1 / 7

Refrain Policy Vocabulary

Refrain Policy Vocabulary. HL7 Security WG Kathleen Connor VA (ESC) January 2012. Refrain Policy Vocabulary Proposal. Propose that HL7 develop a “Refrain Policy” Code System to be used as Security Metadata Used to encode types of Refrain Policies

brooks
Download Presentation

Refrain Policy Vocabulary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Refrain Policy Vocabulary HL7 Security WG Kathleen Connor VA (ESC) January 2012

  2. Refrain Policy Vocabulary Proposal • Propose that HL7 develop a “Refrain Policy” Code System to be used as Security Metadata • Used to encode types of Refrain Policies • Would require adding a code to the Refrain Policy Class for Refrain Policy Type values

  3. Relation between Obligation and Refrain Policies • Ambiguity about functions of Obligation Policy and Refrain Policy • HL7 DAM definition for Obligation Policy: • May be used to indicate that the receiver of an information object may not be allowed to re-disclose or persist that information object indefinitely • ISO 22600-2 specifies that an Obligation Policy is “event-triggered and define actions to be performed by manager agent” • HL7 DAM definition for Refrain Policy: • Indicates that a specific action is prohibited based on specific access control attributes e.g., purpose of use, information type, user role, etc. • ISO 22600-2 species that a Refrain Policy “defines actions the subjects must refrain from performing”

  4. Relation between Obligation and Refrain Policies • Obligation Policy: A mandated action with a work flow • Refrain Policy: A prohibited action. Period. • Although a Refrain Policy can be stated affirmatively as an Obligation Policy, including both in the same code system (e.g., all as Obligation Policy Codes) could lead to semantic conflicts if more than one instance of an Obligation Policy is permitted in a Composite Policy • For example, an Obligation Policy requiring that disclosed information be encrypted would be incompatible with a Refrain Policy mandating that the information not be disclosed

  5. Relation between Obligation and Refrain Policies • An Obligation may stem from a Permitted Operation • An Obligation may stem from a Refrain Policy on a Permitted Operation

  6. Possible Refrain Policy Type Codes

  7. Added Directed Association between Obligation and Refrain

More Related