SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
In this presentation delivered at the European Identity Conference, David looks at externalized authorization, attribute-based access control (ABAC) and XACML and how it can help implement privacy regulations.
In this presentation delivered at the European Identity Conference, David looks at externalized authorization, attribute-based access control (ABAC) and XACML and how it can help implement privacy regulations.
31.
Swedish National Healthcare: access control rules
At the medical center level
Only doctors that belong to the given medical center can see records of patients from
that medical center
At the district level
Only doctors that belong to the given district can see records of patients from that
district
Patients can define their own policies: patient-defined disclosure policies (pddp)
At the top level – the organization
Patients need to provide an additional consent form for their data to be disclosed
An emergency plan provides for exceptional policies to override patient-defined rules