nigel.stanger / Digital_Repository
Transfer to URL with SHA Find file
Newer
Older
Digital_Repository / Misc / Mass downloads / UTas / 783.html
Nigel Stanger on 7 May 2013 29 KB - Imported Misc directory.
Raw Blame History 
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  2. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  3. <html>
  4.   <head>
  5.     <title>UTas ePrints - Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System</title>
  6.     <script type="text/javascript" src="http://eprints.utas.edu.au/javascript/auto.js"><!-- padder --></script>
  7.     <style type="text/css" media="screen">@import url(http://eprints.utas.edu.au/style/auto.css);</style>
  8.     <style type="text/css" media="print">@import url(http://eprints.utas.edu.au/style/print.css);</style>
  9.     <link rel="icon" href="/images/eprints/favicon.ico" type="image/x-icon" />
  10.     <link rel="shortcut icon" href="/images/eprints/favicon.ico" type="image/x-icon" />
  11.     <link rel="Top" href="http://eprints.utas.edu.au/" />
  12.     <link rel="Search" href="http://eprints.utas.edu.au/cgi/search" />
  13.     <meta content="de la Motte, Leigh" name="eprints.creators_name" />
  14. <meta content="Hartnett, Jacky" name="eprints.creators_name" />
  15. <meta content="lhdela@utas.edu.au" name="eprints.creators_id" />
  16. <meta content="J.Hartnett@utas.edu.au" name="eprints.creators_id" />
  17. <meta content="conference_item" name="eprints.type" />
  18. <meta content="2007-02-19" name="eprints.datestamp" />
  19. <meta content="2008-01-08 15:30:00" name="eprints.lastmod" />
  20. <meta content="show" name="eprints.metadata_visibility" />
  21. <meta content="Using a Client-Task Based Approach to Achieve a
  22. Privacy Compliant Access Control System" name="eprints.title" />
  23. <meta content="pub" name="eprints.ispublished" />
  24. <meta content="280103" name="eprints.subjects" />
  25. <meta content="public" name="eprints.full_text_status" />
  26. <meta content="paper" name="eprints.pres_type" />
  27. <meta content="Health Informatics, Medical Records, Privacy, Access Control, Computer Security, Workflow Management, Consent, Roles" name="eprints.keywords" />
  28. <meta content="This paper seeks a solution to the problem of assuring the privacy of low value client information such as that maintained by a hospital. The proposed solution involves the development of a compliant low-cost system. It is based on the fundamental requirement that such a system needs to provide integration, generalization and inbuilt consent. Integration brings together the technical, managerial and regulatory components of an organisation's system. Generalization provides all the access control functionalities that are necessary for the system to be
  29. useful in a diverse range of organisations. Inbuilt consent ensures that data owners consent to the use of their personally identified data. The Integrated System proposed here uses a Client-Task approach. It is based on the observation that a client is not a user of the system yet has a form of ownership over their personally identified data held within the system. Furthermore, in industries such as health, it is often the professionals and managers who determine who has access rather than systems administrators." name="eprints.abstract" />
  30. <meta content="2006-10" name="eprints.date" />
  31. <meta content="published" name="eprints.date_type" />
  32. <meta content="9" name="eprints.pages" />
  33. <meta content="1st Electronic Health Privacy and Security Symposium EhPASS2006" name="eprints.event_title" />
  34. <meta content="Brisbane, Australia" name="eprints.event_location" />
  35. <meta content="24-25 Oct 2006" name="eprints.event_dates" />
  36. <meta content="conference" name="eprints.event_type" />
  37. <meta content="UNSPECIFIED" name="eprints.thesis_type" />
  38. <meta content="TRUE" name="eprints.refereed" />
  39. <meta content="1. Al-Kahtani, M.A. and Sandhu, R., A Model for
  40. Attribute-Based User-Role Assignment. in 18th Annual
  41. Computer Security Applications Conference, (Las
  42. Vegas, Nevada, USA, 2002), IEEE, 353.
  43. 2. Alotaiby, F.T. and Chen, J.X., A Model for Team-based
  44. Access Control (TMAC 2004). in International
  45. Conference on Information Technology: Coding and
  46. Computing (ITCC'04), (Las Vegas, Nevada, USA,
  47. 2004), IEEE.
