Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control for Health Applications EHI Connecting Communities Forum April 11, 2006 Don Grodecki Browsersoft, Inc.

Published byEmma Wood Modified over 8 years ago

Similar presentations

Presentation on theme: "Access Control for Health Applications EHI Connecting Communities Forum April 11, 2006 Don Grodecki Browsersoft, Inc."— Presentation transcript:

1 Access Control for Health Applications EHI Connecting Communities Forum April 11, 2006 Don Grodecki Browsersoft, Inc.

2 2 OpenHRE Open Source Health Records Exchange –http://openhre.orghttp://openhre.org Open Source software toolkit for building a Health Records Exchange within a RHIO and between RHIOs Developed by Browsersoft Inc. –http://browsersoft.comhttp://browsersoft.com

3 3 OpenHRE Used to build SHARE for the Alliance for Rural Community Health (ARCH) in Mendocino California –http://ruralcommunityhealth.orghttp://ruralcommunityhealth.org Used by the Mendocino HRE for the Markle Connecting for Health (CfH) Record Locator Service (RLS) project. –http://mendocinohre.orghttp://mendocinohre.org –http://www.connectingforhealth.orghttp://www.connectingforhealth.org

4 4 OpenHRE Used by the Mendocino HRE for the ONC NHIN Prototype project, as part of the CSC/CfH team. –http://www.hhs.gov/healthithttp://www.hhs.gov/healthit

5 5 OpenHRE Consists of three main services: –Record Locator Service (RLS) –Record Exchange Service (RES) –Authentication and Access Control Service (AACS) We will concentrate here on the AACS

6 6 Current Practice Role-Based Authorization Users are assigned one or more Roles Access to information and operations is controlled by Role That’s about it!

7 7 Access Control in OpenHRE Access to information and operations controlled by: –IP Address –Role –Group –Information Content Security Policies expressed in XACML –OASIS eXtensible Access Control Markup Language

8 8 Access Control in OpenHRE Access Control Administration is available via a Web Application

9 9 Access Control Relationships

10 10 User Settings The usual stuff...

11 11 Optional User Settings Not quite so usual...

12 12 Allowed IP Addresses Users must access via an IP Address that is within one of the specified ranges. If no IP Addresses are specified, then the user can access from anywhere, but, as we shall see, we can limit their access permissions.

13 13 Groups Orthogonal to Roles Groups can have allowed IP Addresses Coming in via a different IP temporarily removes the User from a Group

14 14 Roles Roles seem to be as expected...

15 15 Role Details But there is more to them … Roles apply Rules to a Resource

16 16 Rule Details Rules Permit or Deny an Action on a Resource to Individuals or Groups A Rule’s Resources are a subset of its Role’s Resources

17 17 Implementation The Admin web application creates XACML files that describe the policies it supports, including the details input by the user. Directed by the generated XACML, Sun’s XACML interpreter examines the supplied data and grants or denies permission. –http://sunxacml.sourceforge.nethttp://sunxacml.sourceforge.net Policies outside of what is possible using the Admin app can be specified by editing the XACML directly.

18 18 XACML Examples This fragment specifies that permission will be granted if the user has the “read” Action. … read …

19 19 XACML Examples This fragment specifies that “read” will be granted if the resource-id matches “clinic2” and the User is in the “MC2” Group: … DNS:Arch.org://OTHER:/clinic2/ … read … MC2 …

Download ppt "Access Control for Health Applications EHI Connecting Communities Forum April 11, 2006 Don Grodecki Browsersoft, Inc."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Overview of the Connecting for Health Common Framework Privacy and Confidentiality Workshop eHealth Initiative and Vanderbilt Center for Better Health.

Overview of the Connecting for Health Common Framework Privacy and Confidentiality Workshop eHealth Initiative and Vanderbilt Center for Better Health.
1 Authorization XACML – a language for expressing policies and rules.

1 Authorization XACML – a language for expressing policies and rules.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
New Challenges for Access Control April 27, 2005 1 Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.

New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lecture 7 Access Control

Lecture 7 Access Control
Understanding Active Directory

Understanding Active Directory
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Similar presentations

Ads by Google