First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
Performance evaluation of XACML PDP implementations
Proceedings of the 2008 ACM workshop on Secure web services
Project HealthDesign: Rethinking the power and potential of personal health records
Journal of Biomedical Informatics
Journal of Biomedical Informatics
Personal health record architectures: Technology infrastructure implications and dependencies
Journal of the American Society for Information Science and Technology
Hi-index | 0.00 |
Online personal health records (PHRs) enable patients to access, manage, and share certain of their own health information electronically. This capability creates the need for precise access-controls mechanisms that restrict the sharing of data to that intended by the patient. The authors describe the design and implementation of an access-control mechanism for PHR repositories that is modeled on the eXtensible Access Control Markup Language (XACML) standard, but intended to reduce the cognitive and computational complexity of XACML. The authors implemented the mechanism entirely in a relational database system using ANSI-standard SQL statements. Based on a set of access-control rules encoded as relational table rows, the mechanism determines via a single SQL query whether a user who accesses patient data from a specific application is authorized to perform a requested operation on a specified data object. Testing of this query on a moderately large database has demonstrated execution times consistently below 100ms. The authors include the details of the implementation, including algorithms, examples, and a test database as Supplementary materials.