Authorization control in collaborative healthcare systems

Journal of Theoretical and Applied Electronic Commerce Research

Volumn 4, Issue 2, 2009, Pages 88-109

  He, Daisy Daiqin ^a   Yang, Jian ^a  

^a MACQUARIE UNIVERSITY   (Australia)

Author keywords

Access control; Authorization control; Service composition; Web service collaboration; Web service security

Indexed keywords

EID: 77951063019     PISSN: None     EISSN: 07181876     Source Type: Journal    
DOI: None     Document Type: Article

References (43)

1. E. Bertino, J. Cramption, and F. Paci. Access control and authorization constraints for ws-bpel. In IEEE International Conference on Web Services (ICWS), pp. 275-284, Chicago, Illinois, USA, 2006.
2. E. Bertino, A. C. Squicciarini, and D. Mevi. A fine-grained access control model for web services. In IEEE International Conference on Services Computing, pp. 33-40, Shanghai, China, September 2004.
3. Claudio Bettini, Sushil Jajodia, X. Sean Wang, and Duminda Wijesekera. Provisions and obligations in policy management and security applications. In 28th International Conference on Very Large Data Bases (VLDB), Hong Kong, 2002.
4. R. Bhatti, E. Bertino, and A. Ghafoor. A trust-based context-aware access control model for web-services. In IEEE International Conference on Web Services, pp. 184-191, San Diego, CA, June 2004.
5. R. Bhatti, E. Bertino, A. Ghafoor, and J. Joshi. Xml-based specification for web services document security. IEEE Computer, vol. 37, no. 4, pp. 41-49, 2004.
6. R. Bhatti, J. Joshi, E. Bertino, and A. Ghafoor. Access control in dynamic xml-based web-services with x-rbac. In International Conference on Web Services, pp. 243-249, Las Vegas, Nevada, USA, June 2003.
7. P. A. Bonatti and F. Mogavero. Comparing rule-based policies. In Proceedings of 9th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 11-18, New York, USA, 2008.
8. Jung-Hwa Chae and Nematollaah Shiri. Description logic framework for access control and security in object-oriented systems. In RSFDGrC, pp. 565-573, 2007.
9. P. Chapin, C. Skalka, and X. S. Wang. Authorization in trust management: Features and foundations. ACM Computing Surveys, 2008.
10. Y. Demchenko, L. Gommans, and C. D. Laat. Using saml and xacml for complex resource provisioning in grid based applications. In 8th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 183-187, Bologna, Italy, June 2007.
11. H. Grain. E-consent design and implementation issues for health informationmanagers. Health Information Management, vol. 33, no. 3, pp. 84-88, 2004.
12. D. D. He, M. Compton, K. Taylor, and J. Yang. Access control: What is required in business collaboration? In 2009 Australian Database Conference (ADC 2009), Wellington, Newzealand, January 2009.
13. D. D. He and J. Yang. A policy driven authorization control framework for business collaboration. In IEEE SCW, pp. 17-24, Salt Lake City, Utah, USA, July 2007.
14. D. D. He and J. Yang. Security policy specification and integration in business collaboration. In 2007 IEEE International Conference on Services Computing (SCC 2007), pp. 20-27, Salt Lake City, Utah, USA, July 2007.
15. A. R. Hevner, S. T. March, J. Park, and S. Ram. Design science in information systems research. MIS Quarterly, vol. 28, no. 1, pp. 75-105, 2004.
16. S. Indrakanti, V. Varadharajan, and M. Hitchens. Authorization service for web services and its application in a health care domain. International Journal of Web Services Research, vol. 2, no. 4, pp. 94-119, 2005.
17. L. Kagal, M. Paolucci, N. Srinivasan, K. Sycara, and G. Denker. Authorization and privacy for semantic web services. IEEE Intelligent Systems, vol. 19, no. 4, pp. 50-56, 2004.
18. A. A. E. Kalam, R. E. Baide, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miege, C. Saurel, and G. Trouessin. Organization based access control. In IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 120-131, Villa Olmo, Lake Como, Italy, 2003.
19. H. K. Kim, R. Y. Lee, and H. S. Yang. Frameworks for secured business process management systems. In 4th InternationalConference on Software EngineeringResearch, Management and Applications (SERA'06), pp. 57-65, Seattle, Washington, USA, 2006.
