The tees confidentiality model

An authorisation model for identities and roles

Jim Longstaff, Mike Lockyer, John Nicholas

Research output: Contribution to conferencePaperResearchpeer-review

19 Citations (Scopus)

Abstract

We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based Access Control (IBAC) and RBAC in novel ways. A particular feature of the model is a rigorous definition of override, for granting access to data and resources in exceptional circumstances. Despite its power, the model can be implemented by a single algorithm, as an extension to RBAC. The basis of the model is a new concept of permission, which we call Confidentiality Permission. There are five types of confidentiality permission, for granting access rights for identities and roles; also negative confidentiality permissions, for denying access to data and resources, exist. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment; however confidentiality permissions may be assigned in other ways that do not depend on collections. We use a demanding scenario from Electronic Health Records to illustrate the power of the model. We have produced several demonstrators, one of which utilises the model to control data retrieval from commercial GP and Social Services systems.

Original languageEnglish
Pages125-133
Number of pages9
Publication statusPublished - 19 Nov 2003
Event8th ACM Symposium on Access Control Models and Technologies - Villa Gallia, Como, Italy
Duration: 2 Jun 20033 Jun 2003

Conference

Conference8th ACM Symposium on Access Control Models and Technologies
CountryItaly
CityVilla Gallia, Como
Period2/06/033/06/03

Fingerprint

Access control
Computer systems
Health

Cite this

Longstaff, J., Lockyer, M., & Nicholas, J. (2003). The tees confidentiality model: An authorisation model for identities and roles. 125-133. Paper presented at 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy.
Longstaff, Jim ; Lockyer, Mike ; Nicholas, John. / The tees confidentiality model : An authorisation model for identities and roles. Paper presented at 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy.9 p.
@conference{578ec108861141c78df38cc3bb1a89ef,
title = "The tees confidentiality model: An authorisation model for identities and roles",
abstract = "We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based Access Control (IBAC) and RBAC in novel ways. A particular feature of the model is a rigorous definition of override, for granting access to data and resources in exceptional circumstances. Despite its power, the model can be implemented by a single algorithm, as an extension to RBAC. The basis of the model is a new concept of permission, which we call Confidentiality Permission. There are five types of confidentiality permission, for granting access rights for identities and roles; also negative confidentiality permissions, for denying access to data and resources, exist. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment; however confidentiality permissions may be assigned in other ways that do not depend on collections. We use a demanding scenario from Electronic Health Records to illustrate the power of the model. We have produced several demonstrators, one of which utilises the model to control data retrieval from commercial GP and Social Services systems.",
author = "Jim Longstaff and Mike Lockyer and John Nicholas",
year = "2003",
month = "11",
day = "19",
language = "English",
pages = "125--133",
note = "8th ACM Symposium on Access Control Models and Technologies ; Conference date: 02-06-2003 Through 03-06-2003",

}

Longstaff, J, Lockyer, M & Nicholas, J 2003, 'The tees confidentiality model: An authorisation model for identities and roles' Paper presented at 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy, 2/06/03 - 3/06/03, pp. 125-133.

The tees confidentiality model : An authorisation model for identities and roles. / Longstaff, Jim; Lockyer, Mike; Nicholas, John.

2003. 125-133 Paper presented at 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy.

Research output: Contribution to conferencePaperResearchpeer-review

TY - CONF

T1 - The tees confidentiality model

T2 - An authorisation model for identities and roles

AU - Longstaff, Jim

AU - Lockyer, Mike

AU - Nicholas, John

PY - 2003/11/19

Y1 - 2003/11/19

N2 - We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based Access Control (IBAC) and RBAC in novel ways. A particular feature of the model is a rigorous definition of override, for granting access to data and resources in exceptional circumstances. Despite its power, the model can be implemented by a single algorithm, as an extension to RBAC. The basis of the model is a new concept of permission, which we call Confidentiality Permission. There are five types of confidentiality permission, for granting access rights for identities and roles; also negative confidentiality permissions, for denying access to data and resources, exist. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment; however confidentiality permissions may be assigned in other ways that do not depend on collections. We use a demanding scenario from Electronic Health Records to illustrate the power of the model. We have produced several demonstrators, one of which utilises the model to control data retrieval from commercial GP and Social Services systems.

AB - We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based Access Control (IBAC) and RBAC in novel ways. A particular feature of the model is a rigorous definition of override, for granting access to data and resources in exceptional circumstances. Despite its power, the model can be implemented by a single algorithm, as an extension to RBAC. The basis of the model is a new concept of permission, which we call Confidentiality Permission. There are five types of confidentiality permission, for granting access rights for identities and roles; also negative confidentiality permissions, for denying access to data and resources, exist. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment; however confidentiality permissions may be assigned in other ways that do not depend on collections. We use a demanding scenario from Electronic Health Records to illustrate the power of the model. We have produced several demonstrators, one of which utilises the model to control data retrieval from commercial GP and Social Services systems.

UR - http://www.scopus.com/inward/record.url?scp=0242540373&partnerID=8YFLogxK

M3 - Paper

SP - 125

EP - 133

ER -

Longstaff J, Lockyer M, Nicholas J. The tees confidentiality model: An authorisation model for identities and roles. 2003. Paper presented at 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy.