On the characterization of law and computer systems: the normative systems perspective
Deontic logic in computer science
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
Attempto Controlled English - Not Just Another Logic Specification Language
LOPSTR '98 Proceedings of the 8th International Workshop on Logic Programming Synthesis and Transformation
Controlled Natural Language Can Replace First-Order Logic
ASE '99 Proceedings of the 14th IEEE international conference on Automated software engineering
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
COBEA: a CORBA-based event architecture
COOTS'98 Proceedings of the 4th conference on USENIX Conference on Object-Oriented Technologies and Systems - Volume 4
PoP -- An Automated Policy Replacement Architecture for PBNM
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
| Hi-index | 0.00 |
The motivation for this work derives from a study undertaken with a view to providing ubiquitous access to Electronic Health Records (EHRs) held within the National Health Service in England. Any implementation must guarantee confidentiality. In October 1999 the Cambridge Computer Laboratory's Opera group joined a consortium within the Eastern Regional Health Authority to propose an experimental architecture which included role-based access control (RBAC). Specifying a policy for role-based access has two aspects: first, the conditions for entering each role must be established; secondly, the access privileges associated with each role must be defined. Access control policy must implement public policy and its expression must be transparent to computer non-specialists. We have therefore designed and implemented a pseudo-natural language framework sufficient for both of these purposes. Policy statements are translated into first-order logic, with side conditions which are evaluated by consulting a context-dependent database, and subsequently into access control procedures.