  48. 3. Atluri, V. and Warner, J., Supporting Conditional
  49. Delegation in Secure Workflow Management Systems.
  50. in Symposium on Access Control Models and
  51. Technologies 2005, (Stockholm, Sweden, 2005), ACM
  52. Press, New York, NY, USA, 59-66.
  53. 4. Bacon, J., Moody, K. and Yao, W. A Model of OASIS
  54. Role-Based Access Control and Its Support for Active
  55. Security. ACM Transactions on Information and System
  56. Security, Vol. 5 (No. 4). 492-540.
  57. 5. Beresnevichiene, Y. A role and context based security
  58. model, University of Cambridge Computer Laboratory,
  59. Cambridge, 2003.
  60. 6. Bertino, E., Ferrari, E. and Atluri, V. The Specification
  61. and Enforcement of Authorization Constraints in
  62. Workflow Management Systems. ACM Transactions on
  63. Information and System Security, Vol. 2 (No. 1). 65-104.
  64. 7. Botha, R.A. and Eloff, J.H.P. Separation of duties for
  65. access control enforcement in workflow environments.
  66. IBM Systems Journal, 40 (3). 666-682.
  67. 8. Caelli, W. and Rhodes, A. RBACManager:
  68. Implementing a Minimal Role Based Access Control
  69. Scheme (RBACM) Under the Windows NT 4.0
  70. Workstation® Operating System, 1999.
  71. 9. Chen, F. and Sandhu, R.S., Constraints for role-based
  72. access control. in Symposium on Access Control Models
  73. and Technologies, (Gaithersburg, Maryland, US, 1996),
  74. ACM Press, New York, NY, USA.
  75. 10. Clark, D.D. and Wilson, D.H., A Comparison of
  76. Commercial and Military Computer Security Policies.
  77. in IEEE Computer Society Symposium on Security and
  78. Privacy, (Oakland, USA, 1987).
  79. 11. Clarke, R., e-Consent: A Critical Element of Trust in e-
  80. Business. in 15th Bled Electronic Commerce
  81. Conference, (Bled, Slovenia, 2002).
  82. 12. Cohen, E., Thomas, R.K., Winsborough, W. and
  83. Shands, D., Models for Coalitionbased Access Control
  84. (CBAC). in Seventh ACM symposium on Access control
  85. models and technologies, (Monterey, California, USA,
  86. 2002), ACM Press, 97-106.
  87. 13. Coiera, E. and Clarke, R. e-Consent: The Design and
  88. Implementation of Consumer Consent Mechanisms in
  89. an Electronic Environment. Journal of the American
  90. Medical Informatics Association, 11 (2). 129-140.
  91. 14. Crook, R., Ince, D. and Nuseibeh, B., Towards an
  92. Analytical Role Modelling Framework for Security
  93. Requirements. in 8th International Workshop on
  94. Requirements Engineering: Foundation for Software
  95. Quality (REFSQ-02), (Essen, Germany, 2002).
  96. 15. de la Motte, L. Professional Access Control School of
  97. Computing, University of Tasmania, Launceston, 2004.
  98. 16. Desmond, J. Roles or Rules: The Access Control
  99. Debate, esecurityplanet, 2003.
  100. 17. El Kalam, A.A., Baida, R.E., Balbiani, P., Benferhat, S.,
  101. Cuppens, F., Deswarte, Y., Miege, A., Saurel, C. and
  102. Trouessin, G., Organisation based access control. in 4th
  103. International IEEE Workshop on Policies for
  104. Distributed Systems and Networks, (Lake Como, Italy,
  105. 2003), IEEE, 120-131.
  106. 18. Fernandez, R. Enterprise Dynamic Access Control
  107. (EDAC) Overview, SSC San Diego, 2005.
  108. 19. Ferraiolo, D. Evolution of Access Control in
  109. Commercial Products, 2003.
  110. 20. Ferraiolo, D. and Kuhn, R., Role-Based Access Control.
  111. in 15th National Computer Security Conference,
  112. (Baltimore, MD, 1992).
