XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Healthcare and Security/Privacy

  • From: Jonathan Borden <jborden@m...>
  • To: Matt Sergeant <matt@s...>, KenNorth <KenNorth@e...>
  • Date: Mon, 24 Jul 2000 16:50:57 -0400
privacy security healthcare
Play the video
Matt Sergeant wrote:
> On Sun, 23 Jul 2000, KenNorth wrote:
>
> > Jonathan,
> >
> > > If healthcare records are important to preserve on a long term basis,
they
> > > need to be stored in a specified format that will allow this, hence
XML.
> > RDF
> > > provides the necessary semantic structure on top of the XML data.
> >
> > It seems like we need a multi-level security model for medical records.
> > We'll eventually be transmitting an individual's genetic map (DNA) so I
> > imagine we'll need something like element- and attribute-level security.
One
> > application might be able to view a person's complete medical records,
but
> > another might be denied access to specific gene and chromosome data.
> >
> > Do you think the current set of W3C specs (RDF, schemas) is adequate for
> > describing medical records in an environment that enforces
attribute-level
> > security?
>
> It would be interesting to be able to define security tokens in terms of
> XPath match expressions...
>
Interesting idea. If you think about it, one can view an entire directory
tree as an XML uberdocument, and an access control list is then a metadata
element of the file content

for example, the filename:

/this/is/a/path.xml

becomes:

<this>
    <is>
        <a>
            <path.xml>
                <acl>
                    <grant account="everyone" access="RWED" />
                    <revoke account="user" access="W" />
                </acl>
                <statis created="..." last-modified="..." />
                <content> .... </content>
            </path.xml>

one might then create a DOM extension which would control access to parts of
the document tree depending on the ACL metadata element.

-----

alternatively, one could wrap the filesystem in a DOM/XPath accessor and let
the filesystem code perform the access checks for you. I think it would take
less code to wrap the filesystem *BUT* one could always munge Xerces to
provide ACL behavior.

My gut feeling is that using a filesystem designed for lots of small files
will give the proper level of concurrency and access control. Which do y'all
think would be the most efficient?

Jonathan Borden
http://www.openhealth.org

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.