISBN: 978-3-322-84982-3
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics