This message forwarded on behalf of Prof Bernard Cohen:
> > > Merely providing the mechanisms for access control will not suffice. > > That was the basis of Ross Anderson's withering attack on the NHS network, > on > > behalf of the BMC, that led to a great deal of embarrassment for the NHS > > and the UK government. > > The hard part is to define a security policy model that: > > -- is provably adequate with respect to the relevant legislative and > ethical > > environments; > > -- is demonstrably implementable by the technical and social > infrastructure; > > -- comes complete with compliance checks that are necessary and sufficient > for > > validating any proposed implementation. > > As far as I know, my preliminary paper on this matter > > (http://www.soi.city.ac.uk/~bernie/hsp.pdf), incomplete though it is, is > the > > only work done in this area. As you'll see, it requires a degree of > semantic > > formalisation that is beyond the scope of any of the currently proposed > EPR > > standards, GEHR included. The fact that this degree of formalisation is > also > > beyond the comprehansion of most of the stakeholders is irrelevant. You > don't > > have to understand computational fluid dynamics to use a weather forecast. > > > > Quoting Thomas Beale <thomas at deepthought.com.au>: > > > > > "Bennett Quinn" <bnq at bneq.net>, > > > > > > > What is the proposed confidentiality model? > > > > > > -- __ Prof Bernard Cohen, Dept of Comp Sc, City Univ, Northampton Sq. London EC1V 0HB tel: ++44-20-7040-8448 fax: ++44-20-7040-8587 b.cohen at city.ac.uk WWW: http://www.soi.city.ac.uk/~bernie "Patterns lively of the things rehearsed" ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- Ocean Informatics: http://www.OceanInformatics.biz Deep Thought: http://www.deepthought.com.au openEHR: http://www.openEHR.org - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