20. A. Laroia. Web services and xml: Leveraging web services to connect the healthcare enterprise. (2002, April) EbizQ. [Online]. Available: http://www.ebizq.net/topics/webservices/features/1546.html.
21. D. Liu, S. Nepal, D. Moreland, S. Chen, C. Wang, and J. Zic. Secure and conditional resource coordination for successful collaborations. In Proceedings of International Conference on Collaborative Computing, Florida, USA, 2008.
22. P. Liu and Z. Chen. An access control model for web services in business process. In IEEE/WIC/ACM International Conference on Web Intelligence, pp. 292-298, Beijing, China, 2004.
23. Saravanan Muthaiyah and Larry Kerschberg. Dynamic integration and semantic security policy ontology mapping for semantic web services (sws). In ICDIM, pp. 116-120, 2006.
24. OASIS. (2005) Ws-secureconversation 1.3. [Online]. Available: http://www.oasisopen.org/ws-sx/ws-secureconversation/200512/ws-securecon versation-1.3-os.doc.
25. OASIS. (2006) Security assertion markup language (saml). [Online]. Available: http://saml.xml.org/samlspecifications.
26. OASIS. (2006) Ws-security core specification 1.1. [Online]. Available: http://www.oasisopen.org/committees/download.php/16790/wss-v1.1-os-SOAPM essageSecurity.pdf.
27. OASIS. (2006) Ws-trust 1.3. [Online]. Available: http://docs.oasis-open.org/ws-sx/ws-trust/200512.
28. Clarke R. A critical element of trust in e-business. In 15th Bled Electronic Commerce Conference, Bled, Slovenia, 2002.
29. R. S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-based access control models. IEEE Computer, vol. 29, no. 2, pp. 38-47, 1996.
30. M. Shehab, K. Bhattacharya, and A. Ghafoor. Web services discovery in secure collaboration environments. ACM Transactions on Internet Technology, 2007.
31. Brian Shields and Owen Molloy. Using description logic and rules to determine xml access control. In DEXA Workshops, pp. 718-724, 2007.
32. R. Simon and M. E. Zurko. Separation of duty in role-based environments. In 10th Computer Security FoundationsWorkshop (CSFW'97), p. 183, Rockport, Massachusetts, USA, 1997.
33. E. G. Sirer and K. Wang. An access control language for web services. In SACMAT, pp. 23-30, 2002.
34. H. Skogsrud, B. Benatallah, and F. Casati. Trust-serv: Model-driven lifecycle management of trust negotiation policies for web services. In 13th World Wide Web Conf. (WWW 2004), New York, USA, May 2004.
35. M. Srivatsa, A. Iyengar, T. Mikalsen, I. Rouvellou, and J. Yin. An access control system for web service compositions. In Proceedings of International Conference on Web Services, Salt Lake City, UT, July 2007. IEEE.
36. R. K. Thomas and R. S. Sandhu. Task-based authorization controls (tbac): A family of models for active and enterprise-oriented authorization management. In 11th International Conference on Database Security, pp. 166-181, California, USA, 1997.
37. W. Tolone, G. J. Ahn, T. Pai, and S. P. Hong. Access control in collaborative systems. ACM Computing Surveys, 2005.
38. W3C. (2006) Web services policy 1.2-framework(ws-policy). [Online]. Available: http://www.w3.org/Submission/WS-Policy/.
39. H. Wang, S. Jha, M. Livny, and P. D. McDaniel. Security policy reconciliation in distributed computing environments. In Proceedings of 5th IEEE InternationalWorkshop on Policies for Distributed Systems and Networks, pp. 137-147, 2004.
40. J. Wang. A web services secure conversation establishment protocol based on forwarded trust. In International Conferences on Web Services (ICWS), pp. 569-576, Chicago, Illinois, USA, 2006.
41. K. T. Win, P. Croll, and J. Cooper. Privacy, confidentiality and consent of electronic health record systems. In HIC 2003 RACGP12CC, pp. 65-71, Australia, 2003.
42. S. S. Yau and Z. Chen. Security policy integration and conflict reconciliation for collaborations among organizations in ubiquitous computing environments. In Proceedings of the 5th International Conference on Ubiquitous Intelligence and Computing, Oslo, Norway, 2008.
43. X. Zhang, M. Nakae, M. J. Covinton, and R. S. Sandhu. Toward a usage-based security framework for cllaborative computing systems. ACM Transactions on Information and System Security (TISSEC), 2008.