[
Lists Home |
Date Index |
Thread Index
]
- From: Jonathan Borden <jborden@mediaone.net>
- To: "K. Ari Krupnikov" <ari@iln.net>
- Date: Mon, 24 Jul 2000 06:42:34 -0400
Ari, the problem is a bit more complicated. What is needed is per transform
per document access control, which in database terms would translate to per
row and per column access control. Typical RDBMs provide per column access
control. Typical filesystems provide per "row" access control. As I
mentioned before, once the technical problem has been solved, the
administration problem takes over because the number of access control lists
can become large if the finest grained security is employed.
Jonathan Borden
http://www.openhealth.org
>
>
> Jonathan Borden wrote:
> >
> > KenNorth wrote:
> > > Do you think the current set of W3C specs (RDF, schemas) is
> adequate for
> > > describing medical records in an environment that enforces
> attribute-level
> > > security?
> > >
> > This is an important issue. Clearly a multi-level security model is
> > essential. Standards/protocols such as IPSEC, SSL,
> certificates, S/MIME are
> > available to build security systems. Acceptable security systems can
> > certainly be (and have been) built. What is needed is proper
> implementation.
>
> > An abstract grove plan might practically be represented
> > by an XSLT transform through which the actual data is accessed.
>
> Using an existing engine with a proven security model, instead of
> implementing your own, could be helpful here.
> We are using an RDBMS to store arbitrary well-formed XML in a normalized
> form (each node is a row in a table). See http://iter.co.il
>
> XSLT stylesheets are represented by stored procedures. Managing security
> on stored procedures is trivial.
>
>
> --
> K. Ari Krupnikov
>
> DBDOM - bridging XML and relational databases
> http://www.iter.co.il
>
|