Monday, November 21, 2011
Access Controls: Policies --> Attributes --> Implementation
The IHE Access Control white paper describes through a diagram that how Policies affect the different resource domains (Users, Patients, Data, etc), and ultimately where the Policy Decision Point gets that information when it needs to make a decision. This simple concept is important to understand in order to determine any gaps in implementation or standards. The following is Figure 14, found on Page 35. This diagram does not propose to show all policies, all domains, or all attribute sources. But it does show many.
The paper goes on to analyze this deeper and Figure 17 (shown below) shows a different view of the attribute domains. In this diagram we can see the different attributes (little red boxes), grouped into the domains (big grey boxes).
The paper then shows in Figure 24, the classic XACML engine diagram with annotation on where these issues could possibly be satisfied. Clearly this is just one possible solution, but it is useful to view concrete models sometimes in order to understand the abstractions.
This just touches upon a few concepts from the Access Control Whitepaper. The paper is far more comprehensive than this.