Abstract
Application environments dealing with sensitive information require mechanisms to define the circumstances for data disclosure. In event-based environments, access control typically concerns messages (events) as they occur. However, scenarios exist in which the retrieval of historical information is required. The publish/subscribe paradigm decouples producers from consumers, where information from numerous sources can satisfy an information request (subscription). These sources may be unknown to subscribers.
This paper describes a unified approach for managing the disclosure of both historical and future events. We show, with the aid of healthcare scenarios, how context and access mechanisms can be used for fine-grained control over the circumstances for information disclosure.