  113. 21. Ferraiolo, D.F., Ahn, G.-J., R.Chandramouli and
  114. Gavrila, S.I., The Role Control Center: Features and
  115. Case Studies. in 8th ACM Symposium on Access
  116. Control Models And Technologies, (Como, Italy, 2003),
  117. ACM Press New York, NY, USA, 12 - 20.
  118. 22. Fischer-Hubner, S. and Ott, A., From a Formal Privacy
  119. Model to its Implementation. in 21st National
  120. Information Systems Security Conference, (Arlington,
  121. VA, 1998).
  122. 23. Georgiadis, C.K., Mavridis, I., Pangalos, G. and
  123. Thomas, R.K., Flexible Team-Based Access Control
  124. Using Contexts. in SACMAT '01, (Chantilly, Virginia,
  125. USA, 2001), ACM, 21-27.
  126. 24. HealthConnect. Consent and Electronic Health Records
  127. - A Discussion Paper, 2002.
  128. 25. Hung, P.C.K. and Karlapalem, K., A Secure Workflow
  129. Model. in Australasian Information Security Workshop
  130. (AISW2003), (Adelaide, Australia, 2003), Australian
  131. Computer Society, Inc. - Conferences in Research and
  132. Practice in Information Technology.
  133. 26. Kern, A. and Walhorn, C., Rule Support for RoleBased
  134. Access Control. in Symposium on Access Control
  135. Models and Technologies 2005, (Stockholm, Sweden,
  136. 2005), ACM Press, New York, NY, USA, 130-138.
  137. 27. Lampson, B.W. Computer Security in the Real World,
  138. 2002.
  139. 28. Li, N. and Mitchell, J.C., Design of a Role-based Trustmanagement
  140. Framework. in IEEE Symposium on
  141. Security and Privacy, 2002, (2002), IEEE.
  142. 29. Li, N. and Mitchell, J.C., RT: A Role-based Trustmanagement
  143. Framework. in Third DARPA Information
  144. Survivability Conference, (2003).
  145. 30. NCSC. A Guide to Understanding Discretionary Access
  146. Control in Trusted Systems (Neon Orange Book), 1987.
  147. 31. Neumann, G. and Strembeck, M., An Approach to
  148. Engineer and Enforce Context Constraints in an RBAC
  149. Environment. in SACMAT '03, (Como, Italy, 2003),
  150. ACM, 65-79.
  151. 32. OECD. OECD Guidelines on the Protection of Privacy
  152. and Transborder Flows of Personal Data, 2006.
  153. 33. Povey, D. Optimistic Security: A New Access Control
  154. Paradigm, 1999.
  155. 34. Rhodes, A. and Caelli, W. A Review Paper Role Based
  156. Access Control, University of Queensland, Brisbane
  157. Australia, 1999.
  158. 35. Rissanen, E., Firozabadi, B.S. and Sergot, M.
