59,412 research outputs found

    An Audit Logic for Accountability

    Get PDF
    We describe and implement a policy language. In our system, agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations, and also the possibility to refine policies. In our framework, the compliance with usage policies is not actively enforced. However, agents are accountable for their actions, and may be audited by an authority requiring justifications.Comment: To appear in Proceedings of IEEE Policy 200

    The Audit Logic: Policy Compliance in Distributed Systems

    Get PDF
    We present a distributed framework where agents can share data along with usage policies. We use an expressive policy language including conditions, obligations and delegation. Our framework also supports the possibility to refine policies. Policies are not enforced a-priori. Instead policy compliance is checked using an a-posteriri auditing approach. Policy compliance is shown by a (logical) proof that the authority can systematically check for validity. Tools for automatically checking and generating proofs are also part of the framework.\u

    Audit-based Compliance Control (AC2) for EHR Systems

    Get PDF
    Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms

    Agri-food qualification and certification process as an interface between exchange marketing and reciprocity

    Get PDF
    Ce texte mobilise la théorie de la réciprocité en anthropologie économique pour analyser les processus de qualification des produits de l'agriculture familiale au Brésil. Tout processus de qualification qui garantit l'origine, la spécificité, la qualité d'un produit peut réduire les effets de concurrence et de spéculation spécifiques à l'échange capitaliste. Je fais l'hypothèse que les processus de qualification peuvent contribuer à établir une relation de réciprocité symétrique entre producteur et consommateur. Ils peuvent également concourir à engendrer une structure de partage (de la qualité) au sein d'un groupe de producteurs. Mais, les mécanismes de qualification et certification peuvent également introduire l'exclusion, car en dehors du groupe et des produits certifiés ce sont les lois de l'échange qui régulent le marché. C'est pourquoi on a besoin d'une forme d'interface ou d'articulation entre production et marché. L'interface offerte par les mécanismes de certification de la qualification permet de réintroduire la dimension de la réciprocité économique dans le système du marché d'échange capitaliste. Ce texte repose sur la comparaison de trois systèmes de certification de produits agro-écologiques au Brésil : la certification externe de groupes, la certification participative et la cocertification. (Résumé d'auteur

    Governing partnerships

    Get PDF
    Public private partnerships (PPPs) are instruments of the public interest, yet bodies that actively engage private actors. As a result, questions of governance are particularly important. Here, governance refers to the rules that prescribe who should make, execute and be accountable for the conduct of a PPP, and in what way that conduct should be exercised, for example through consultation with interested parties, transparency in decision-making, and so on. This chapter explores four facets of PPP governance: legal, regulatory, democratic, and corporate governance. Legal governance has implications for the allocation of roles and responsibilities between the parties to the PPP, the PPP entity itself, and the state and citizens more widely. Regulatory governance covers the legal and contractual obligations on parties, the procedures through which they are enforced, and the softer norms that operate around these. Democratic governance concerns the empirical and normative question of what is, and what should be, the level and form of constitutional oversight of PPPs. Corporate governance concerns itself with ensuring that the enterprise is managed in a manner that does not put the future of the business and investors funds at undue risk. The chapter concludes that the key task in developing the governance of PPPs is less to do with their financial probity, and more with aligning their mode of operating to the fundamental democratic values of the wider public service

    Institutional logics, blended and suspended

    Get PDF
    This paper examines how a new institution, a code of conduct, arises and develops over time. It shows how the process of debate airs competing logics, questions and fails to question assumptions taken for granted, and yet achieves a large degree of legitimacy without having resolved certain core issues. The UK code of corporate governance has been emulated around the world as a model of good practice. By examining in detail one aspect of the debate – the issue over unitary or two-tier boards – the paper shows how the contest of logics leads not just to new, blended or hybrid logics, but also to suspended logics. The process of consultation brings together actors from differing organizational fields and institutional orders, offering an opportunity to create a new field in a different order, with specific lessons for the practice of corporate governance and general lessons for institution-building

    A perspective on the proposal for European public sector accounting standards, in the context of accruals in UK government accounting

    Get PDF
    This paper offers a UK perspective on the proposal to develop European Public Sector Accounting Standards (EPSAS). It offers the fundamentals of the UK government’s system of budgeting and accounting, which is the responsibility of the UK Treasury, being one part of its responsibilities for the UK’s fiscal and monetary policies. In the light of this, the EPSAS proposal remains a puzzle and a peripheral one at that. The paper ponders on the forces underlying the EPSAS proposal and notes that for the government practitioner in an EU member state, rules emanating from the EU would naturally have a macro-level focus. Consequently, any potential advantages of an accrual accounting system at micro-level may not be fully appreciated.peer-reviewe

    A standard-driven communication protocol for disconnected clinics in rural areas

    Get PDF
    The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it
    corecore