{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,26]],"date-time":"2025-09-26T13:09:24Z","timestamp":1758892164803},"reference-count":33,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,1,1]]},"abstract":"<p>The authors introduce a group-based discretionary access control with decentralized permission and group management for scientific repositories. Currently, access control approaches for repositories have inflexible centralized administrations, which do not scale well to large numbers of users. Moreover, discretionary access control is a legal standard for health-related resources. The proposed access control model, which is formalized using Barker's Unifying Meta-model, differentiates permissions for data and meta-data, enabling the sharing of meta-data while protecting sensitive data. The authors describe how the model was implemented, and what challenges were tackled, in the Epidemic Marketplace, an open software information platform for epidemic studies, designed to foster cooperative behavior and data sharing.<\/p>","DOI":"10.4018\/jitr.2014010106","type":"journal-article","created":{"date-parts":[[2014,7,25]],"date-time":"2014-07-25T20:09:05Z","timestamp":1406318945000},"page":"78-94","source":"Crossref","is-referenced-by-count":7,"title":["Group-Based Discretionary Access Control in Health Related Repositories"],"prefix":"10.4018","volume":"7","author":[{"given":"Jo\u00e3o","family":"Zamite","sequence":"first","affiliation":[{"name":"LaSIGE, Faculty of Sciences, University of Lisbon, Lisbon, Portugal"}]},{"given":"Dulce","family":"Domingos","sequence":"additional","affiliation":[{"name":"LaSIGE, Faculty of Sciences, University of Lisbon, Lisbon, Portugal"}]},{"given":"M\u00e1rio J.","family":"Silva","sequence":"additional","affiliation":[{"name":"IST\/INESC-ID, University of Lisbon, Lisbon, Portugal"}]},{"given":"Carlos","family":"Santos","sequence":"additional","affiliation":[{"name":"LaSIGE, Faculty of Sciences, University of Lisbon, Lisbon, Portugal"}]}],"member":"2432","reference":[{"key":"jitr.2014010106-0","doi-asserted-by":"publisher","DOI":"10.1016\/S0164-1212(00)00084-4"},{"key":"jitr.2014010106-1","unstructured":"Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., & Haghighat, S. A. (1995). A domain and type enforcement UNIX prototype. In Proceedings of the 5th Conference on USENIX UNIX Security Symposium (Vol. 5, p. 12). USENIX Association."},{"key":"jitr.2014010106-2","doi-asserted-by":"crossref","unstructured":"Barker, S. (2009). The next 700 access control models or a unifying meta-model? In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (pp. 187\u2013196). ACM.","DOI":"10.1145\/1542207.1542238"},{"key":"jitr.2014010106-3","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1007\/978-3-540-70567-3_7","article-title":"Privacy-aware collaborative access control in web-based social networks.","volume":"XXII","author":"B.Carminati","year":"2008","journal-title":"Data and Applications Security"},{"key":"jitr.2014010106-4","doi-asserted-by":"crossref","unstructured":"Carminati, B., Ferrari, E., & Perego, A. (2006). Rule-based access control for social networks. In Proceedings of the On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (pp. 1734\u20131744). Springer.","DOI":"10.1007\/11915072_80"},{"key":"jitr.2014010106-5","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609962"},{"issue":"3","key":"jitr.2014010106-6","doi-asserted-by":"crossref","DOI":"10.22230\/cjc.2004v29n3a1455","article-title":"Supporting and enhancing scholarship in the Digital Age: The role of open access institutional repository.","volume":"29","author":"L.Chan","year":"2004","journal-title":"Canadian Journal of Communication"},{"key":"jitr.2014010106-7","unstructured":"dos Santos, C. A. G. J. (2013). Access control system for the epidemic marketplace. Retrieved from http:\/\/hdl.handle.net\/10451\/10258"},{"key":"jitr.2014010106-8","first-page":"31","article-title":"95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.","volume":"281","year":"1995","journal-title":"Official Journal of the European Communities"},{"key":"jitr.2014010106-9","year":"2012","journal-title":"Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data"},{"key":"jitr.2014010106-10","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"jitr.2014010106-11","unstructured":"Grunbacher, A., & Nuremberg, A. (2003). Posix access control lists on linux. In Proceedings of the USENIX 2003 Annual Technical Conference, FREENIX track (pp. 259\u2013272)."},{"key":"jitr.2014010106-12","author":"E. H.Halili","year":"2008","journal-title":"Apache JMeter: A practical beginner\u2019s guide to automated testing and performance measurement for your websites"},{"key":"jitr.2014010106-13","unstructured":"Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., & Ravid, Y. (2002). Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P 2000) (pp. 2\u201314). IEEE."