A framework for multiple authorization types in a healthcare application system

In most of the current authorization frameworks in applications systems, the authorization for a user operation is determined using a static database like ACL entries or system tables. These frameworks cannot provide the foundation for supporting multiple types of authorizations like emergency authorizations, context-based authorizations etc., which are required in many vertical market systems like healthcare application systems. We describe a dynamic authorization framework which supports multiple authorization types. We use the acronym DAFMAT (Dynamic Authorization Framework for Multiple Authorization Types) to refer to this framework. The DAFMAT framework uses a combination of role-based access control (RBAC) and dynamic type enforcement (DTE) augmented with a logic-driven authorization engine. The application of DAFMAT for evaluating and determining various types of authorization requests for the Admissions Discharge and Transfer System (ADT) in a healthcare enterprise is described.

[1]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  David R. Kuhn,et al.  Role Based Access Control for the World Wide Web | NIST , 1997 .

[5]  David F. Ferraiolo,et al.  Role Based Access Control for the World Wide Web , 1997 .

[6]  R. E. Smith,et al.  Using type enforcement to assure a configurable guard , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[7]  J. Hoffman Implementing RBAC on a type enforced system , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[8]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[9]  Daniel F. Sterne,et al.  Domain and type enforcement firewalls , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  John Potter,et al.  An Approach to Dynamic Domain and Type Enforcement , 1997, ACISP.