1 / 19

HL7 Security and Privacy Ontology Policy and Decision Examples

HL7 Security and Privacy Ontology Policy and Decision Examples. Tony Weida. “Somewhere Hospital” Policies. Small fictional example Illustrates Modular composition of reusable policy elements Precise, unambiguous expression and composition via logical operators.

kesler
Download Presentation

HL7 Security and Privacy Ontology Policy and Decision Examples

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HL7 Security and Privacy OntologyPolicy and Decision Examples Tony Weida

  2. “Somewhere Hospital” Policies • Small fictional example • Illustrates • Modular composition of reusable policy elements • Precise, unambiguous expression and composition via logical operators

  3. SomewhereHospitalBasicSecurityPolicyForAuthentication Class is a reusable component for multiple policies Asserted equivalent class: BasicSecurityPolicy and (authenticationLevelOfAssurance only integer[>= 3 , <= 4]) and (thirdPartyLevelOfAssurance only integer[>= 3 , <= 4]) and (identityProofingLevelOfAssurance value 4)

  4. SomewhereHospitalAuthorizationPolicyDisjunct_A One authorized access pattern Value expression is a nested class expression which further restricts the universal range restriction of InformationReference Asserted equivalent class: AuthorizationPolicy and governsInformationReference only (hasObject only AccountReceivable) and governsOperation only (Create or Read or Update or Append) and governsSecurityRole only AdministratorFunctionalRole and (governsTimeOfDay only integer[>= 28800 , <= 64800]) and restrictedToRoute only LocalAreaNetwork Nested alternatives 8:00 AM – 6:00 PM

  5. SomewhereHospitalInformationReference_B Asserted equivalent class: InformationReference and hasIntegrity some (CLINRPT or HCPRPT) and hasIntegrity some (HRELIABLE or RELIABLE) and hasObject only ExternalClinicalInformation Will reference in next slide …

  6. SomewhereHospitalAuthorizationPolicyDisjunct_B Nested class expression included by name (from previous slide) Asserted equivalent class: AuthorizationPolicy and governsInformationReference onlySomewhereHospitalInformationReference_B and governsOperation only Forward and governsPurposeOfUse only TREAT and governsSecurityRole only (NurseFunctionalRole orPhysicianFunctionalRole) These – and all other – class references match all their subclasses too

  7. NurseTraineeFunctionalRole A class which extends the SecurityRole class hierarchy Asserted superclass: NurseFunctionalRole NurseTraineeFunctionalRole will match the reference to NurseFunctionalRole on previous slide

  8. SomewhereHospitalAuthorizationPolicyNurseTraineeForward Describes an authorized access pattern to be negated … Asserted equivalent class: AuthorizationPolicy and governsOperation only Forward and governsSecurityRole only NurseTraineeFunctionalRole

  9. Consolidated authorization policy for Somewhere Hospital SomewhereHospitalAuthorizationPolicy Authentication component included Asserted equivalent class: SomewhereHospitalBasicPolicyForAuthentication and (SomewhereHospitalAuthorizationPolicyDisjunct_A or SomewhereHospitalAuthorizationPolicyDisjunct_B) andnot SomewhereHospitalAuthorizationPolicyNurseTraineeForward Alternative authorized access patterns combined with or OWL reasoner determines whether entire class expression is satisfiable Unauthorized access patterns negated with not

  10. SomewhereHospitalObligationPolicy Asserted equivalent class: ObligationPolicy and governsOperation only Forward and specifiesObligation value AOD and specifiesObligation value CPLYCD Forwarding implies obligations to audit disclosure and to comply with consent directive

  11. SomewhereHospitalCompositeSecurityPolicy Asserted equivalent classes: CompositeSecurityPolicy and containsSecurityPolicy some SomewhereHospitalAuthorizationPolicy and containsSecurityPolicy some SomewhereHospitalObligationPolicy

  12. Combining Policies SomewhereHospitalAuthorizationPolicy Asserted equivalent class: SomewhereHospitalBasicPolicyForAuthentication and (SomewhereHospitalAuthorizationPolicyDisjunct_A or SomewhereHospitalAuthorizationPolicyDisjunct_B) andnotSomewhereHospitalAuthorizationPolicyNurseTraineeForward ElsewhereHospitalAuthorizationPolicy Asserted equivalent class: AuthorizationPolicy and governsInformationReference only (hasObject onlyExternalClinicalInformation or TransferSummary) and governsOperation only (Create orRead orForward) and governsSecurityRole onlyNurseFunctionalRole and (governsTimeOfDay only integer[>= 32400 , <= 61200]) and restrictedToRoute only(LocalAreaNetwork or VirtualPrivateNetwork) CombinedAuthorizationPolicy Asserted equivalent class: SomewhereHospitalAuthorizationPolicy and ElsewhereHospitalAuthorizationPolicy Stated description superficially quite different from SomewhereHospitalAuthorizationPolicy but entirely comparable via logic Merging policies is simply logical Could as well combine: FederalPolicyandStatePolicyandSomewhereHospitalPolicyandConsentForHarryLevin

