An Integrated Approach for the Enforcement of Contextual Permissions and Pre-Obligations

2012 ◽  
pp. 107-126
Author(s):  
Yehia Elrakaiby ◽  
Frédéric Cuppens ◽  
Nora Cuppens-Boulahia
Keyword(s):  
Predicate Logic ◽  
Operational Semantics ◽  
Integrated Approach ◽  
Eca Rules ◽  
Authorization Policy ◽  
Declarative Semantics ◽  
Access Request ◽  
Successful Fulfillment ◽  
Authorization Policies

Pre-obligations denote actions that may be required before access is granted. The successful fulfillment of pre-obligations leads to the authorization of the requested access. Pre-obligations enable a more flexible enforcement of authorization policies. This paper formalizes interactions between the obligation and authorization policy states when pre-obligations are supported and investigates their use in a practical scenario. The main advantage of the presented approach is that it gives pre-obligations both declarative semantics using predicate logic and operational semantics using Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either (1) statically (an access request is denied if the pre-obligation has not been fulfilled); or (2) dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized).

scholarly journals Impact of a National Private Health Insurer’s Prior Authorization Policy on Utilization of Vaginal Hysterectomy

2019 ◽  
Vol Publish Ahead of Print ◽  
Author(s):  
Carolyn W. Swenson ◽  
Neil S. Kamdar ◽  
Kristian Seiler ◽  
Daniel M. Morgan
Keyword(s):  
Vaginal Hysterectomy ◽  
Prior Authorization ◽  
Authorization Policy

Authorization Service for Web Services and its Application in a Health Care Domain

2008 ◽  
pp. 2865-2891
Author(s):  
Sarath Indrakanti ◽  
Vijay Varadharajan ◽  
Michael Hitchens
Keyword(s):  
Health Care ◽  
Web Services ◽  
Access Control ◽  
Health Care System ◽  
Design Issues ◽  
Policy Language ◽  
Control Language ◽  
Authorization Model ◽  
Authorization Policy ◽  
Authorization Policies

In this paper, we discuss the design issues for an authorization framework for Web Services. In particular, we describe the features required for an authorization policy language for Web Services. We briefly introduce the authorization service provided by Microsoft .NET MyServices and describe our extended authorization model that proposes extensions to the .NET MyServices authorization service to support a range of authorization policies required in commercial systems. We discuss the application of the extended authorization model to a health care system built using Web Services. We use the XML Access Control Language (XACL) in our implementation to demonstrate our extended authorization model. This also enables us to evaluate the range of authorization policies that XACL supports.

Sign in / Sign up

Export Citation Format

Share Document