A Workflow-Based Access Control Framework for e-Health Applications

Abstract

In this paper, we present a framework where access rights are provided to entities on the basis of the actual task that the entities must fulfill as part of their duties. For capturing the requirements of entities' duties we use the notion of workflow. Our main aim is to provide an access control mechanism that is able to balance the competing goals of flexibility and security. As the main beneficiary of our approach we consider e-Health Applications, where flexibility and security are major requirements. We also provide an implementation of a medical case study to illustrate the framework.