This paper provides a summary of the approach adopted by EDITH for the definition and management of the security aspects within a generic healthcare information system, organised according to a common architecture based on characteristics of modularity, openness and federation of the individual healthcare organisations and healthcare information systems. The specification and actual development of the Authorisation Server, shortly described in this paper, is the result of the joining of the activities carried out by GESI in the frame of the NUCLEUS (AIM 2025) and EDITH-Italy (ESPRIT 7058) projects.