An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow

Xuan Hung Le, Terry Doll, Monica Barbosu, Amneris Luque, Dongwen Wang

Research output: Contribution to journalArticle

35 Citations (Scopus)

Abstract

Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa = 0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.

Original languageEnglish (US)
Pages (from-to)1084-1107
Number of pages24
JournalJournal of Biomedical Informatics
Volume45
Issue number6
DOIs
StatePublished - Dec 1 2012

Fingerprint

Information Management
Workflow
Access control
Education
Biomedical Research
Patient Care
HIV
Sensitivity and Specificity
Information management
Ontology

Keywords

  • Access control
  • Computation model
  • Computer supported cooperative work
  • Information management
  • Medical education
  • Workflow

ASJC Scopus subject areas

  • Computer Science Applications
  • Health Informatics

Cite this

An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow. / Le, Xuan Hung; Doll, Terry; Barbosu, Monica; Luque, Amneris; Wang, Dongwen.

In: Journal of Biomedical Informatics, Vol. 45, No. 6, 01.12.2012, p. 1084-1107.

Research output: Contribution to journalArticle

@article{ad7f7a250a974c10bd89b2faef5837b4,
title = "An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow",
abstract = "Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa = 0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100{\%}. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.",
keywords = "Access control, Computation model, Computer supported cooperative work, Information management, Medical education, Workflow",
author = "Le, {Xuan Hung} and Terry Doll and Monica Barbosu and Amneris Luque and Dongwen Wang",
year = "2012",
month = "12",
day = "1",
doi = "10.1016/j.jbi.2012.06.001",
language = "English (US)",
volume = "45",
pages = "1084--1107",
journal = "Journal of Biomedical Informatics",
issn = "1532-0464",
publisher = "Academic Press Inc.",
number = "6",

}

TY - JOUR

T1 - An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow

AU - Le, Xuan Hung

AU - Doll, Terry

AU - Barbosu, Monica

AU - Luque, Amneris

AU - Wang, Dongwen

PY - 2012/12/1

Y1 - 2012/12/1

N2 - Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa = 0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.

AB - Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa = 0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.

KW - Access control

KW - Computation model

KW - Computer supported cooperative work

KW - Information management

KW - Medical education

KW - Workflow

UR - http://www.scopus.com/inward/record.url?scp=84869871203&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869871203&partnerID=8YFLogxK

U2 - 10.1016/j.jbi.2012.06.001

DO - 10.1016/j.jbi.2012.06.001

M3 - Article

C2 - 22732236

AN - SCOPUS:84869871203

VL - 45

SP - 1084

EP - 1107

JO - Journal of Biomedical Informatics

JF - Journal of Biomedical Informatics

SN - 1532-0464

IS - 6

ER -