A Framework for Multiple Authorization Types in a Healthcare Application System

New Orleans, Lousiana December 10-December 14

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991530

17th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by R. Chandramouli

	ASCII Text	x
	R. Chandramouli, "A Framework for Multiple Authorization Types in a Healthcare Application System," Computer Security Applications Conference, Annual, pp. 0137, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001.

	BibTex	x
	@article{ 10.1109/ACSAC.2001.991530, author = {R. Chandramouli}, title = {A Framework for Multiple Authorization Types in a Healthcare Application System}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2001}, isbn = {0-7695-1405-7}, pages = {0137}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991530}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A Framework for Multiple Authorization Types in a Healthcare Application System SN - 0-7695-1405-7 SP EP A1 - R. Chandramouli, PY - 2001 VL - 0 JA - Computer Security Applications Conference, Annual ER -

R. Chandramouli, NIST

In most of the current authorization frameworks in application systems, the authorization for a user operation is determined using a static database like ACL entries or system tables. These frameworks cannot provide the foundation for supporting multiple types of authorizations like Emergency Authorizations, Context-based Authorizations etc, which are required in many vertical market systems like healthcare application systems. In this paper we describe a dynamic authorization framework which supports multiple authorization types. We use the acronym DAFMAT (Dynamic Authorization Framework for Multiple Authorization Types) to refer to this framework. The DAFMAT framework uses a combination of Role-based Access Control (RBAC) and Dynamic Type Enforcement (DTE) augmented with a logic-driven authorization engine. The application of DAFMAT for evaluating and determining various types of authorization requests for the Admissions, Discharge and Transfer System (ADT) in a healthcare enterprise is described.

Citation:

R. Chandramouli, "A Framework for Multiple Authorization Types in a Healthcare Application System," acsac, pp.0137, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.