OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 

 
   Re: Healthcare and Security/Privacy

[ Lists Home | Date Index | Thread Index ]
  • From: Jonathan Borden <jborden@mediaone.net>
  • To: Matt Sergeant <matt@sergeant.org>, KenNorth <KenNorth@email.msn.com>
  • Date: Mon, 24 Jul 2000 16:50:57 -0400
Matt Sergeant wrote:
> On Sun, 23 Jul 2000, KenNorth wrote:
>
> > Jonathan,
> >
> > > If healthcare records are important to preserve on a long term basis,
they
> > > need to be stored in a specified format that will allow this, hence
XML.
> > RDF
> > > provides the necessary semantic structure on top of the XML data.
> >
> > It seems like we need a multi-level security model for medical records.
> > We'll eventually be transmitting an individual's genetic map (DNA) so I
> > imagine we'll need something like element- and attribute-level security.
One
> > application might be able to view a person's complete medical records,
but
> > another might be denied access to specific gene and chromosome data.
> >
> > Do you think the current set of W3C specs (RDF, schemas) is adequate for
> > describing medical records in an environment that enforces
attribute-level
> > security?
>
> It would be interesting to be able to define security tokens in terms of
> XPath match expressions...
>
Interesting idea. If you think about it, one can view an entire directory
tree as an XML uberdocument, and an access control list is then a metadata
element of the file content

for example, the filename:

/this/is/a/path.xml

becomes:

<this>
    <is>
        <a>
            <path.xml>
                <acl>
                    <grant account="everyone" access="RWED" />
                    <revoke account="user" access="W" />
                </acl>
                <statis created="..." last-modified="..." />
                <content> .... </content>
            </path.xml>

one might then create a DOM extension which would control access to parts of
the document tree depending on the ACL metadata element.

-----

alternatively, one could wrap the filesystem in a DOM/XPath accessor and let
the filesystem code perform the access checks for you. I think it would take
less code to wrap the filesystem *BUT* one could always munge Xerces to
provide ACL behavior.

My gut feeling is that using a filesystem designed for lots of small files
will give the proper level of concurrency and access control. Which do y'all
think would be the most efficient?

Jonathan Borden
http://www.openhealth.org

 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS