Joseph Poole
John Barkley
Kevin Brady
Anthony Cincotta
Wayne Salamon

The use of software in the health care industry is becoming of increasing importance. One of the major roadblocks to efficient health care is the fact that important information is distributed across many sites. These sites can be located across a significant area. The problem is to provide a uniform mechanism to integrate this information. This paper documents the results of an investigation into the suitability of several different distributed access mechanisms. Five methods were examined: the Common Object Request Broker (CORBA), Object Linking and Embedding (OLE), remote procedure call (RPC), remote database access (SQL/RDA) and Protocol Independent Interfaces (PII, we specifically examined sockets). These mechanisms were compared with regard for use in health care applications. In particular, the following capabilities were compared:

• Ease of use by the developer
• Class of applications for which the technology is particularly effective in developing
• Security capabilities
• Protocols utilized
• Performance of the transport mechanism.

A second goal was to explore the use of role-based access control (RBAC). RBAC is a security mechanism that is more flexible than Mandatory Access Control, but easier to use than just plain access control lists. Every user is assigned to one or more roles. Each role can perform some operations but not others.

A demonstration application was constructed that used the distributed communication methods to implement a patient record database. This report discusses how these mechanisms were used in the demonstration project and the results found. Not unsurprisingly, we discovered that each of the mechanisms were effective for different purposes. These findings are discussed in detail in this report. One component of the demonstration project also implemented role-based access control and is detailed in this report.

Keywords : access control, CORBA, distributed, health care, OLE, PII, RBAC, role-based, RPC, security, SQL/RDA, transport

Trademarks

Ada is a registered trademark of the U.S. Government (Ada Joint Program Office). Microsoft and Windows are registered trademarks of Microsoft Corporation. Microsoft Visual Basic is a trademark of Microsoft Corporation. Borland is a registered trademark of Borland International, Inc. Unix is a registered trademark of Novell, Inc.

Certain commercial products are identified in this report. Such identification does not imply recommendation or endorsement by the National Institute of Standards and Technology, nor does it imply that the product, publication or service identified is necessarily the best available for the purpose.

Acronyms
1 Introduction
2 Technical Overview of Transport Mechanisms
2.1 CORBA
2.2 OLE
2.3 SQL/RDA
2.4 Sockets
2.5 RPC
3 Technical Overview of Role Based Access Control
3.1 Implementing Role Based Access Control Using Object Technology
4 Demonstration Applications
4.1 POSIX Demo
4.1.1 Operation of the server object methods
4.1.2 Role-Based Access Control in the Server
4.2 The PC Demo
4.2.1 OLE Objects Used in the Viewer
4.3 Other Distributed Communication Methods
5 Conclusions
Appendix A - Code for Role-based Access Control using Object Technology
Appendix B - IDL Description of Patient Record Object
Glossary
References