From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,55958fd991db66fe
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-09-15 01:42:06 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!tethys.csu.net!nntp!sn-xit-05!sn-xit-06!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: achrist@easystreet.com
Newsgroups: comp.lang.ada
Subject: Re: Advantage of XML based GUI? (was Re: Ada-inspired OS/Language)
Date: Sun, 15 Sep 2002 01:38:25 -0700
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <3D844701.E0E56743@easystreet.com>
X-Mailer: Mozilla 4.79 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
References: <mailman.1031523303.26917.comp.lang.ada@ada.eu.org>
 <slrnanots5.2b2.randhol+news@kiuk0156.chembio.ntnu.no>
 <4519e058.0209101828.cb5ff85@posting.google.com>
 <3d7f9d3f.920665532@news.cis.dfn.de>
 <slrnao0ihd.14r.randhol+news@kiuk0156.chembio.ntnu.no>
 <3d80b566.992395741@news.cis.dfn.de>
 <slrnao1h4s.271.randhol+news@kiuk0156.chembio.ntnu.no>
 <3d813a2b.1026389832@news.cis.dfn.de> <3D841FA5.1020305@attbi.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@supernews.com
Xref: archiver1.google.com comp.lang.ada:28979
Date: 2002-09-15T01:38:25-07:00
List-Id: <comp.lang.ada>

Mark Biggar wrote:
> 
> 
> To see a fairly complete implementation of this type of security system
> see the latest versions of Sun Solaris.  You will find how it all works
> under the heading "Role Based Access Control".  If you want the data
> labeling controls as well see Manditory Access Control under Sun's
> Trusted Solaris Product.
> 

There is new healthcare privacy legislation in the US.  It mandates
the roll-based approach.  (For example, at the doctor's office, the
tech who draws blood doesn't get to see your financial info, the 
person who schedules appointments doesn't get to see your X-rays, 
the person who bills your insurer doesn't get to know your hospital
room number, etc, etc).  This approach doesn't relate well to simple
security by clearance levels, it's all based on what the user is 
doing.  If you  do two different jobs, you may have to use two
different sign-ons -- won't that be fun?  And unless your system 
has separate screens designed for each role, you'll likely have to 
control  visibility of the items on your screens, field-by-field and
role by role.  None of this is in any sense optional.

Healthcare being perhaps the only business bigger than national defense
in the US,  you can guess why Sun is going this way.   So, if AdaOS
has security based on clearance levels and not roles, it is 
irrelevant for meeting mandatory federal requirements for healthcare
organizations -- and that's perhaps the biggest industry in the US. 


Al