Abstract
OASIS is a non-for-profit consortium that drives the development convergence and adoption of open standards for the global information society. It involves more than 600 organizations and individuals as well as IT leaders Sun, Microsoft, IBM and Oracle. One of its standards is XACML which appeared a few years ago and now there are about 150,000 hits on Google. XACML (eXtensible Access Control Markup Language) is not technology related. Sun published in 2004 open source Sun XACML which is in compliance with XACML 1.0. specification and now works to make it comply with XACML 2.0. The heart of XACML are attributes values of defined type and name that is to be attached to a subject, a resource, an action and an environment in which a subject request action on resource. In that way XACML is to replace Role Based Access Control which dominated for years. The paper examines performances in CEN 13 606 and ISO 22 600 based healthcare system which uses XACML for access control.
Similar content being viewed by others
References
Bussiness Wire. http://www.allbusiness.com/technology/software-services-applications-information/8943546-1.html. Accessed May 2008.
Access Control, X.A.C.M.L.: Under Control, Sun Report. http://research.sun.com/spotlight/2005_11_01-XACML.html. Accessed October 2008.
NEHTA recommendation. http://www.nehta.gov.au.
CEN ENV 13 606 Extended Architecture. http://www.centc251.org/WGI/N-documents/WGI-N04-24-prEN_13606-1_(E)preENQ.pdf. Accessed June 2007.
ISO 22 600. Access Control in Healthcare Information Systems.
Anderson, A., A comparison of two privacy policy languages: EPAL and XACML. http://research.sun.com/techrep/2005/smli_tr2005-147.pdf.
Sun’s XACML Implementation. http://sunxacml.sourceforge.net/.
Artemis Project. http://www.srdc.metu.edu.tr/webpage/projects/.
National Library of Medicine: Unified Medical Language System, Semantic Network. http://www.nlm.nih.gov/research/umls/meta3.html.
National Library of Medicine: Unified Medical Language System, Metathesaurus. http://www.nlm.nih.gov/research/umls/meta2.html.
Sucurovic, S., Implementing security in a distributed web based EHCR. Int. J. Med. Inform491–496, 2007. doi:10.1016/j.ijmedinf.2006.09.017.
Sucurovic, S., and Jovanovic, Z., Java cryptography & attribute certificate management. Dr. Dobb’s Journal, October 2006.
Acknowledgement
The authors would like to thank Mr. Zoran Ivancajic for his overall support.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sucurovic, S. An Approach to Access Control in Electronic Health Record. J Med Syst 34, 659–666 (2010). https://doi.org/10.1007/s10916-009-9279-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-009-9279-4