Abstract
This paper presents the Tees Confidentiality Model, an authorisation model which is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity-Based Access Control (IBAC) and Role-Based Access Control (RBAC) in novel ways. The model is based on a range of permission types, called Confidentiality Permission Types, which are processed in a defined order. Confidentiality Permissions may have negative values (ie they may deny access), and may be overridden by authorised users in carefully specified ways. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment. We use a demanding scenario from Electronic Health Records to illustrate the power of the model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D F Ferraiolo, R Sandhu, S Gavrila, D R Kuhn, R Chandramouli (2001) “Proposed NIST Standard for Role-Based Acess Control”, ACM TISSEC, Vol 4, No 3.
J J Longstaff, MG Thick, G Capper, MA Lockyer (2002) “Eliciting and recording eHR/ePR Patient Consent in the context of the Tees Confidentiality Model”, HC2002 Conference, Harrogate, England.
J J Longstaff, MA Lockyer, J Nicholas (2003) “The Tees Confidentiality Model: an authorisation model for identities and roles”, ACM SACMAT 2003, Como, Italy, June 2003.
UK NHS Confidentiality Workstream (2003) www.nhsia.nhs.uk/confidentiality/pages/consultation/
NHS National Programme for Information Technology (2003) Integrated Care Records Service, Output Based Specification.
Oasis standards organisation (2003) Oasis http://www.oasis-open.org/home/index.php
“ERDIP” (2003) www.nhsia.nhs.uk/erdip.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2004 Friedr. Vieweg & Sohn Verlagsgesellschaft/GWV Fachverlage GmbH,Wiesbaden
About this chapter
Cite this chapter
Longstaff, J., Lockyer, M., Nicholas, J. (2004). Authorisation Models for Complex Computing Applications. In: Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-322-84982-3_10
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-528-05887-6
Online ISBN: 978-3-322-84982-3
eBook Packages: Springer Book Archive