OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: Healthcare and Security/Privacy

[ Lists Home | Date Index | Thread Index ]
  • From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
  • To: Matt Sergeant <matt@sergeant.org>
  • Date: Mon, 24 Jul 2000 08:09:28 -0500

They would have to match an operation with a 
type or flag and user role.  Security for certain records 
involves knowing if a real person has a role 
in an organization that grants by role that 
person the right to view that record.  Field 
level security per se is usually prohibitively 
expensive even where the DBMS enables it.  For 
example, we are often asked to secure juvenile 
records (have to by law) and the means requested 
vary from completely separate storage or database 
(non-starter) to field-level security.  Unfortunately, 
field level security without an understanding of 
the overall schema, the relationships among 
tables, the operations to access these and 
create views, the nature of QBE and the form 
containers, etc. is not the right request.  
Access in a view by a role assignment is 
effective.  Simply assigning security levels 
at the attribute was tried in the CALS DTDs 
and eventually rejected.

Len Bullard
Intergraph Public Safety

Ekam sat.h, Vipraah bahudhaa vadanti.
Daamyata. Datta. Dayadhvam.h

-----Original Message-----
From: Matt Sergeant [mailto:matt@sergeant.org]

It would be interesting to be able to define security tokens in terms of
XPath match expressions...


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS