A GENERAL MODEL OF AUTHORISATION FOR COMPLEX COMPUTING APPLICATIONS

Jim Longstaff, Mike Lockyer, Tony Howitt, Ian Elcoate

Abstract

We present the principles of permissions processing used in the Tees Confidentiality Model (TCM), ageneral authorisation model which is suitable for complex web applications in addition to computer systems administration. In particular, we present new techniques for authorising by multiple concepts, and also for overriding access restrictions. A database implementation of the TCM is referred to, which can be used to provide the basis for a general authorisation service. The TCM is an extension of Role-Based Access Control (RBAC), and has had a significant impact on the development of healthcare computing in the UK. A demanding scenario from Electronic Health Records is used to illustrate the permissions processing and the power of the model.

References

  1. Longstaff JJ, 2003a. Longstaff JJ, Lockyer MA, Nicholas J. The Tees Confidentiality Model: an authorisation model for identities and roles, ACM SACMAT 2003, Como, Italy, ACM ISBN 1-58113- 681-1.
  2. Longstaff JJ, 2003b. Longstaff JJ, Lockyer MA, Nicholas J. An Authorisation Model for complex web applications, ISSE 2003 Conference and Procedings, www.eema.org/isse.
  3. Longstaff JJ, 2002. Longstaff JJ, Thick MG, Capper G, Lockyer MA. Eliciting and recording eHR/ePR Patient Consent in the context of the Tees Confidentiality Model, HC2002 Conference, Harrogate, England.
  4. Gaunt N, 2005. UK NHS Care Records Guarantee http://www.e-healthinsider.com/tc_domainsBin/Document_Library0282/ /nhscr_guaranteev1.pdf
  5. NPfIT, 2003. Integrated Care Records Service, Output Based Specification. National Programme for IT, England, http://www.dh.gov.uk/assetRoot/04/05/50/52/04055 052.pdf
  6. NPfIT, 2005. National Programme for IT, 2005, www.npfit.nhs.uk
  7. Ferraiolo DF, 2001. Ferraiolo D F, Sandhu R, Gavrila S, Kuhn D R, Chandramouli R (2001) “Proposed NIST Standard for Role-Based Acess Control”, ACM TISSEC, Vol 4, No 3.
  8. ANSI INCITS. 2004. ANSI INCITS 359-2004, American National Standard for Information Technology: Role Based Access Control www.incits.org
Download


Paper Citation


in Harvard Style

Longstaff J., Lockyer M., Howitt T. and Elcoate I. (2005). A GENERAL MODEL OF AUTHORISATION FOR COMPLEX COMPUTING APPLICATIONS . In Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE, ISBN 972-8865-32-5, pages 74-79. DOI: 10.5220/0001421200740079


in Bibtex Style

@conference{icete05,
author={Jim Longstaff and Mike Lockyer and Tony Howitt and Ian Elcoate},
title={A GENERAL MODEL OF AUTHORISATION FOR COMPLEX COMPUTING APPLICATIONS},
booktitle={Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE,},
year={2005},
pages={74-79},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001421200740079},
isbn={972-8865-32-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE,
TI - A GENERAL MODEL OF AUTHORISATION FOR COMPLEX COMPUTING APPLICATIONS
SN - 972-8865-32-5
AU - Longstaff J.
AU - Lockyer M.
AU - Howitt T.
AU - Elcoate I.
PY - 2005
SP - 74
EP - 79
DO - 10.5220/0001421200740079