cdaefa:EFA Sicherheitsdienste (logische Spezifikation)

Aus Hl7wiki
Version vom 12. März 2013, 23:24 Uhr von Jcaumanns (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „This section concerns the service functional models of the eCR security services that realize the access control scenario of the electronic Case Record. The follo…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

This section concerns the service functional models of the eCR security services that realize the access control scenario of the electronic Case Record. The following table gives an overview of the eCR security services and their functionality.

Service Tasks Persistent Data
Identity Provider Authenticates user while it verifies the user’s credentials. This service encapsulates the supported authentication methods. Retrieves supplemental user information as attributes from a directory service. The identities of users (individuals and/or organizations), the verification data of their credentials, and the attributes of the identities.
eCR Admission Token Service Calculates the pseudonyms (admission codes) to identify a patient’s records. no persistent data
eCR Access Token Service Authorizes the user to access an electronic Case Record by assigning an access policy. The admission lists of the eCRs. These lists can be imagined as tables containing record identifiers, admission codes, and corresponding access policy identifiers.
eCR Policy Token Service Provides the access policies of electronic Case Records. A table (etc.) that matches policy identifiers with access policies.

Identity Provider

The Identity Provider authenticates the user while it verifies the user’s credentials. The required credentials depend on the authentication method. The service issues an Identity Assertion on successful authentication. This service MUST support at least the following authentication methods:

  • Direct trust: authenticate a dedicated client verifying the X.509 certificate of a known user identity
  • Brokered trust: authenticate a trusted client verifying the provided Guarantor Assertion and the X.509 certificate that is used to sign this assertion.

Spezifikation