Modelling privilege management and access control

Abstract

For establishing trustworthiness in advanced architectures for future-proof health information systems being open, flexible, scaleable, portable, and semantically interoperable, security and privacy services needed must be designed as an inherent part of the architecture. Such architecture has to meet the paradigms of distribution, component orientation, formal modelling, separation of logical and technological aspects, etc. In model-driven architectures components providing security and privacy services have to be specified using the same methodology of formal models with meta-languages as expression means, as deployed in computational, technical, or medical domains. The resulting approach must be based on the ISO Reference Model-Open Distributed Processing. Currently, standards developing organisation are defining emerging tasks and standards for semantic interoperability and trustworthy collaboration for advanced health information systems. Communication security issues have been specified and implemented, while application security challenges such as privilege management and access control are still under development. Therefore, a series of formal models have been developed by the authors covering, e.g. domains, service delegation, claims control, policies, roles, authorisations, and access control. The required models are introduced and interpreted in a generic way. The crucial concept of security policy and its relationship to the other concepts has been considered in detail. Based on formal models, security services can be integrated into advanced systems architectures enabling semantic interoperability in the context of trustworthiness of communication and co-operation.