Difference between revisions of "WPAC Resource Security RBAC"
m |
|||
Line 3: | Line 3: | ||
== Resource Security through Role Based Access Control == | == Resource Security through Role Based Access Control == | ||
− | === HL7 role engineering === | + | === HL7 role engineering === |
− | + | Role-based access control systems are very common in the health care sector. The mostly proprietary implementations of medical management information systems were consolidated over the past years concerning their fundamental access control mechanisms. The overall direction is clearly leading towards a gradual alignment and adaption to the RBAC standard. | |
− | |||
− | |||
− | + | Leading organisations coordinating, applying, and advancing RBAC in the health care sector are the US Department of Veterans Affairs [VHA RBAC] and Health Level Seven (HL7). Those established scenario-driven processes in order to identify and specify the roles and their concrete permissions that are required to fulfil the specific tasks in the medical environment. | |
− | + | ||
+ | [[Image:WPAC_HL7_Role_Engineering_v01.png]] '''Note: Image from HL7. A new figure is provided for the final release of the WP.'' | ||
+ | |||
+ | |||
+ | The starting point for the analysis of roles and rights are the so-called scenarios, in which typical procedures excerpts of medical actors are illustrated and described narratively. The scenarios itself consist of individual steps (action or event within a scenario) that incorporate the concrete operations that are executed onto the medcial or administrative objects. | ||
+ | The required permissions on order to successfully perform those operations are combined into catalogues and assigned to profiles (roles). Inversely, scenarios are combined to tasks on a higher, conceptional level. | ||
+ | |||
+ | |||
+ | Currently, there are five scenario collections (tasks) specified by HL7: | ||
* Order Entry | * Order Entry | ||
* Review Documentation | * Review Documentation | ||
Line 16: | Line 22: | ||
* Scheduling | * Scheduling | ||
* Administration | * Administration | ||
− | + | ||
+ | |||
+ | The outcome is a structured catalogue that illustrates, what permissions (operations onto resources) are addresses within the particular scenarios [HL7 HPC-3.34]. In a second step, the identified actors are integrated, creating a matrix manifesting the roles and permissions. This matrix presents in what scenarios which permissions are required in order to perform the scenarios operations. | ||
=== Role activation === | === Role activation === |
Revision as of 10:18, 19 January 2009
IHE White Paper on Access Control
Resource Security through Role Based Access Control
HL7 role engineering
Role-based access control systems are very common in the health care sector. The mostly proprietary implementations of medical management information systems were consolidated over the past years concerning their fundamental access control mechanisms. The overall direction is clearly leading towards a gradual alignment and adaption to the RBAC standard.
Leading organisations coordinating, applying, and advancing RBAC in the health care sector are the US Department of Veterans Affairs [VHA RBAC] and Health Level Seven (HL7). Those established scenario-driven processes in order to identify and specify the roles and their concrete permissions that are required to fulfil the specific tasks in the medical environment.
'Note: Image from HL7. A new figure is provided for the final release of the WP.
The starting point for the analysis of roles and rights are the so-called scenarios, in which typical procedures excerpts of medical actors are illustrated and described narratively. The scenarios itself consist of individual steps (action or event within a scenario) that incorporate the concrete operations that are executed onto the medcial or administrative objects.
The required permissions on order to successfully perform those operations are combined into catalogues and assigned to profiles (roles). Inversely, scenarios are combined to tasks on a higher, conceptional level.
Currently, there are five scenario collections (tasks) specified by HL7:
- Order Entry
- Review Documentation
- Perform Documentation
- Scheduling
- Administration
The outcome is a structured catalogue that illustrates, what permissions (operations onto resources) are addresses within the particular scenarios [HL7 HPC-3.34]. In a second step, the identified actors are integrated, creating a matrix manifesting the roles and permissions. This matrix presents in what scenarios which permissions are required in order to perform the scenarios operations.
Role activation
HL7/VA access control matrices
Discussion
place issues to be discussed among the editorial team here...
Change Requests
place your change requests here...