RE: A question on the vocabulary for 'persons' - ACL level of granularity? from Chimezie Ogbuji on 2006-09-14 (public-semweb-lifesci@w3.org from September 2006)

From: Chimezie Ogbuji <ogbujic@bio.ri.ccf.org>
Date: Thu, 14 Sep 2006 09:57:06 -0400 (EDT)
To: "Kashyap, Vipul" <VKASHYAP1@partners.org>
cc: Marco Brandizi <brandizi@ebi.ac.uk>, w3c semweb hcls <public-semweb-lifesci@w3.org>
Message-ID: <Pine.GSO.4.60.0609140939430.6156@joplin.bio.ri.ccf.org>

On Thu, 14 Sep 2006, Kashyap, Vipul wrote:

> An important issue that is likely to come up soon in healthcare is the
> integration of a person's genetic information in the electronic medical record.
>
>
>
> So, would it make sense to extend the person class to hold a person's genomic
> information?

Absolutely.  However, concensus on a placeholder class for a person 
doesn't prevent you from extending it with other attributes (or 
relationships with other classes) at a latter point - that's one of the 
advantages of the expressiveness of Description Logics.

Seems to me the biggest barrier is in coming to a concensus on 
an appropriate placeholder vocabulary and not neccessarily on determining 
all the various ways in which a person (and their related data) could be 
expressed in a patient record.

> Another big issue is one of privacy. How does one specify ACLs related to what
> fields of the person class be visible to which classes of users?
>
> Maybe we need another ontology there?

I'm glad you brought this up.  I've been of the opinion for some time that 
issues of security policy (from the perpective of content management 
systems at least) are often overlooked within Semantic Web technologies and that
Access Control Lists are a very appropriate model to follow.  The structure is very simple, and it is a time-tested 
infrastructure for delegating identification-driven access to resources.

A follow-up question I have about this is if we imagine (for HCLS 
purposes) access control being specified down to the level of 
triples *within* a graph (assuming a partitioning scenario where each
  patient record constitutes a named graph) or if ACL would only manage 
access at the record level.

The distinction is important as the content 
management system we use controls access to the record (or graph) level 
allowing content ontologies to remain ACL-agnostic - and delegating access 
control as a mechanism of the content management system.

If a finer level of granularity is needed, it does suggests the need for a 
general-purpose ontology for ACL.

>
>
>
> ---Vipul
>
>

Chimezie Ogbuji
Lead Systems Analyst
Thoracic and Cardiovascular Surgery
Cleveland Clinic Foundation
9500 Euclid Avenue/ W26
Cleveland, Ohio 44195
Office: (216)444-8593
ogbujic@ccf.org

Received on Thursday, 14 September 2006 13:57:34 UTC