E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.
Third International Conference, ISA 2009 Seoul, Korea, June 25-27, 2009 Proceedings
Field of Research
080402 Data Encryption
Socio Economic Objective
890205 Information Processing Services (incl. Data Entry and Capture)