EFA Sicherheitsdienste (logische Spezifikation)
Implementierungsleitfaden
K (→Spezifikation) |
|||
Zeile 1: | Zeile 1: | ||
+ | {{Infobox Dokument | ||
+ | |Title = EFA Sicherheitsdienste (logische Spezifikation) | ||
+ | |Short = EFA Sicherheitsdienste (logische Spezifikation) | ||
+ | |Namespace = cdaefa | ||
+ | |Type = Implementierungsleitfaden | ||
+ | |Version = 0.9 | ||
+ | |Submitted = February 2013 | ||
+ | |Author = Jörg Caumanns, Raik Kuhlisch | ||
+ | |Date = March 2013 | ||
+ | |Copyright = 2012-2013 | ||
+ | |Status = Draft | ||
+ | |Period = xxx | ||
+ | |OID = n.n. | ||
+ | |Realm = Deutschland | ||
+ | }} | ||
+ | |||
This section concerns the service functional models of the eCR security services that realize the access control scenario of the electronic Case Record. The following table gives an overview of the eCR security services and their functionality. | This section concerns the service functional models of the eCR security services that realize the access control scenario of the electronic Case Record. The following table gives an overview of the eCR security services and their functionality. | ||
Version vom 13. März 2013, 05:55 Uhr
Dieses Dokument gibt wieder:
Implementierungsleitfaden EFA Sicherheitsdienste (logische Spezifikation) (0.9). Die Teilmaterialien gehören der Kategorie cdaefa an. |
EFA Sicherheitsdienste (logische Spezifikation)
EFA Sicherheitsdienste (logische Spezifikation)
Implementierungsleitfaden
vorgelegt von:
February 2013
Jörg Caumanns, Raik Kuhlisch
February 2013
Jörg Caumanns, Raik Kuhlisch
Draft
Copyright © 2012-2013: HL7 Deutschland
This section concerns the service functional models of the eCR security services that realize the access control scenario of the electronic Case Record. The following table gives an overview of the eCR security services and their functionality.
Service | Tasks | Persistent Data |
---|---|---|
Identity Provider | Authenticates user while it verifies the user’s credentials. This service encapsulates the supported authentication methods. | Retrieves supplemental user information as attributes from a directory service. The identities of users (individuals and/or organizations), the verification data of their credentials, and the attributes of the identities. |
eCR Admission Token Service | Calculates the pseudonyms (admission codes) to identify a patient’s records. | no persistent data |
eCR Access Token Service | Authorizes the user to access an electronic Case Record by assigning an access policy. | The admission lists of the eCRs. These lists can be imagined as tables containing record identifiers, admission codes, and corresponding access policy identifiers. |
eCR Policy Token Service | Provides the access policies of electronic Case Records. | A table (etc.) that matches policy identifiers with access policies. |
Identity Provider
The Identity Provider authenticates the user while it verifies the user’s credentials. The required credentials depend on the authentication method. The service issues an Identity Assertion on successful authentication. This service MUST support at least the following authentication methods:
- Direct trust: authenticate a dedicated client verifying the X.509 certificate of a known user identity
- Brokered trust: authenticate a trusted client verifying the provided Guarantor Assertion and the X.509 certificate that is used to sign this assertion.
Spezifikation
- Normative Spezifikation: EFA Identity Provider Service Functional Model
- Binding: EFA Identity Provider WS Trust Binding
- zurück zur EFA-2.0-Spezifikation