You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We often describe authorization rules in terms of graph traversals. Role-based access control and access control lists are not really suited for it
Example: Doctors who work on the care team for a patient or group of patients can view patient data including lab results, images, procedures, conditions etc
To describe all of these possible traversals specifically is impossible due to combinatorial explosion
Is it possible to express this sort of traversal with optional steps and branching steps:
Could yield a vast array of possible traversals in one line of python itertools
Is it possible to conditionally execute dataflows if the flow-path from the requesting user to the requested data matches some generator of flow-paths?
That could make security rules a lot more expressive and a lot easier to maintain. Also could make this into a nice functional query language for databases.
What do you think?
The text was updated successfully, but these errors were encountered:
We often describe authorization rules in terms of graph traversals. Role-based access control and access control lists are not really suited for it
Example: Doctors who work on the care team for a patient or group of patients can view patient data including lab results, images, procedures, conditions etc
To describe all of these possible traversals specifically is impossible due to combinatorial explosion
Is it possible to express this sort of traversal with optional steps and branching steps:
Ex. ["Provider", "CareTeam", {"Group", None}, "Patient", {"Observation", "Condition", "Procedure", ...} ]
Could yield a vast array of possible traversals in one line of python itertools
Is it possible to conditionally execute dataflows if the flow-path from the requesting user to the requested data matches some generator of flow-paths?
That could make security rules a lot more expressive and a lot easier to maintain. Also could make this into a nice functional query language for databases.
What do you think?
The text was updated successfully, but these errors were encountered: