Modelling privilege management and access control
| Autor: | Bernd Blobel, Ragnar Nordberg, Peter Pharow, John M. Davis |
|---|---|
| Přispěvatelé: | Publica |
| Rok vydání: | 2006 |
| Předmět: |
Cloud computing security
Computer science business.industry Health Informatics Information security Semantic interoperability Computer security model Security policy Computer security computer.software_genre Security information and event management Access to Information Security service Distributed System Security Architecture Computer Simulation Software engineering business computer Computer Security |
| Zdroj: | International Journal of Medical Informatics. 75:597-623 |
| ISSN: | 1386-5056 |
| DOI: | 10.1016/j.ijmedinf.2005.08.010 |
| Popis: | Summary Objectives For establishing trustworthiness in advanced architectures for future-proof health information systems being open, flexible, scaleable, portable, and semantically interoperable, security and privacy services needed must be designed as an inherent part of the architecture. Such architecture has to meet the paradigms of distribution, component orientation, formal modelling, separation of logical and technological aspects, etc. Methods In model-driven architectures components providing security and privacy services have to be specified using the same methodology of formal models with meta-languages as expression means, as deployed in computational, technical, or medical domains. The resulting approach must be based on the ISO Reference Model—Open Distributed Processing. Results Currently, standards developing organisation are defining emerging tasks and standards for semantic interoperability and trustworthy collaboration for advanced health information systems. Communication security issues have been specified and implemented, while application security challenges such as privilege management and access control are still under development. Therefore, a series of formal models have been developed by the authors covering, e.g. domains, service delegation, claims control, policies, roles, authorisations, and access control. The required models are introduced and interpreted in a generic way. The crucial concept of security policy and its relationship to the other concepts has been considered in detail. Conclusion Based on formal models, security services can be integrated into advanced systems architectures enabling semantic interoperability in the context of trustworthiness of communication and co-operation. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect