Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Migrating to role-based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An access control language for web services
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Authorization and Access Control in IRO-DB
ICDE '96 Proceedings of the Twelfth International Conference on Data Engineering
Implementing role based access control for federated information systems on the web
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
A Trust-based Context-Aware Access Control Model for Web-Services
ICWS '04 Proceedings of the IEEE International Conference on Web Services
Authorization and Privacy for Semantic Web Services
IEEE Intelligent Systems
Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Pellet: A practical OWL-DL reasoner
Web Semantics: Science, Services and Agents on the World Wide Web
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Web services discovery in secure collaboration environments
ACM Transactions on Internet Technology (TOIT)
Toward a Usage-Based Security Framework for Collaborative Computing Systems
ACM Transactions on Information and System Security (TISSEC)
Migrating to optimal RBAC with minimal perturbation
Proceedings of the 13th ACM symposium on Access control models and technologies
UIC '08 Proceedings of the 5th international conference on Ubiquitous Intelligence and Computing
Verification of Access Control Requirements in Web Services Choreography
SCC '08 Proceedings of the 2008 IEEE International Conference on Services Computing - Volume 1
RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
Access control: what is required in business collaboration?
ADC '09 Proceedings of the Twentieth Australasian Conference on Australasian Database - Volume 92
eHealth system interoperability
Information Systems Frontiers
Hi-index | 0.00 |
Modern eHealth systems require collaborations between individual social entities such as hospitals, medical centers, emergency services and community services. Security and privacy are critical issues in this interoperability challenge. In an eHealth system that crosses different administrative domains, individual organisations usually define their authorization control policies independently. When a collaboration opportunity arises a number of issues may be raised. For example, is the collaboration possible given the authorization policies of collaboration participants? How can policy inconsistencies among collaboration participants be identified and resolved? What kind of authorization control support is needed as the collaboration proceeds? In this paper, we analyze different types of collaborations and provide insights into authorization control in individual organisations as well as in collaboration activities. We propose a model to capture the necessary elements for specifying authorization policy for cross-border collaboration. Based on the model, various inconsistencies between authorization policies from different business units are discussed and handling strategies are suggested according to the intended collaboration types. We also briefly discuss how a description logic reasoner can be used to test whether two set of policies are suitable for collaboration. This work lays a foundation for policy development, negotiation and enforcement for cross-border collaboration.