Enterprise access policy enforcement for applications through hybrid models and XSLT technologies
ICEC '04 Proceedings of the 6th international conference on Electronic commerce
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
Expressive security policy rules using Layered Conceptual Graphs
Knowledge-Based Systems
Security enhanced Linux to enforce mandatory access control in health information systems
HDKM '08 Proceedings of the second Australasian workshop on Health data and knowledge management - Volume 80
Patterns and Pattern Diagrams for Access Control
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
A novel use of RBAC to protect privacy in distributed health care information systems
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Physicians' and nurses' documenting practices and implications for electronic patient record design
USAB'07 Proceedings of the 3rd Human-computer interaction and usability engineering of the Austrian computer society conference on HCI and usability for medicine and health care
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
mPHASiS: Mobile patient healthcare and sensor information system
Journal of Network and Computer Applications
A practical aspect framework for enforcing fine-grained access control in web applications
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Behavior-based access control for distributed healthcare systems
Journal of Computer Security
Hi-index | 0.00 |
In most of the current authorization frameworks inapplication systems, the authorization for a user operationis determined using a static database like ACL entries orsystem tables. These frameworks cannot provide thefoundation for supporting multiple types of authorizationslike Emergency Authorizations, Context-basedAuthorizations etc, which are required in many verticalmarket systems like healthcare application systems. In thispaper we describe a dynamic authorization frameworkwhich supports multiple authorization types. We use theacronym DAFMAT (Dynamic Authorization Frameworkfor Multiple Authorization Types) to refer to thisframework. The DAFMAT framework uses a combinationof Role-based Access Control (RBAC) and Dynamic TypeEnforcement (DTE) augmented with a logic-drivenauthorization engine. The application of DAFMAT forevaluating and determining various types of authorizationrequests for the Admissions, Discharge and TransferSystem (ADT) in a healthcare enterprise is described.