  159. Discretionary Overriding of Access Control in the
  160. Privilege Calculus, 2005.
  161. 36. Rissanen, E., Firozabadi, B.S. and Sergot, M. Towards
  162. A Mechanism for Discretionary Overriding of Access
  163. Control, 2004.
  164. 37. Russell, N., Hofstede, A.H.M.t., Edmond, D. and Aalst,
  165. W.M.P.v.d. Workflow Resource Patterns, 2005.
  166. 38. Sandhu, R.S., Coynek, E.J., Feinsteink, H.L. and
  167. Youmank, C.E. Role-Based Access Control Models.
  168. IEEE Computer, 29 (2). 38-47.
  169. 39. Stevens, G. and Wulf, V. A New Dimension in Access
  170. Control: Studying Maintenance Engineering across
  171. Organizational Boundaries, 2002.
  172. 40. Thomas, R.K., Team-based Access Control (TMAC): A
  173. Primitive for Applying Role-based Access Controls in
  174. Collaborative Environments. in RBAC '97, (Fairfax Va
  175. USA, 1997), ACM, 13-19.
  176. 41. Thomas, R.K. and Sandhu, R.S., Task-based
  177. Authorisation Controls (TBAC): A Family of Models
  178. for Active and Enterprise-oriented Authorisation
  179. Management. in IFIP WG11.3 Workshop on Database
  180. Security, (Lake Tahoe, California, USA, 1997),
  181. Chapman &amp; Hall.
  182. 42. Wang, L., Wijesekera, D. and Jajodia, S., A Logicbased
  183. Framework for Attribute based Access Control. in
  184. 2004 ACM workshop on Formal methods in security
  185. engineering, (2004)." name="eprints.referencetext" />
  186. <meta content="de la Motte, Leigh and Hartnett, Jacky (2006) Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System. In: 1st Electronic Health Privacy and Security Symposium EhPASS2006, 24-25 Oct 2006, Brisbane, Australia." name="eprints.citation" />
  187. <meta content="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf" name="eprints.document_url" />
  188. <link rel="schema.DC" href="http://purl.org/DC/elements/1.0/" />
  189. <meta content="Using a Client-Task Based Approach to Achieve a
  190. Privacy Compliant Access Control System" name="DC.title" />
  191. <meta content="de la Motte, Leigh" name="DC.creator" />
  192. <meta content="Hartnett, Jacky" name="DC.creator" />
  193. <meta content="280103 Information Storage, Retrieval and Management" name="DC.subject" />
  194. <meta content="This paper seeks a solution to the problem of assuring the privacy of low value client information such as that maintained by a hospital. The proposed solution involves the development of a compliant low-cost system. It is based on the fundamental requirement that such a system needs to provide integration, generalization and inbuilt consent. Integration brings together the technical, managerial and regulatory components of an organisation's system. Generalization provides all the access control functionalities that are necessary for the system to be
  195. useful in a diverse range of organisations. Inbuilt consent ensures that data owners consent to the use of their personally identified data. The Integrated System proposed here uses a Client-Task approach. It is based on the observation that a client is not a user of the system yet has a form of ownership over their personally identified data held within the system. Furthermore, in industries such as health, it is often the professionals and managers who determine who has access rather than systems administrators." name="DC.description" />
  196. <meta content="2006-10" name="DC.date" />
  197. <meta content="Conference or Workshop Item" name="DC.type" />
  198. <meta content="PeerReviewed" name="DC.type" />
  199. <meta content="application/pdf" name="DC.format" />
  200. <meta content="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf" name="DC.identifier" />
  201. <meta content="de la Motte, Leigh and Hartnett, Jacky (2006) Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System. In: 1st Electronic Health Privacy and Security Symposium EhPASS2006, 24-25 Oct 2006, Brisbane, Australia." name="DC.identifier" />
  202. <meta content="http://eprints.utas.edu.au/783/" name="DC.relation" />
  203. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/BibTeX/epprod-eprint-783.bib" title="BibTeX" type="text/plain" />
  204. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/ContextObject/epprod-eprint-783.xml" title="OpenURL ContextObject" type="text/xml" />
  205. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/ContextObject::Dissertation/epprod-eprint-783.xml" title="OpenURL Dissertation" type="text/xml" />
  206. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/ContextObject::Journal/epprod-eprint-783.xml" title="OpenURL Journal" type="text/xml" />
  207. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/DC/epprod-eprint-783.txt" title="Dublin Core" type="text/plain" />
  208. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/DIDL/epprod-eprint-783.xml" title="DIDL" type="text/xml" />
  209. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/EndNote/epprod-eprint-783.enw" title="EndNote" type="text/plain" />
  210. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/HTML/epprod-eprint-783.html" title="HTML Citation" type="text/html; charset=utf-8" />
  211. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/METS/epprod-eprint-783.xml" title="METS" type="text/xml" />
  212. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/MODS/epprod-eprint-783.xml" title="MODS" type="text/xml" />
  213. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/RIS/epprod-eprint-783.ris" title="Reference Manager" type="text/plain" />
  214. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/Refer/epprod-eprint-783.refer" title="Refer" type="text/plain" />
  215. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/Simple/epprod-eprint-783text" title="Simple Metadata" type="text/plain" />
  216. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/Text/epprod-eprint-783.txt" title="ASCII Citation" type="text/plain; charset=utf-8" />
  217. <link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/XML/epprod-eprint-783.xml" title="EP3 XML" type="text/xml" />
  218.  
