[
Lists Home |
Date Index |
Thread Index
]
- From: Jonathan Borden <jborden@mediaone.net>
- To: Matt Sergeant <matt@sergeant.org>, KenNorth <KenNorth@email.msn.com>
- Date: Mon, 24 Jul 2000 16:50:57 -0400
Matt Sergeant wrote:
> On Sun, 23 Jul 2000, KenNorth wrote:
>
> > Jonathan,
> >
> > > If healthcare records are important to preserve on a long term basis,
they
> > > need to be stored in a specified format that will allow this, hence
XML.
> > RDF
> > > provides the necessary semantic structure on top of the XML data.
> >
> > It seems like we need a multi-level security model for medical records.
> > We'll eventually be transmitting an individual's genetic map (DNA) so I
> > imagine we'll need something like element- and attribute-level security.
One
> > application might be able to view a person's complete medical records,
but
> > another might be denied access to specific gene and chromosome data.
> >
> > Do you think the current set of W3C specs (RDF, schemas) is adequate for
> > describing medical records in an environment that enforces
attribute-level
> > security?
>
> It would be interesting to be able to define security tokens in terms of
> XPath match expressions...
>
Interesting idea. If you think about it, one can view an entire directory
tree as an XML uberdocument, and an access control list is then a metadata
element of the file content
for example, the filename:
/this/is/a/path.xml
becomes:
<this>
<is>
<a>
<path.xml>
<acl>
<grant account="everyone" access="RWED" />
<revoke account="user" access="W" />
</acl>
<statis created="..." last-modified="..." />
<content> .... </content>
</path.xml>
one might then create a DOM extension which would control access to parts of
the document tree depending on the ACL metadata element.
-----
alternatively, one could wrap the filesystem in a DOM/XPath accessor and let
the filesystem code perform the access checks for you. I think it would take
less code to wrap the filesystem *BUT* one could always munge Xerces to
provide ACL behavior.
My gut feeling is that using a filesystem designed for lots of small files
will give the proper level of concurrency and access control. Which do y'all
think would be the most efficient?
Jonathan Borden
http://www.openhealth.org
|