Skip to main content

Policy Based Electronic Transmission of Prescriptions

Chadwick, David W. and Mundy, Darren (2003) Policy Based Electronic Transmission of Prescriptions. In: Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks. IEEE, pp. 197-206. ISBN 0-7695-1933-4. (doi:10.1109/POLICY.2003.1206974) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:13957)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. (Contact us about this Publication)
Official URL


This paper describes the PERMIS PMI role based authorisation policy, and shows how it has been applied to the electronic transfer of prescriptions (ETP). The assignment of roles is distributed to the appropriate authorities in the health care and government sectors. This includes the assignment of both professional roles such as doctor and dentist, as well as patient roles that entitle patients to free prescriptions. All roles are stored as X.509 attribute certificates (ACs) in LDAP directories, which are managed by the assigning authorities. The PERMIS policy based decision engine subsequently retrieves these role ACs in order to make Granted or Denied access control decisions required by the ETP applications. The Source of Authority for setting the ETP policy is assumed to be the Secretary of State for Health. The ETP policy says what roles are recognised, who is authorised to assign the roles, what privileges are granted to each role and what conditions are attached to these privileges. The ETP policy is then formatted in XML, embedded in an X.509 attribute certificate, digitally signed by the Secretary of State for Health, and then stored in an LDAP directory. From here it can be accessed by all the ETP applications in the UK National Health Service that contain embedded policy based PERMIS decision engines.

Item Type: Book section
DOI/Identification number: 10.1109/POLICY.2003.1206974
Uncontrolled keywords: authorization; electronic medical prescriptions; information security; medical services; government; dentistry; engines; access control; XML; pricing
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:01 UTC
Last Modified: 23 Jan 2020 04:02 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):