Inspiration
Provide an alternative to O-Auth
What it does
Our solution supports:
provider’s access to MULTIPLE patient’s health records (Scenario 1) without requiring individual approvals from the patients
ACCESS DELEGATION to patient data (Scenario 2)
access control decisions based on COMPLICATED attributes of the provider (Scenario 3) granular access validation and authentication , including data creation.
How we built it
The system was built using:
- Java, EE
- FHIR
- XACML,
- JAX-RS
- Apache Axis 2 client
- MySQL DBMS
Challenges we ran into
- Mapping RestAPI calls and XACML request
- Construct secure policies
Accomplishments that we're proud of
- Standard about mapping FHIR resources and RestAPI calls into XACML request
- Delegating principle of least privilege.
What we learned
- The ABAC engine can seemlessly supports fine-grained access control on FHIR resources
What's next for Attribute-Based Access Control (ABAC) on FHIR
- Perform policy consistency validation
- Ensure data integrity and confidentiality in FHIR
- Distributed access control mechanism
- Implement automatic constraints on the authorization server
Log in or sign up for Devpost to join the conversation.