Generating XACML Enforcement Policies for Role-Based Access Control of XML Documents

Algarín, Alberto De la Rosa; Ziminski, Timoteus B.; Demurjian, Steven A.; Sánchez, Yaira K. Rivera; Kuykendall, Robert

doi:10.1007/978-3-662-44300-2_2

Cited by 8 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, HIE architectures also require a strong support for privacy and security, since they are tasked with processing highly sensitive data that is subject to regulations such as HIPAA (HIPAA, 1996) and FERPA (FERPA, 1974). Towards this goal, the architecture should implement a single point of entry to handle security, utilizing fine grained role and permission management for medical documents (De La Rosa Algarín, Demurjian, Berhe, & Pavlich-Mariscal, 2012;De La Rosa Algarín, Ziminski, Demurjian, Kuykendall, & Rivera Sánchez, 2013).…”

Section: Challenges For Hie Architecturesmentioning

confidence: 99%

An Architectural Solution for Health Information Exchange

Demurjian

Agresta

Ziminski

et al. 2016

International Journal of User-Driven Healthcare

View full text Add to dashboard Cite

Health information technology (HIT) systems including electronic health records (EHRs) have a market saturation nearing 92% at individual institutions but are still unsuited for cross-institutional collaboration of stakeholders (e.g., medical providers such as physicians, hospitals, clinics, labs, etc.) in support of health information exchange (HIE) of different HIT systems in geographically separate locations. In the computer science field, software architectures such as service-oriented architecture, grid computing, publish/subscribe paradigm, and data warehousing are well-established approaches for interoperation. However, the application of these software architectures to support HIE has not been significantly explored. To address this issue, this paper proposes an architectural solution for HIE that leverages established software architectural styles in conjunction with the emergent HL7 standard Fast Healthcare Interoperability Resources (FHIR). FHIR models healthcare data with XML or JSON schemas using a set of 93 resources to track a patient's clinical findings, problems, allergies, adverse events, history, suggested physician orders, care planning, etc. For each resource, a FHIR CRUD RESTful Application Program Interface (API) is defined to share data in a common format for each of the HITs that can then be easily accessible by mobile applications. This paper details an architectural solution for HIE using software architectural styles in conjunction with FHIR to allow HIT systems of stakeholders to be integrated to facilitate collaboration among medical providers. To demonstrate the feasibility and utility of HHIEA, a realistic regional healthcare scenario is introduced that illustrates the interactions of stakeholders across an integrated collection of HIT systems.

show abstract

Section: Challenges For Hie Architecturesmentioning

confidence: 99%

An Architectural Solution for Health Information Exchange

Demurjian

Agresta

Ziminski

et al. 2016

International Journal of User-Driven Healthcare

View full text Add to dashboard Cite

show abstract

“…The patient version of Personal Health Assistant allows users to perform a set of actions regarding their health information. Users can view and edit their medication list, allergies, observations of daily living, and set security policies for read/ write permissions on their medical providers by role as reported in our prior work (De la Rosa Algarín et al, 2013). Security settings can be set at a fine granular level, and each provider gets specific view/update authorizations to the different information components available in Personal Health Assistant.…”

Section: Proposed Architecture For Secure Digital Health Carementioning

confidence: 99%

“…Extension parameters include patient, healthcare facility, task, temporal information, and other stakeholders (Berhe et al, 2010;Caine et al, 2013). Another extension would be the ability to extract local security policies and integrate them into a global one that is enforceable across the health care enterprise (Bhatti et al, 2005;De la Rosa Algarín, 2013).…”

Section: Direct and Health Information Servicementioning

confidence: 99%

A Viewpoint of Security for Digital Health Care in the United States

Demurjian

Algarín

et al. 2014

International Journal of Privacy and Health Information Management

View full text Add to dashboard Cite

In health care, patient information of interest to health providers, researchers, public health researchers, insurers, patients, etc., is stored in different locations via electronic media and/or hard-copy formats. All potential users need electronic access to health information technology systems such as: electronic health records, personal health records, patient portals, and ancillary systems such as imaging, laboratory, pharmacy, etc. Controlling access to information from multiple systems requires granularity levels of privileges ranging from one patient to a cohort to an entire population. In this paper, we present a viewpoint of the state of secure digital health care in the United States, focusing on the resources that need to be protected as dictated by legal entities and regulations, the available approaches in the present state-of-the art, and, the potential needs for the future of security for digital health care. By utilizing a real world scenario, the authors explore the limitations of health information exchange in the United States, and present one possible architecture for secure digital health care that builds on existing technology alternatives.

show abstract

“…Venkatasubramanian et al [10] proposed an Adaptive and proactive Access Control Approach for Emergencies in Smart Infrastructures. Algarín A et al [11] generated XACML enforcement policies for role-based access control of XML documents. Hao H et al [12] proposed API-level access control in smartphone analysis.…”

Section: Introductionmentioning

confidence: 99%

The Study of Access Control Model Using XML

Zhang¹,

Guan²,

Luo³

2015

IJSIA

View full text Add to dashboard Cite

XML, the Extensible Markup Language, had become an important tool for both storage and exchange of data. As the applied areas of XML had been widen gradually, the security problems of XML became a main concern. Hence, the study of access control using XML had been an important topic of security study of XML nowadays. In this paper, we would first made a brief introduction of access control using XML, and some requirements of XML access control would be included. After that, we would give a detail presentation of an access control model using XML, and point out the most significant feature of it. Finally, we analyzed the direction and difficulty in the study of access control using XML, and then illustrate the practical significance of the study.

show abstract

Generating XACML Enforcement Policies for Role-Based Access Control of XML Documents

Cited by 8 publications

References 13 publications

An Architectural Solution for Health Information Exchange

An Architectural Solution for Health Information Exchange

A Viewpoint of Security for Digital Health Care in the United States

The Study of Access Control Model Using XML

Contact Info

Product

Resources

About