Access control based on attribute certificates for medical Intranet applications

Journal of Medical Internet Research

Volumn 3, Issue 1, 2001, Pages 110-127

  Mavridis, Ioannis ^a   Georgiadis, Christos ^a   Pangalos, George ^a   Khair, Marie ^b  

^a ARISTOTLE UNIVERSITY OF THESSALONIKI   (Greece)

^b NOTRE DAME UNIVERSITY   (Lebanon)

Author keywords

Attribute certificates; Computer security; Computerized; Digital certificates; Distributed access control; Medical records systems

Indexed keywords

ACCESS TO INFORMATION; ARTICLE; COMPUTER SYSTEM; DATA BASE; DIGITAL COMPUTER; INTRANET; MEDICAL INFORMATICS; MEDICAL RECORD;

EID: 3242684510     PISSN: 14388871     EISSN: None     Source Type: Journal    
DOI: 10.2196/jmir.3.1.e9     Document Type: Article

References (15)

1. The Computer-based Patient Record Institute. Description of the computer-based patient record (CPR) and computer-based patient record system. Prepared by the CPRI Work Group on CPR Description (WDES); May 1995 http://www.cpri.org/resource/docs/hldd.html [accessed 2000 June]
2. Gritzalis D. A baseline security policy for distributed healthcare information systems. Computers and Security 1997;16(8):709-719.
3. Lynch C. A White Paper on Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources. Coalition for Networked Information, Revised Discussion Draft, 14/4/98. http://http://www.cni. org/projects/authentication/authentication-wp.html [accessed 2000 June]
4. US Department of Health and Human Services. Health Care Financing Administration, Office of Information Services, Security and Standards Group, The HCFA Internet Communications Security and Appropriate Use Policy and Guidelines. November, 1998. http://www.hcfa.gov/security/isecplcy.htm [accessed 2000 June]
5. Farrel S, Housley R. An Internet Attribute Certificate Profile for Authorization, IETF Group, Internet Draft: draft.ietf.pkix.ac509prof-03.txt, work in progress, May 2000. http://www.ietf.org/shadow.html [accessed 2000 June]
6. Linn J, Nyström M. Attribute Certification: An Enabling Technology for Delegation and Role-Based Controls in Distributed Environments. Proceedings of the 4th ACM Workshop on RBAC; October 28-29; Fairfax, VA, USA; 1999.
7. Arsenault A, Turner S. Internet X.509 Public Key Infrastructure - PXIX Roadmap, IETF Group, Internet Draft: draft.ietf.pkix.roadmap-05.txt, work in progress, March 2000. http://www.ietf.org/shadow.html [accessed 2000 June]
8. Mavridis I, Pangalos G, Khair M, Bozios L. Defining Access Control Mechanisms for Privacy Protection in Distributed Medical Databases. Proceedings of IFIP Working Conference on User Identification and Privacy Protection; Stockholm, Sweden; 1999
9. Yialelis, N. Domain-Based Security for Distributed Object Systems [dissertation]. London (UK): Imperial College of Science; 1996.
10. Thomas KR. Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. Proceedings of the 2nd ACM workshop on Role-based access control. Fairfax, VA USA; 1997
11. Sandhu R. Role-Based Access Control, Advances in Computers, Vol.46; Academic Press; 1998
12. Mavridis I, Pangalos G, Khair M. eMEDAC: Role-based Access Control Supporting Discretionary and Mandatory Features. Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security; 1999; Seattle, Washington, USA.
13. Ceri S, Pelagatti G. Distributed Databases: Principles and Systems. New York: McGraw-Hill (NY); 1985.
14. Pernul G. Database Security, Advances in Computers, Vol.38; M.C. Yovits editor; Academic Press; 1994.
15. Oracle Corporation. Oracle8, Application Developer's Guide, Release 8.0, Part No. A58241-01; 1997.