  219.   </head>
  220.   <body bgcolor="#ffffff" text="#000000" onLoad="loadRoutine(); MM_preloadImages('images/eprints/ePrints_banner_r5_c5_f2.gif','images/eprints/ePrints_banner_r5_c7_f2.gif','images/eprints/ePrints_banner_r5_c8_f2.gif','images/eprints/ePrints_banner_r5_c9_f2.gif','images/eprints/ePrints_banner_r5_c10_f2.gif','images/eprints/ePrints_banner_r5_c11_f2.gif','images/eprints/ePrints_banner_r6_c4_f2.gif')">
  221.     
  222.     <div class="ep_noprint"><noscript><style type="text/css">@import url(http://eprints.utas.edu.au/style/nojs.css);</style></noscript></div>
  223.  
  224.  
  225.  
  226.  
  227. <table width="795" border="0" cellspacing="0" cellpadding="0">
  228.   <tr>
  229.     <td><script language="JavaScript1.2">mmLoadMenus();</script>
  230.       <table border="0" cellpadding="0" cellspacing="0" width="795">
  231.         <!-- fwtable fwsrc="eprints_banner_final2.png" fwbase="ePrints_banner.gif" fwstyle="Dreamweaver" fwdocid = "1249563342" fwnested="0" -->
  232.         <tr>
  233.           <td><img src="/images/eprints/spacer.gif" width="32" height="1" border="0" alt="" /></td>
  234.           <td><img src="/images/eprints/spacer.gif" width="104" height="1" border="0" alt="" /></td>
  235.           <td><img src="/images/eprints/spacer.gif" width="44" height="1" border="0" alt="" /></td>
  236.           <td><img src="/images/eprints/spacer.gif" width="105" height="1" border="0" alt="" /></td>
  237.           <td><img src="/images/eprints/spacer.gif" width="41" height="1" border="0" alt="" /></td>
  238.           <td><img src="/images/eprints/spacer.gif" width="16" height="1" border="0" alt="" /></td>
  239.           <td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
  240.           <td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
  241.           <td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
  242.           <td><img src="/images/eprints/spacer.gif" width="82" height="1" border="0" alt="" /></td>
  243.           <td><img src="/images/eprints/spacer.gif" width="69" height="1" border="0" alt="" /></td>
  244.           <td><img src="/images/eprints/spacer.gif" width="98" height="1" border="0" alt="" /></td>
  245.           <td><img src="/images/eprints/spacer.gif" width="1" height="1" border="0" alt="" /></td>
  246.         </tr>
  247.         <tr>
  248.           <td colspan="12"><img name="ePrints_banner_r1_c1" src="/images/eprints/ePrints_banner_r1_c1.gif" width="795" height="10" border="0" alt="" /></td>
  249.           <td><img src="/images/eprints/spacer.gif" width="1" height="10" border="0" alt="" /></td>
  250.         </tr>
  251.         <tr>
  252.           <td rowspan="6"><img name="ePrints_banner_r2_c1" src="/images/eprints/ePrints_banner_r2_c1.gif" width="32" height="118" border="0" alt="" /></td>
  253.           <td rowspan="5"><a href="http://www.utas.edu.au/"><img name="ePrints_banner_r2_c2" src="/images/eprints/ePrints_banner_r2_c2.gif" width="104" height="103" border="0" alt="" /></a></td>
  254.           <td colspan="10"><img name="ePrints_banner_r2_c3" src="/images/eprints/ePrints_banner_r2_c3.gif" width="659" height="41" border="0" alt="" /></td>
  255.           <td><img src="/images/eprints/spacer.gif" width="1" height="41" border="0" alt="" /></td>
  256.         </tr>
  257.         <tr>
  258.           <td colspan="3"><a href="http://eprints.utas.edu.au/"><img name="ePrints_banner_r3_c3" src="/images/eprints/ePrints_banner_r3_c3.gif" width="190" height="31" border="0" alt="" /></a></td>
  259.           <td rowspan="2" colspan="7"><img name="ePrints_banner_r3_c6" src="/images/eprints/ePrints_banner_r3_c6.gif" width="469" height="37" border="0" alt="" /></td>
  260.           <td><img src="/images/eprints/spacer.gif" width="1" height="31" border="0" alt="" /></td>
  261.         </tr>
  262.         <tr>
  263.           <td colspan="3"><img name="ePrints_banner_r4_c3" src="/images/eprints/ePrints_banner_r4_c3.gif" width="190" height="6" border="0" alt="" /></td>
