- Services & Solutions
- By Business Need
- Testing Services
- Business Technology
- Transforming the IT Function
- Cost Optimization
- Risk Management & Compliance
- Corporate Responsibility and Sustainability
- Merger & Acquisition
- Infostructure Transformation Services
- Global Sourcing and Industrialization
- Application Lifecycle Services
- Business Information Management
- Finance Transformation
- Supply Chain Management
- Human Capital Management
- Customer Interaction
- By Industry
- Consulting Services
- Outsourcing Services
- Technology Services
- Local Professional Services
- By Business Need
- Insights & Resources
- News & Events
- About Us
Health Transformation
« What Does American Recovery & Reinvestment Act mean for HIT? | Main | Changing the tune of the discussion »
Attribute Based Access Control
Access control is one of the key issues handling the information flow inside healthcare actors, between healthcare actors and cross border healthcare actions.
Conventional access control models are for example Identity Based Access Control (IBAC) and Role Based Access Control (RBAC). In IBAC access permissions are directly associated with a subject and it is difficult to scale. In RBAC access permissions are based on the role(s) a subject is performing. RBAC gives better scalability and ease of use but have drawbacks.
In Sweden a national security application are under way and is built upon Attribute Based Access Control (ABAC). This model consists of three groups of attributes:
• Subject Attributes
Associated with a subject (E.g. identifier, name, job title, role….)
• Resource Attributes
Associated with a resource (E.g. metadata elements …)
• Environment Attributes
Describes the environment or context (E.g. current date, time, classifications…)
This Swedish initiative will be the world’s largest XACML 3.0 (OASIS) deployment.
I see the beauty of policy’s and the abilities in the Service Oriented perspectives but in the daily caregiver situation could the complexity making the policies be too high and leaving doors open accessing confidential electronic patient records?
Posted by Krister Svanberg on March 9, 2009 | 
Digg this | 
Seed Newsvine
TrackBacks
TrackBack URL for this entry: http://www.capgemini.com/cgi-bin/blog/mt-tb.cgi/818
Post a comment
Subscribe
RSS news feed
Add to Technorati FavoritesRecent Posts
- Simple Interoperability for HIE/EHR (idea promoted by Wes Rishel)
- The problem of health services sustainability ... how do we get much better at decommissioning services?
- EMR benefits, in theory and (Dutch) practice
- Interoperability made simple
- Help in choosing a "good" Electronic Health Record
- Focus on care quality and health outcomes
- US Healthcare Transformation: Going Dutch?
- Healthcare Quality Measurement & Reporting
- Doctors thoughts about Obamacare
Comments
# on December 17, 2009 9:22 AM, Ludwig Seitz said:
Hello Krister,
I think you need to separate the making of long term access control policies from day to day access administration.
For long term access control policies you either need intensive training with XACML or an application specific interface, that lets a user formulate policies in a way he/she understands, hiding the complexity of XACML.
For day to day administration, you don't touch the policies, you set attributes (it's what ABAC is all about). In order to do that you only need a description (which can be fully independent from XACML) of which attributes will give you which permissions.
If you want to learn more about ABAC and XACML we provide a lot of material om our website: http://www.axiomatics.com/
Regards,
Ludwig Seitz