Access Control + Policy Structure¶

Access Control¶

¶

Policy¶

Goal: limit data access to only authorized users based on terms of use and privacy risks
Default access: Data owner

WHO : the requester is (e.g. Adam)
WHAT: data is requested (e.g. ecg, glucometer)
WHERE : the data was recorded (e.g. gym)
WHEN: the data was generated (e.g. after 04/04/2023)

Time-Based Enhancement Enables policies like " Adam may access data generated from November 1, 2024 to April 1, 2025 ”. Dates need to be converted to unix timestamp before usage with the system.