  264.           <td><img src="/images/eprints/spacer.gif" width="1" height="6" border="0" alt="" /></td>
  265.         </tr>
  266.         <tr>
  267.           <td colspan="2"><img name="ePrints_banner_r5_c3" src="/images/eprints/ePrints_banner_r5_c3.gif" width="149" height="1" border="0" alt="" /></td>
  268.           <td rowspan="2" colspan="2"><a href="/information.html" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821132634_0,0,25,null,'ePrints_banner_r5_c5');MM_swapImage('ePrints_banner_r5_c5','','/images/eprints/ePrints_banner_r5_c5_f2.gif',1);"><img name="ePrints_banner_r5_c5" src="/images/eprints/ePrints_banner_r5_c5.gif" width="57" height="25" border="0" alt="About" /></a></td>
  269.           <td rowspan="2"><a href="/view/" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133021_1,0,25,null,'ePrints_banner_r5_c7');MM_swapImage('ePrints_banner_r5_c7','','/images/eprints/ePrints_banner_r5_c7_f2.gif',1);"><img name="ePrints_banner_r5_c7" src="/images/eprints/ePrints_banner_r5_c7.gif" width="68" height="25" border="0" alt="Browse" /></a></td>
  270.           <td rowspan="2"><a href="/perl/search/simple" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133201_2,0,25,null,'ePrints_banner_r5_c8');MM_swapImage('ePrints_banner_r5_c8','','/images/eprints/ePrints_banner_r5_c8_f2.gif',1);"><img name="ePrints_banner_r5_c8" src="/images/eprints/ePrints_banner_r5_c8.gif" width="68" height="25" border="0" alt="Search" /></a></td>
  271.           <td rowspan="2"><a href="/perl/register" onMouseOut="MM_swapImgRestore();MM_startTimeout();" onMouseOver="MM_showMenu(window.mm_menu_1018171924_3,0,25,null,'ePrints_banner_r5_c9');MM_swapImage('ePrints_banner_r5_c9','','/images/eprints/ePrints_banner_r5_c9_f2.gif',1);"><img name="ePrints_banner_r5_c9" src="/images/eprints/ePrints_banner_r5_c9.gif" width="68" height="25" border="0" alt="register" /></a></td>
  272.           <td rowspan="2"><a href="/perl/users/home" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133422_4,0,25,null,'ePrints_banner_r5_c10');MM_swapImage('ePrints_banner_r5_c10','','/images/eprints/ePrints_banner_r5_c10_f2.gif',1);"><img name="ePrints_banner_r5_c10" src="/images/eprints/ePrints_banner_r5_c10.gif" width="82" height="25" border="0" alt="user area" /></a></td>
  273.           <td rowspan="2"><a href="/help/" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133514_5,0,25,null,'ePrints_banner_r5_c11');MM_swapImage('ePrints_banner_r5_c11','','/images/eprints/ePrints_banner_r5_c11_f2.gif',1);"><img name="ePrints_banner_r5_c11" src="/images/eprints/ePrints_banner_r5_c11.gif" width="69" height="25" border="0" alt="Help" /></a></td>
  274.           <td rowspan="3" colspan="4"><img name="ePrints_banner_r5_c12" src="/images/eprints/ePrints_banner_r5_c12.gif" width="98" height="40" border="0" alt="" /></td>
  275.           <td><img src="/images/eprints/spacer.gif" width="1" height="1" border="0" alt="" /></td>
  276.         </tr>
  277.         <tr>
  278.           <td rowspan="2"><img name="ePrints_banner_r6_c3" src="/images/eprints/ePrints_banner_r6_c3.gif" width="44" height="39" border="0" alt="ePrints home" /></td>
  279.           <td><a href="/" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('ePrints_banner_r6_c4','','/images/eprints/ePrints_banner_r6_c4_f2.gif',1);"><img name="ePrints_banner_r6_c4" src="/images/eprints/ePrints_banner_r6_c4.gif" width="105" height="24" border="0" alt="ePrints home" /></a></td>
  280.           <td><img src="/images/eprints/spacer.gif" width="1" height="24" border="0" alt="" /></td>
  281.         </tr>
  282.         <tr>
  283.           <td><img name="ePrints_banner_r7_c2" src="/images/eprints/ePrints_banner_r7_c2.gif" width="104" height="15" border="0" alt="" /></td>
  284.           <td colspan="8"><img name="ePrints_banner_r7_c4" src="/images/eprints/ePrints_banner_r7_c4.gif" width="517" height="15" border="0" alt="" /></td>
