Dynamic, Context-Aware Access Control for Distributed Healthcare Applications

The rapid worldwide deployment of the Internet and Web is the enabler of a new generation of e-healthcare applications, but the provision of a security architecture that can ensure the privacy and security of sensitive healthcare data is still an open question. Current solutions to this problem (mostly built on static RBAC models) are application-dependent and do not address the intricate security requirements of healthcare applications. The healthcare industry requires flexible, on-demand authentication, extensible context-aware access control, and dynamic authorization enforcement. With on-demand authentication, users are authenticated according to their task-specific situations. Extensible context-aware access control enables administrators to specify more precise and fine-grain authorization polices for any application. Dynamic authorization enforcement makes authorization decisions based upon runtime parameters rather than simply the role of the user. In this paper we describe a dynamic, context-aware security infrastructure that can fulfill the security requirements of healthcare applications and that can also be easily adapted to offer security support for similar enterprise applications.