The tees confidentiality model: An authorisation model for identities and roles

Jim Longstaff, Mike Lockyer, John Nicholas

Research output: Contribution to conferencePaperpeer-review

19 Citations (Scopus)


We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based Access Control (IBAC) and RBAC in novel ways. A particular feature of the model is a rigorous definition of override, for granting access to data and resources in exceptional circumstances. Despite its power, the model can be implemented by a single algorithm, as an extension to RBAC. The basis of the model is a new concept of permission, which we call Confidentiality Permission. There are five types of confidentiality permission, for granting access rights for identities and roles; also negative confidentiality permissions, for denying access to data and resources, exist. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment; however confidentiality permissions may be assigned in other ways that do not depend on collections. We use a demanding scenario from Electronic Health Records to illustrate the power of the model. We have produced several demonstrators, one of which utilises the model to control data retrieval from commercial GP and Social Services systems.

Original languageEnglish
Number of pages9
Publication statusPublished - 19 Nov 2003
Event8th ACM Symposium on Access Control Models and Technologies - Villa Gallia, Como, Italy
Duration: 2 Jun 20033 Jun 2003


Conference8th ACM Symposium on Access Control Models and Technologies
CityVilla Gallia, Como


Dive into the research topics of 'The tees confidentiality model: An authorisation model for identities and roles'. Together they form a unique fingerprint.

Cite this