Abstract. IT enforced access control policies in medical information systems have to be fine-grained and dynamic. We justify this observation on the basis of legislation and on the basis of the evolution within the healthcare domain. Consequently, a reconfigurable or at least adaptable implementation of access control facilities has become extremely important. For this purpose, current technology provides insufficient support. We highlight a basic solution to address shortcomings by using interception techniques. In addition, we identify further research that is required to address the challenges of dynamic and fine-grained access control in the long run.
One of the hurdles in the enforcement of access control remains the translation of the organization's high level policy, that drives the access control decisions, down to technology specific deployment descriptors, configuration files and code. This huge gap between the high level policy and the access logic has as a consequence that it is hard to trace implementation fragments to the actual requirement they contribute to, and to support evolution. The notion of an access interface is introduced as a contract between the authorization engine and the various applications using its services. A socalled view connector makes sure that the application behaves consistently with this contract. The implementation is based on aspect orientation, rendering the whole design more robust in the light of unanticipated changes.
Ideally, the enforcement of application-specific policies in an access control service should be untangled from the application logic. The access control services that are provided in state-of-the-art application servers typically fail to support such a separation. Aspect-Oriented Software Development techniques can be used to alleviate such shortcomings. This paper describes the design and implementation of a modular access control service that improves the separation between application logic and access control. The prototype has been implemented in CaesarJ.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.