Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Title:||A Framework for Multiple Authorization Types in a Healthcare Application System|
|Published:||January 01, 2001|
|Abstract:||In most of the current authorization frameworks in application systems, the authorization for a user operation is determined using a static database like ACL entries or system tables. These frameworks provide cannot provide the foundation for supporting multiple types of authorizations like Emergency Authorizations, Context-based Authorizations etc, which are required in many vertical market systems like healthcare application systems. In this paper we describe a dynamic authorization framework which supports multiple authorization types. We use the acronym DAFMAT (Dynamic Authorization Framework for Multiple Authorization Types) to refer to this framework. The DAFMAT framework uses a combination of Role-based Access Control (RBAC) and Dynamic Type Enforcement (DTE) augmented with a logic-driven authorization engine. The application of DAFMAT for evaluating and determining various types of authorization requests for the Admissions, Discharge and Transfer System (ADT) in a healthcare enterprise is described.|
|Citation:||Computer Security Applications Conference|
|Keywords:||authorization engine,domain type enforcement,hybrid access control model,role-based access control|