Scenario:
By default, doctors cannot access a patient's medical data without permission from the patient.
Patient A grants Doctor B access to all of their medical data. It's possible that there will be other complicated access scenarios, like Patient A grants Doctor B only a specific type of medical data.
I can think of two possible ways to implement this but I'm not sure which one is better:
1) When patient grants access to a doctor, it creates a policy file attached to the patient.
2) When patient grants access to a doctor, it populates an attribute which is fed to a predefined policy file.
Thanks.
Vincent
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Scenario:
By default, doctors cannot access a patient's medical data without permission from the patient.
Patient A grants Doctor B access to all of their medical data. It's possible that there will be other complicated access scenarios, like Patient A grants Doctor B only a specific type of medical data.
I can think of two possible ways to implement this but I'm not sure which one is better:
1) When patient grants access to a doctor, it creates a policy file attached to the patient.
2) When patient grants access to a doctor, it populates an attribute which is fed to a predefined policy file.
Thanks.
Vincent