  285.           <td><img src="/images/eprints/spacer.gif" width="1" height="15" border="0" alt="" /></td>
  286.         </tr>
  287.       </table></td>
  288.   </tr>
  289.     <tr><td><table width="100%" style="font-size: 90%; border: solid 1px #ccc; padding: 3px"><tr>
  290.       <td align="left"><a href="http://eprints.utas.edu.au/cgi/users/home">Login</a> | <a href="http://eprints.utas.edu.au/cgi/register">Create Account</a></td>
  291.       <td align="right" style="white-space: nowrap">
  292.         <form method="get" accept-charset="utf-8" action="http://eprints.utas.edu.au/cgi/search" style="display:inline">
  293.           <input class="ep_tm_searchbarbox" size="20" type="text" name="q" />
  294.           <input class="ep_tm_searchbarbutton" value="Search" type="submit" name="_action_search" />
  295.           <input type="hidden" name="_order" value="bytitle" />
  296.           <input type="hidden" name="basic_srchtype" value="ALL" />
  297.           <input type="hidden" name="_satisfyall" value="ALL" />
  298.         </form>
  299.       </td>
  300.     </tr></table></td></tr>
  301.   <tr>
  302.     <td class="toplinks"><!-- InstanceBeginEditable name="content" -->
  303.  
  304.  
  305. <div align="center">
  306.   
  307.   <table width="720" class="ep_tm_main"><tr><td align="left">
  308.     <h1 class="ep_tm_pagetitle">Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System</h1>
  309.     <p style="margin-bottom: 1em" class="not_ep_block"><span class="person_name">de la Motte, Leigh</span> and <span class="person_name">Hartnett, Jacky</span> (2006) <xhtml:em>Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System.</xhtml:em> In: 1st Electronic Health Privacy and Security Symposium EhPASS2006, 24-25 Oct 2006, Brisbane, Australia.</p><p style="margin-bottom: 1em" class="not_ep_block"></p><table style="margin-bottom: 1em" class="not_ep_block"><tr><td valign="top" style="text-align:center"><a onmouseover="EPJS_ShowPreview( event, 'doc_preview_791' );" href="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf" onmouseout="EPJS_HidePreview( event, 'doc_preview_791' );"><img alt="[img]" src="http://eprints.utas.edu.au/style/images/fileicons/application_pdf.png" class="ep_doc_icon" border="0" /></a><div class="ep_preview" id="doc_preview_791"><table><tr><td><img alt="" src="http://eprints.utas.edu.au/783/thumbnails/1/preview.png" class="ep_preview_image" border="0" /><div class="ep_preview_title">Preview</div></td></tr></table></div></td><td valign="top"><a href="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf"><span class="ep_document_citation">PDF</span></a> - Requires a PDF viewer<br />229Kb</td></tr></table><div class="not_ep_block"><h2>Abstract</h2><p style="padding-bottom: 16px; text-align: left; margin: 1em auto 0em auto">This paper seeks a solution to the problem of assuring the privacy of low value client information such as that maintained by a hospital. The proposed solution involves the development of a compliant low-cost system. It is based on the fundamental requirement that such a system needs to provide integration, generalization and inbuilt consent. Integration brings together the technical, managerial and regulatory components of an organisation's system. Generalization provides all the access control functionalities that are necessary for the system to be
