Visual access control for research ecosystems

Harbach, Marian; Smith, Matthew

doi:10.1109/dest.2011.5936606

Cited by 4 publications

(5 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such a strategy may be of use in PACVIM, because it is difficult for a user to mentally keep track of the topology of his/her constantly changing healthcare EHR network. Other works propose visual languages for specifying role based access control rules for web systems [22], or describe visual approaches to manage access control for distributed research ecosystems based on a multi-purpose collaborative graph structure [23]. Individuals are enabled to visually interact with the graph and contribute to access control decisions by jointly modelling the environment's structures and policies.…”

Section: Related Workmentioning

confidence: 99%

Envisioning secure and usable access control for patients

Ferreira

Lenzini

Santos-Pereira

et al. 2014

2014 IEEE 3nd International Conference on Serious Games and Applications for Health (SeGAH)

View full text Add to dashboard Cite

Abstract-Several pilot tests show that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR.

show abstract

Section: Related Workmentioning

confidence: 99%

Envisioning secure and usable access control for patients

Ferreira

Lenzini

Santos-Pereira

et al. 2014

2014 IEEE 3nd International Conference on Serious Games and Applications for Health (SeGAH)

View full text Add to dashboard Cite

show abstract

“…• role-organizational unit relation: relationships between roles and organizational units. In contrast to other approaches (e.g., [10], [12], [29]) which also represent users as nodes in the visualization, users are presented in alphabetically order as list in another view. This design decision helps to reduce the number of the visualized links between the nodes.…”

Section: A Basic Structurementioning

confidence: 99%

“…For the visualization of the organizational structure and assignments (e.g., users to roles or permissions to roles) in access control systems, primarily node-link representations are used (see e.g., [4], [10], [12], [14], [29]). For example, Harbach and Smith [29] present an approach -called Mind Mesh -which is inspired by the Mind Maps approach [36] to present organizational information like departments/groups, their projects, users, and resources as nodes and their relationships as links. Furthermore, there exist several works that use the well-known node-link diagrams of the Unified Modeling Language (UML) to visualize the specification of the access control models (see e.g., [5], [37], [38], [39], [40]).…”

Section: Related Workmentioning

confidence: 99%

“…The reason for the popularity of node-link approaches is that they can provide a good overview of the organizational/role hierarchy and can show the relationships between nodes clearly. Often different colors for links were used to distinguish between different relationship types (see e.g., [4], [10], [29]). However, especially for a large graphs and for large number of connections between the nodes, it can happen that the graph can be cluttered and therefore it is difficult distinguish and to follow the relationships.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Who is Who: On Visualizing Organizational Models in Collaborative Systems

Kriglstein

Mangler

Rinderle-Ma

2012

Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

Access control constitutes a key technology to fulfill security requirements in Collaborative Systems (CS) by specifying access rules/rights based on organizational models that capture the structure of the participating organizations. Organizational structures and consequently the describing organizational models can become complex comprising up to thousands of involved entities and relations. Further on, the management of organizational models is no longer only confined to specialists. Hence it becomes crucial to support the management of organizational information by adequate visualizations. Specifically, querying organizational models by, for example, finding out the number of associated actors to a specific role, has to be designed in a user-friendly way in order to avoid misunderstandings or even errors. As organizations are very likely to change over time, the user-friendly presentation of the related organizational models becomes even more important. This paper presents two novel visualization approaches called OrbitFlower and OrbitList for the analysis and management of organizational models in CS. Both approaches are evaluated with experts in regard to understandability of assignments of users to their roles/organizational units and visual properties.

show abstract

“…Medical staff would benefit from time-saving workflows while strict privacy policies for medical data could be automatically adhered to. In [10], we introduced a new visual AC concept for research ecosystems, called Mind Mesh. It proposes to model access privileges visually and uses context information for access control configurations.…”

Section: Introductionmentioning

confidence: 99%

Human-centric visual access control for clinical data management

Fahl

Harbach

Smith

2012

2012 6th IEEE International Conference on Digital Ecosystems and Technologies (DEST)

Self Cite

View full text Add to dashboard Cite

This paper introduces a novel human-centric, visual, and context-aware access control (AC) system for distributed clinical data management and health information systems. Humancentricity in this context means that medical staff should be able to configure AC rules, both in a timesaving and reliable manner. Since medical data often include meta information about a patient, it is essential that an AC system only grants access requests that meet the patient's intent. Hence, it is desirable that a patient be included in the AC process. To cater for the strong security needs in the medical domain, both the AC policy creation by medical staff as well as the patient-interaction feature need to be supervised by governing policies. While traditional AC systems such as role-based access control offer sufficient security in theory, they lack in comfort and flexibility. This property does not fulfil the requirements of flexible and distributed environments. Distributed medical institutions could enormously benefit from the opportunity of dynamic AC configuration at an end-user level while adhering to legal, ethical or other privacy requirements. Hence, this paper presents a human-centric visual AC model for medical data, addressing usability, information security and patient interaction. To demonstrate our approach, an integration with the DCM4CHE open source system is presented.

show abstract

Visual access control for research ecosystems

Cited by 4 publications

References 14 publications

Envisioning secure and usable access control for patients

Envisioning secure and usable access control for patients

Who is Who: On Visualizing Organizational Models in Collaborative Systems

Human-centric visual access control for clinical data management

Contact Info

Product

Resources

About