Computational and Mathematical Methods in Medicine

Research Article

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

Box 1

Specifications for user requests.

?xml version="1.0" encoding="UTF-8">
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false">
<Attributes Category="subject-category:access-subject">
<Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
<AttributeValue DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">[email protected]</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute IncludeInResult="false"AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI">file://example/med/record/patient/BartSimpson
</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
</Attribute>
</Attributes>
<!- - treatment - ->
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:treatment">
<Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:treatment:treatment-id">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> administration of oxygen
</AttributeValue>
</Attribute>
</Attributes>
<!- - context_level - ->
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:context_level">
<Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:context_level:context_level-id">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">emergency</AttributeValue>
</Attribute>
</Attributes>
</Request>