xml-dev - RE: Healthcare and Security/Privacy

RE: Healthcare and Security/Privacy

[ Lists Home | Date Index | Thread Index ]

From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
To: Matt Sergeant <matt@sergeant.org>
Date: Mon, 24 Jul 2000 08:09:28 -0500

They would have to match an operation with a 
type or flag and user role.  Security for certain records 
involves knowing if a real person has a role 
in an organization that grants by role that 
person the right to view that record.  Field 
level security per se is usually prohibitively 
expensive even where the DBMS enables it.  For 
example, we are often asked to secure juvenile 
records (have to by law) and the means requested 
vary from completely separate storage or database 
(non-starter) to field-level security.  Unfortunately, 
field level security without an understanding of 
the overall schema, the relationships among 
tables, the operations to access these and 
create views, the nature of QBE and the form 
containers, etc. is not the right request.  
Access in a view by a role assignment is 
effective.  Simply assigning security levels 
at the attribute was tried in the CALS DTDs 
and eventually rejected.

Len Bullard
Intergraph Public Safety
clbullar@ingr.com
http://fly.hiwaay.net/~cbullard/lensongs.ram

Ekam sat.h, Vipraah bahudhaa vadanti.
Daamyata. Datta. Dayadhvam.h


-----Original Message-----
From: Matt Sergeant [mailto:matt@sergeant.org]

It would be interesting to be able to define security tokens in terms of
XPath match expressions...

Prev by Date: Re: Healthcare and Security/Privacy
Next by Date: What is the relationship of product to enterprise? (RE: Joel on XML)
Previous by thread: Proposed New XSL Element -" xsl:insert" - Could it be considered
Next by thread: RE: Healthcare and Security/Privacy
Index(es):
- Date
- Thread