[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fwd: Re: ideas about the decision interface

To: hrac-rfp@cs.fiu.edu
Subject: Re: fwd: Re: ideas about the decision interface
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Mon, 13 Jul 1998 15:00:11 -0400 (EDT)
In-Reply-To: <199807131833.OAA16980@sdct-sunsrv1.ncsl.nist.gov>
Reply-To: Konstantin Beznosov <beznosov@baptisthealth.net>
Sender: owner-hrac-rfp@cs.fiu.edu

> <it's correct. The question is whether resource space should be structured
> (i.e. <be not flat). There are pros and cons on either side. For example,
> since the <RFP is healthcare specific and most of the resources in
> healthcare are <patient-centric, I can see a lot of sense to explicitly have
> resource space <structured so that patient ID, according to PIDS, can be
> obtained in a <standard/specified way.
> 
> If I understand what you are saying, I think we have violent 
> agreement. The fact that the interface only
> knows about flat resources with at least the operations CREATE, READ,
> WRITE, USE, and DELETE does not preclude an implementation from having
> resources with dimensionality like a relational database. The implementation
> maps dimensioned resources to flat for the interface but the interface
> client may know that they are dimensioned.

Probably I did not express well what I was asking about. The issue is if we
want the access decision object to be aware about the resource space structure.

If not, then the notion of wild-cards can not be used in the decision rules.
Let me explain what I mean by the wild-cards in decision rules.

For example, let's assume, that we have authorization policies based on
security labels and each piece of patient medical records has a sensitivity
label from the set <public, sensitive, confidential, private>. Then, we want to
be able to express some rules in the way resembling the following statement:

Patient's attending physician has READ access to 'confidential' parts of the
patient records.

The statement above, in my opinion, uses implicitly the notion of wild-cards.
In order to evaluate such a rule, the decision facility should be able, besides
other things, to analyze the resource and find out the resource sensitivity
label. Also it needs to find out the relationship between the originating
principal (we assume the principal is associated with a human-been) and the
patient associated with this resource (a resource owner, in other words). In
order to do it, the decision facility has to understand to some degree (i.e.
probably not completely) the resource semantics. I can see only one way to do
it: structure the resource and to give the decision facility an ability to
parse the data packaged in the resource and, if possible, to find information
like patient ID of the resource owner and sensitivity label associated with
that resource. It does not necessary mean that the decision facility has to
understand all information packaged in the parameter "resource".

What do you think?

Konstantin

----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

References:
- Re: fwd: Re: ideas about the decision interface
  - From: barkley@sdct-sunsrv1.ncsl.nist.gov (John Barkley)

Prev by Date: Re: fwd: Re: ideas about the decision interface
Next by Date: Re: fwd: Re: ideas about the decision interface
Prev by thread: Re: fwd: Re: ideas about the decision interface
Next by thread: Re: fwd: Re: ideas about the decision interface
Index(es):
- Date
- Thread