  310. useful in a diverse range of organisations. Inbuilt consent ensures that data owners consent to the use of their personally identified data. The Integrated System proposed here uses a Client-Task approach. It is based on the observation that a client is not a user of the system yet has a form of ownership over their personally identified data held within the system. Furthermore, in industries such as health, it is often the professionals and managers who determine who has access rather than systems administrators.</p></div><table style="margin-bottom: 1em" cellpadding="3" class="not_ep_block" border="0"><tr><th valign="top" class="ep_row">Item Type:</th><td valign="top" class="ep_row">Conference or Workshop Item (Paper)</td></tr><tr><th valign="top" class="ep_row">Keywords:</th><td valign="top" class="ep_row">Health Informatics, Medical Records, Privacy, Access Control, Computer Security, Workflow Management, Consent, Roles</td></tr><tr><th valign="top" class="ep_row">Subjects:</th><td valign="top" class="ep_row"><a href="http://eprints.utas.edu.au/view/subjects/280103.html">280000 Information, Computing and Communication Sciences &gt; 280100 Information Systems &gt; 280103 Information Storage, Retrieval and Management</a></td></tr><tr><th valign="top" class="ep_row">ID Code:</th><td valign="top" class="ep_row">783</td></tr><tr><th valign="top" class="ep_row">Deposited By:</th><td valign="top" class="ep_row"><span class="ep_name_citation"><span class="person_name">Mr Leigh de la Motte</span></span></td></tr><tr><th valign="top" class="ep_row">Deposited On:</th><td valign="top" class="ep_row">19 Feb 2007</td></tr><tr><th valign="top" class="ep_row">Last Modified:</th><td valign="top" class="ep_row">09 Jan 2008 02:30</td></tr><tr><th valign="top" class="ep_row">ePrint Statistics:</th><td valign="top" class="ep_row"><a target="ePrintStats" href="/es/index.php?action=show_detail_eprint;id=783;">View statistics for this ePrint</a></td></tr></table><p align="right">Repository Staff Only: <a href="http://eprints.utas.edu.au/cgi/users/home?screen=EPrint::View&amp;eprintid=783">item control page</a></p>
  311.   </td></tr></table>
  312. </div>
  313.  
  314.  
  315.  
  316.     <!-- InstanceEndEditable --></td>
  317.   </tr>
  318.   <tr>
  319.     <td><!-- #BeginLibraryItem "/Library/footer_eprints.lbi" -->
  320.     <table width="795" border="0" align="left" cellpadding="0" class="footer">
  321.   <tr valign="top">
  322. <td colspan="2"><div align="center"><a href="http://www.utas.edu.au">UTAS home</a> | <a href="http://www.utas.edu.au/library/">Library home</a> | <a href="/">ePrints home</a> | <a href="/contact.html">contact</a> | <a href="/information.html">about</a> | <a href="/view/">browse</a> | <a href="/perl/search/simple">search</a> | <a href="/perl/register">register</a> | <a href="/perl/users/home">user area</a> | <a href="/help/">help</a></div><br /></td>
  323. </tr>
  324. <tr><td colspan="2"><p><img src="/images/eprints/footerline.gif" width="100%" height="4" /></p></td></tr>
  325.       <tr valign="top">
  326.         <td width="68%" class="footer">Authorised by the University Librarian<br />
  327. © University of Tasmania ABN 30 764 374 782<br />
  328.       <a href="http://www.utas.edu.au/cricos/">CRICOS Provider Code 00586B</a> | <a href="http://www.utas.edu.au/copyright/copyright_disclaimers.html">Copyright &amp; Disclaimers</a> | <a href="http://www.utas.edu.au/accessibility/index.html">Accessibility</a> | <a href="http://eprints.utas.edu.au/feedback/">Site Feedback</a>  </td>
  329.         <td width="32%"><div align="right">
  330.             <p align="right" class="NoPrint"><a href="http://www.utas.edu.au/"><img src="http://www.utas.edu.au/shared/logos/unioftasstrip.gif" alt="University of Tasmania Home Page" width="260" height="16" border="0" align="right" /></a></p>
  331.             <p align="right" class="NoPrint"><a href="http://www.utas.edu.au/"><br />
  332.             </a></p>
  333.         </div></td>
  334.       </tr>
  335.       <tr valign="top">
  336.         <td><p>  </p></td>
  337.         <td><div align="right"><span class="NoPrint"><a href="http://www.eprints.org/software/"><img src="/images/eprintslogo.gif" alt="ePrints logo" width="77" height="29" border="0" align="bottom" /></a></span></div></td>
  338.       </tr>
  339.     </table>
  340.     <!-- #EndLibraryItem -->
  341.     <div align="center"></div></td>
  342.   </tr>
  343. </table>
  344.  
  345.   </body>
  346. </html>