},{"key":"jitr.2014010106-14","unstructured":"Kapica, A. (2014). Mediawiki extension: Access control. Retrieved from http:\/\/www.mediawiki.org\/wiki\/Extension:AccessControl"},{"key":"jitr.2014010106-15","doi-asserted-by":"crossref","unstructured":"Krishnan, R., Sandhu, R., Niu, J., & Winsborough, W. H. (2009). A conceptual framework for group-centric secure information sharing. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (pp. 384\u2013387). ACM.","DOI":"10.1145\/1533057.1533111"},{"key":"jitr.2014010106-16","doi-asserted-by":"publisher","DOI":"10.1007\/s00799-005-0130-3"},{"key":"jitr.2014010106-17","unstructured":"Lindqvist, H. (2006). Mandatory access control. Master\u2019s Thesis in Computing Science, Umea University, Department of Computing Science, SE-901, 87."},{"key":"jitr.2014010106-18","doi-asserted-by":"crossref","unstructured":"Lopes, L. F., Silva, F. A. B., Couto, F., Zamite, J., Ferreira, H., Sousa, C., & Silva, M. J. (2010). Epidemic marketplace: An information management system for epidemiological data. In Proceedings of the ITBAM - DEXA 2010.","DOI":"10.1007\/978-3-642-15020-3_3"},{"key":"jitr.2014010106-19","unstructured":"Moses, T. (2005). Extensible access control markup language (xacml) version 2.0. Oasis Standard, 200502."},{"key":"jitr.2014010106-20","unstructured":"Nguyen, C., Dalziel, J., & Cassidy, S. (2008). Flexible access control, federated identity and heterogeneous metadata supports for repositories. In Proceedings of eResearch Australasia 2008."},{"key":"jitr.2014010106-21","unstructured":"Sandhu, R., & Ahn, G. J. (1998). Decentralized group hierarchies in UNIX: An experiment and lessons learned. In Proc. 21st NIST-NCSC National Information Systems Security Conference (pp. 486\u2013502)."},{"key":"jitr.2014010106-22","doi-asserted-by":"crossref","unstructured":"Sandhu, R., Ferraiolo, D., & Kuhn, R. (2000). The nist model for role-based access control: Towards a unified standard. In Proceedings of 5th ACM Workshop on Role-Based Access Control, Berlin, Germany.","DOI":"10.1145\/344287.344301"},{"key":"jitr.2014010106-23","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"jitr.2014010106-24","unstructured":"Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., & Lepreau, J. (1999). The flask security architecture: System support for diverse security policies. In Proceedings of the 8th conference on USENIX Security Symposium (Volume 8, p. 11). USENIX Association."},{"key":"jitr.2014010106-25","unstructured":"Tcsec, D. (1985). Trusted computer system evaluation criteria. Technical Report 5200.28-STD, US Department of Defense."},{"key":"jitr.2014010106-26","unstructured":"Thomas, R. K., & Sandhu, R. S. (1993). Discretionary access control in object-oriented databases: Issues and research directions. In Proc. 16th National Computer Security Conference (pp. 63\u201374)."},{"key":"jitr.2014010106-27","doi-asserted-by":"crossref","unstructured":"Tomlinson, T., & VanDyk, J. K. (2010). Pro Drupal 7 development. The expert\u2019s voice\u00ae in open source. Berkeley, A: Apress. Retrieved from http:\/\/opac.inria.fr\/record=b1134236","DOI":"10.1007\/978-1-4302-2839-4"},{"key":"jitr.2014010106-28","unstructured":"Walker, K. M., Sterne, D. F., Badger, M. L., Petkac, M. J., Shermann, D. L., & Oostendorp, K. A. (1996). Confining root programs with domain and type enforcement (DTE). In Proceedings of the 6th USENIX Security Symposium (Vol. 2)."},{"key":"jitr.2014010106-29","article-title":"Riding the wave: How Europe can gain from the rising tide of scientific data.","author":"J.Wood","year":"2010","journal-title":"European Union"},{"key":"jitr.2014010106-30","first-page":"11","article-title":"The GLEaMviz computational tool, a publicly available software to explore realistic epidemic spreading scenarios at the global scale.","author":"B.Wouter","year":"2011","journal-title":"BMC Infectious Diseases"},{"key":"jitr.2014010106-31","doi-asserted-by":"crossref","unstructured":"Yeong, W., Howes, T., & Kille, S. (1995). Lightweight directory access protocol. RFC 1777, March.","DOI":"10.17487\/rfc1777"},{"key":"jitr.2014010106-32","doi-asserted-by":"publisher","DOI":"10.1016\/j.protcy.2013.12.128"}],"container-title":["Journal of Information Technology Research"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=111253","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T20:19:47Z","timestamp":1654114787000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jitr.2014010106"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,1,1]]},"references-count":33,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2014,1]]}},"URL":"https:\/\/doi.org\/10.4018\/jitr.2014010106","relation":{},"ISSN":["1938-7857","1938-7865"],"issn-type":[{"value":"1938-7857","type":"print"},{"value":"1938-7865","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,1,1]]}}}