[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Healthcare and Security/Privacy
Matt Sergeant wrote: > On Sun, 23 Jul 2000, KenNorth wrote: > > > Jonathan, > > > > > If healthcare records are important to preserve on a long term basis, they > > > need to be stored in a specified format that will allow this, hence XML. > > RDF > > > provides the necessary semantic structure on top of the XML data. > > > > It seems like we need a multi-level security model for medical records. > > We'll eventually be transmitting an individual's genetic map (DNA) so I > > imagine we'll need something like element- and attribute-level security. One > > application might be able to view a person's complete medical records, but > > another might be denied access to specific gene and chromosome data. > > > > Do you think the current set of W3C specs (RDF, schemas) is adequate for > > describing medical records in an environment that enforces attribute-level > > security? > > It would be interesting to be able to define security tokens in terms of > XPath match expressions... > Interesting idea. If you think about it, one can view an entire directory tree as an XML uberdocument, and an access control list is then a metadata element of the file content for example, the filename: /this/is/a/path.xml becomes: <this> <is> <a> <path.xml> <acl> <grant account="everyone" access="RWED" /> <revoke account="user" access="W" /> </acl> <statis created="..." last-modified="..." /> <content> .... </content> </path.xml> one might then create a DOM extension which would control access to parts of the document tree depending on the ACL metadata element. ----- alternatively, one could wrap the filesystem in a DOM/XPath accessor and let the filesystem code perform the access checks for you. I think it would take less code to wrap the filesystem *BUT* one could always munge Xerces to provide ACL behavior. My gut feeling is that using a filesystem designed for lots of small files will give the proper level of concurrency and access control. Which do y'all think would be the most efficient? Jonathan Borden http://www.openhealth.org
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|