  13. Partial Class Hierarchy (Stated) BasicSecurityPolicy SomewhereHospitalBasicSecurityPolicyForAuthentication AuthorizationPolicy SomewhereHospitalAuthorizationPolicyDisjunct_A SomewhereHospitalAuthorizationPolicyDisjunct_B SomewhereHospitalAuthorizationPolicy ElsewhereHospitalAuthorizationPolicy CombinedAuthorizationPolicy

  14. Partial Class Hierarchy Partial Class Hierarchy (Inferred) OWL Reasoner confirms and refines subclass relationships for display and review BasicSecurityPolicy SomewhereHospitalBasicSecurityPolicyForAuthentication AuthorizationPolicy SomewhereHospitalAuthorizationPolicyDisjunct_A SomewhereHospitalAuthorizationPolicyDisjunct_B SomewhereHospitalAuthorizationPolicy is either of these disjuncts, so it must be an AuthorizationPolicy SomewhereHospitalAuthorizationPolicy ElsewhereHospitalAuthorizationPolicy CombinedAuthorizationPolicy Organizational benefits grow with the size of the policy library

  15. I_InformationReference_B_123 An individual Asserted description: Property assertions: hasIntegrity CLINRPT hasIntegrity HRELIABLE hasObject I_ExternalClinicalInformation_123 • InformationReference • hasIntegrity exactly 2 • hasObject exactly 1 … of type InformationReference, with two integrity values (only) and one object (only) Will reference in next slide …

  16. I_CandidateInstantiationOfAuthorizationPolicy_123 Asserted description: governsInformationReference I_InformationReference_B_123 governsOperation I_Forward_123 governsPurposeOfUse TREAT governsSecurityRole PhysicianFunctionalRole restrictedToRoute I_SomewhereHospital_LocalAreaNetwork Property assertions: • Authorization Policy • governsInformationReference max 1 • governsOperation max 1 • governsPurposeOfUse max 1 • governsSecurityRole max 1 • restrictedToRoute max 1 Data assertions: Is this access authorized? According to which policies? • authenticationLevelOfAssurance 4 • identityProofingLevelOfAssurance 4 • thirdPartyLevelOfAssurance 4 • governsTimeOfDay 43200 Guaranteed consistent decision rendered by OWL reasoner. No software writing required. Instantiates SomewhereHospitalAuthorizationPolicy but not ElsewhereHospitalAuthorizationPolicy

  17. I_CandidateInstantiationOfAuthorizationPolicy_123 Asserted description: Property assertions: governsInformationReference I_InformationReference_B_123 governsOperation I_Forward_123 governsPurposeOfUse TREAT governsSecurityRole NurseTraineeFunctionalRole restrictedToRoute I_SomewhereHospital_LocalAreaNetwork • Authorization Policy • governsInformationReference max 1 • governsOperation max 1 • governsPurposeOfUse max 1 • governsSecurityRole max 1 • restrictedToRoute max 1 Data assertions: • authenticationLevelOfAssurance 4 • identityProofingLevelOfAssurance 4 • thirdPartyLevelOfAssurance 4 • governsTimeOfDay 43200 Instantiates ElsewhereHospitalAuthorizationPolicy but not SomewhereHospitalAuthorizationPolicy

  18. I_CandidateInstantiationOfAuthorizationPolicy_123 Asserted description: Property assertions: governsInformationReference I_InformationReference_B_123 governsOperation I_Forward_123 governsPurposeOfUse TREAT governsSecurityRole RegisteredNurseFunctionalRole restrictedToRoute I_SomewhereHospital_LocalAreaNetwork • Authorization Policy • governsInformationReference max 1 • governsOperation max 1 • governsPurposeOfUse max 1 • governsSecurityRole max 1 • restrictedToRoute max 1 Data assertions: • authenticationLevelOfAssurance 4 • identityProofingLevelOfAssurance 4 • thirdPartyLevelOfAssurance 4 • governsTimeOfDay 43200 Instantiates CombinedAuthorizationPolicy, i.e., both SomewhereHospitalAuthorizationPolicy and ElsewhereHospitalAuthorizationPolicy

  19. Discussion

More Related