Privacy Preserving Trust Authorization Framework Using XACML
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
| Hi-index | 0.00 |
This paper describes the PERMIS PMI role basedauthorisation policy, and shows how it has been appliedto the electronic transfer of prescriptions (ETP). Theassignment of roles is distributed to the appropriateauthorities in the health care and government sectors.This includes the assignment of both professional rolessuch as doctor and dentist, as well as patient roles thatentitle patients to free prescriptions. All roles are storedas X.509 attribute certificates (ACs) in LDAP directories,which are managed by the assigning authorities. ThePERMIS policy based decision engine subsequentlyretrieves these role ACs in order to make Granted orDenied access control decisions required by the ETPapplications. The Source of Authority for setting the ETPpolicy is assumed to be the Secretary of State for Health.The ETP policy says what roles are recognised, who isauthorised to assign the roles, what privileges aregranted to each role and what conditions are attached tothese privileges. The ETP policy is then formatted inXML, embedded in an X.509 attribute certificate, digitallysigned by the Secretary of State for Health, and thenstored in an LDAP directory. From here it can beaccessed by all the ETP applications in the UK NationalHealth Service that contain embedded policy basedPERMIS decision engines.