Authorization Control in Collaborative Healthcare Systems

By He, Daisy Daiqin; Yang, Jian | Journal of Theoretical and Applied Electronic Commerce Research, August 2009 | Go to article overview

Authorization Control in Collaborative Healthcare Systems


He, Daisy Daiqin, Yang, Jian, Journal of Theoretical and Applied Electronic Commerce Research


Abstract

Modern healthcare systems require collaborations between individual social entities such as hospitals, medical centers, emergency services and community services. One of the most critical issues in this setting is security and privacy, i.e., who can access what and based on which condition(s). In the healthcare system that crosses different administrative domains, each business unit has its own security policies defined and enforced. Therefore the challenge is how security policies shall be specified, compared and integrated if necessary depending on the nature of the inter-domain collaboration. In this paper, we discuss the challenging access control issues in cross-domain healthcare systems. A framework is provided to support authorization control in such an environment, which takes collaboration semantics into account, as well as individual participant's authorization policies.

Key words: Authorization Control, Access Control, Service Composition, Web Service Collaboration,Web Service Security

(ProQuest: ... denotes formulae omitted.)

1 Introduction

1.1 Security Issues in Business Collaboration

Ankur Laroia from Southern Union Company recorded the following comments: 'People often forget that healthcare is a many-to-many business. You are not just connecting a hospital to a handful of its branch clinics but to an array of internal and external data sources and applications,' notes Leo Sayavedra, an executive at the Sequence Group, an IT consulting company specializing in systems integration. Each healthcare provider, he says, is an information node that sends and receives transactions to entities outside its firewall [20].

In a complex environment like healthcare, countless interactions are carried out among numerous hospitals and institutes in different forms and based on different devices and systems. Technologies are needed to support seamless, secure and dynamic inter-organizational collaborations. Emerging Web Service technologies have provided technological support for collaborations that cross organizational boundaries. However, security concerns become one of the main barriers that prevent widespread adoption of the new technologies. Authorization control in web services, particularly in collaborative environment is an area that has not seen many developments.

Security control in inter-organizational collaboration has different focus from single organization environments. In a single organization, the authorization control policy can be defined in terms of roles and their privileges with the adoption of Role Based Access Control (RBAC) [29]. Given a request to access a resource or perform an operation, the policy is enforced by analyzing the credentials of the requester and the decision is made on whether the requester can perform the requested actions.

Inter-organizational collaborations in distributed environment, like healthcare, has the following characteristics. Firstly, each organizationmanages its own resources and defines its own authorization policies based on its own interest. Secondly, individual participating organization can join and leave a collaboration at anytime. Thirdly, an organization can play different roles in a collaboration, it can be a service owner, an agent, or a consumer. An organization can also play several roles at a time. Different roles can imply differences on control power of the participant over the collaboration. Fourthly, organizations collaborate with each other in various ways, which require different security control. Due to the nature of the collaboration as just analyzed above, the following issues can happen:

* Unauthorized Service Propagation: in inter-organizational collaboration, a service can be accessed by a party who can pass the access rights to other parties. It is important to understand whether and under what conditions the privilege are allowed to be forwarded to other parties. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Authorization Control in Collaborative Healthcare Systems
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.