Team for Research in
Ubiquitous Secure Technology

EBAM: Experience-Based Access Management for Healthcare
Elizabeth Durham

Citation
Elizabeth Durham. "EBAM: Experience-Based Access Management for Healthcare". Talk or presentation, 11, November, 2010.

Abstract
Insufficient attention has been given to enterprise Identity and Access Management (IAM) as a process that needs to be carried out on a continuing basis in the presence of change and evolution. In particular, there is little formal support for how IAM can exploit experience the enterprise collects over time. We propose to shift the focus towards a lifecycle model of IAM called Experience Based Access Management (EBAM) that incorporates a set of models, techniques, and tools to reconcile differences between the “ideal” access model, as judged by high-level enterprise, professional, and legal standards, and the “enforced” access control, specific to the operational IAM system. The principal component of an EBAM support system is an “expected” access model that is used to represent differences between the ideal and enforced models based on information collected from access logs and other operational information. This works specifically focuses on how such an approach is ideal for healthcare information systems.

Electronic downloads

Citation formats  
  • HTML
    Elizabeth Durham. <a
    href="http://www.truststc.org/pubs/771.html"
    ><i>EBAM: Experience-Based Access Management for
    Healthcare</i></a>, Talk or presentation,  11,
    November, 2010.
  • Plain text
    Elizabeth Durham. "EBAM: Experience-Based Access
    Management for Healthcare". Talk or presentation,  11,
    November, 2010.
  • BibTeX
    @presentation{Durham10_EBAMExperienceBasedAccessManagementForHealthcare,
        author = {Elizabeth Durham},
        title = {EBAM: Experience-Based Access Management for
                  Healthcare},
        day = {11},
        month = {November},
        year = {2010},
        abstract = {Insufficient attention has been given to
                  enterprise Identity and Access Management (IAM) as
                  a process that needs to be carried out on a
                  continuing basis in the presence of change and
                  evolution. In particular, there is little formal
                  support for how IAM can exploit experience the
                  enterprise collects over time. We propose to shift
                  the focus towards a lifecycle model of IAM called
                  Experience Based Access Management (EBAM) that
                  incorporates a set of models, techniques, and
                  tools to reconcile differences between the
                  âidealâ access model, as judged by high-level
                  enterprise, professional, and legal standards, and
                  the âenforcedâ access control, specific to the
                  operational IAM system. The principal component of
                  an EBAM support system is an âexpectedâ access
                  model that is used to represent differences
                  between the ideal and enforced models based on
                  information collected from access logs and other
                  operational information. This works specifically
                  focuses on how such an approach is ideal for
                  healthcare information systems.},
        URL = {http://www.truststc.org/pubs/771.html}
    }
    

Posted by Larry Rohrbough on 7 Dec 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.