UPM Institutional Repository

Security extensible access control markup language policy integration based on role-based access control model in healthcare collaborative environments


Teo, Poh Kuang and Ibrahim, Hamidah and Udzir, Nur Izura and Sidi, Fatimah (2011) Security extensible access control markup language policy integration based on role-based access control model in healthcare collaborative environments. American Journal of Economics and Business Administration, 3 (1). pp. 101-111. ISSN 1945-5488; ESSN: 1945-5496


Recently research is focused on security policy integration and conflict reconciliation among various healthcare organizations. Problem statement: However, challenging security and privacy risk issues still arisen during sharing sensitive patient data in different large distributed organizations. Though eXtensible Access Control Markup Language (XACML) has a powerful capacity of expression, it does not support all the elements character of RBAC. Thus, it has not been built to manage security in large distributed systems in healthcare domain since each organization may join or leave at runtime. The policy redundancy and conflict resolution are important to resolve redundancy and inconsistencies before security policies can be integrated for healthcare collaboration. Existing approaches did not look at policy redundancy and conflict resolution process based on the types of redundancy and conflict for dynamic set of organizations collaboration. Besides that, a policy integration mechanism in order to generate actual security policy integration is not in well studied. Approach: In this study, we proposed an approach for integrating security XACML policies based on RBAC policy model considering both constraints and metadata information. Besides that, an approach to filter and collect only the required policies from different organizations based on user’s integration requirements is investigated. It is important for us to resolve policy redundancy and conflicts based on the types of policy redundancy and conflicts. Results: From the observation and literature analysis, it can be concluded that our work could provide the maximum confidence for pre-compile a large amount of policies and only return the most similar policies for policy integration. Besides that, our approach proved that the more restrict policy will be generated during the policy integration. Conclusion: Our work can guarantee the completeness as well as consistency of the access control policy. It is recommended that the dynamic constraints such as dynamic Separation of Duty (SOD) should be considered because we believe this consideration can support dynamic updates and control policies in collaborative environments.

Download File

[img] PDF
Restricted to Repository staff only

Download (106kB)

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.3844/ajebasp.2011.101.111
Publisher: Science Publications
Keywords: XACML; Security policy integration; Role-based access control; Collaborative environment; Redundancy; Conflict; Separation of Duty (SOD); Discretionary Access Control (DAC)
Depositing User: Nabilah Mustapa
Date Deposited: 10 Jun 2016 08:46
Last Modified: 10 Jun 2016 08:46
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.3844/ajebasp.2011.101.111
URI: http://psasir.upm.edu.my/id/eprint/22474
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item