Abstract
This paper presents the Tees Confidentiality Model, an authorisation model which is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity-Based Access Control (IBAC) and Role-Based Access Control (RBAC) in novel ways. The model is based on a range of permission types, called Confidentiality Permission Types, which are processed in a defined order. Confidentiality Permissions may have negative values (ie they may deny access), and may be overridden by authorised users in carefully specified ways. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment. We use a demanding scenario from Electronic Health Records to illustrate the power of the model.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
