2015-09-06
314
NTUH is a large enterprise having the ramifications of roles and access permissions. For
growing diversity, complexities of acute hospital care, it is particularly difficult to achieve,
predict clearly mapping medical providers into roles or assigning access permissions,
privileges to roles in healthcare environments. Initially, the hospital adopts the classical role
based access control mechanism to deal with users, roles, and associated access rights
(Barkley, 1997; 2004-Single). However, we encounter a dilemma: either few roles defined
inducing role expansion (Adamcik et al., 1986; Bullough, 1976) or a role per individual
resulting in role proliferation (Zhang, 2003; Woods, 2007). Therefore, to cope with the
conflicts, a NTUH employee is entitled a basic set of permissions, following the principle of
least privilege, according to his/her occupational territory. Additional access permissions,
authorities will be aggrandized on demand. In here, the access permissions are pre-defined
as web page access rights.
The SSOS scheme has been implemented as followings. For authentication, user’s employee
ID, SSN (Social Security Number), and current timestamp are utilized to randomly generate
the authentication access key. The key is utilized to authenticate among the NTUH
components to achieve the SSOS scheme as described in the previous section. For
authorization or access permissions, each HIS web page is assigned an identity, i.e., a web
36 Web Intelligence and Intelligent Agents
page ID; every user is correlated with a set of web pages. If a user does not have the
authority, the user can not access, execute the web pages. The user ID and his/her
associated web page IDs are stored and maintained in the HIS database. In addition, prefetched,
|
|
|
paired page ID & user ID can be cached in Win-Session Server in order to improve
the validation performance. The cached data are synchronized with HIS database on hourly
basis.
The architecture of Web-session Servers is developed, deployed under the.NET web
services environment. The Win-session Servers are implemented as daemons. All requests
received in the Web-session Servers are forwarded to the daemons and operated there,
including database interfaces.
Auth-WS is the core of the SSOS scheme for certifications. In the scheme, the Portal service
and HIS components are developed under Microsoft.Net technologies. Thus, these two
modules can communicate with Auth-WS directly. However, we design a COM component
to adopt, facilitate the communications between the Legacy HIS applications and the Auth-
WS. The communications between the Auth-WS and the Outsourcing Systems are achieved
via their APIs. The flows of the scheme are demonstrated in Figure 2 red arrows.
4.3 Portal design & implementation
In order to achieve the requirements, we design and enhance a new, dynamic portal for
NTUH. First, the portal integrates SSOS features. Secondly, we establish a hierarchical
architecture and classify function linkages into groups which will be described clearly later.
Therefore, the portal can provide intuitive and effective access. In addition, the portal site
needs to provide visualized menu selections. The independent function linkages (URL links)
are kept in files, i.e., configuration files. These files will be used for menu configuration and
generation dynamically.
