cdaefa:EFA Sicherheitsdienste (logische Spezifikation): Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „This section concerns the service functional models of the eCR security services that realize the access control scenario of the electronic Case Record. The follo…“) |
K (→Spezifikation) |
||
| Zeile 31: | Zeile 31: | ||
* Normative Spezifikation: [[cdaefa:EFA Identity Provider SFM|EFA Identity Provider Service Functional Model]] | * Normative Spezifikation: [[cdaefa:EFA Identity Provider SFM|EFA Identity Provider Service Functional Model]] | ||
* Binding: [[cdaefa:EFA Identity Provider WS Trust Binding|EFA Identity Provider WS Trust Binding]] | * Binding: [[cdaefa:EFA Identity Provider WS Trust Binding|EFA Identity Provider WS Trust Binding]] | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | * zurück zur [[cdaefa:EFA_Spezifikation_v2.0|EFA-2.0-Spezifikation]] | ||
Version vom 13. März 2013, 05:51 Uhr
This section concerns the service functional models of the eCR security services that realize the access control scenario of the electronic Case Record. The following table gives an overview of the eCR security services and their functionality.
| Service | Tasks | Persistent Data |
|---|---|---|
| Identity Provider | Authenticates user while it verifies the user’s credentials. This service encapsulates the supported authentication methods. | Retrieves supplemental user information as attributes from a directory service. The identities of users (individuals and/or organizations), the verification data of their credentials, and the attributes of the identities. |
| eCR Admission Token Service | Calculates the pseudonyms (admission codes) to identify a patient’s records. | no persistent data |
| eCR Access Token Service | Authorizes the user to access an electronic Case Record by assigning an access policy. | The admission lists of the eCRs. These lists can be imagined as tables containing record identifiers, admission codes, and corresponding access policy identifiers. |
| eCR Policy Token Service | Provides the access policies of electronic Case Records. | A table (etc.) that matches policy identifiers with access policies. |
Identity Provider
The Identity Provider authenticates the user while it verifies the user’s credentials. The required credentials depend on the authentication method. The service issues an Identity Assertion on successful authentication. This service MUST support at least the following authentication methods:
- Direct trust: authenticate a dedicated client verifying the X.509 certificate of a known user identity
- Brokered trust: authenticate a trusted client verifying the provided Guarantor Assertion and the X.509 certificate that is used to sign this assertion.
Spezifikation
- Normative Spezifikation: EFA Identity Provider Service Functional Model
- Binding: EFA Identity Provider WS Trust Binding
- zurück zur EFA-2.0-Spezifikation
