Download
1 / 4
40 likes | 271 Views
Credential. Identifier. Identity. Entity. binds to. binds to. binds to. Typical Policy-Driven Access Control Topology. Patient Context. Runtime (assumes user authenticated ). Credential Provider n. Consent Directive Service. Other Authorization Decision Factors. Identity Provider
E N D
Credential Identifier Identity Entity binds to binds to binds to
Typical Policy-Driven Access Control Topology PatientContext Runtime (assumes user authenticated) Credential Provider n Consent Directive Service Other Authorization Decision Factors Identity Provider Validation Service Credential Provider 1User Digital Cert Validation Other Authorization Decision Factors A A A A A ConsentDirective vHIN CredentialProvider n vHIN CredentialProvider 1 vHIN IdentityProvider vHIN UserContext PatientContext SessionContext HCO A I A PHR 1 vHIN PHR 1 Personal Health Record Servicewith Access Enforcement User PHR 1 AuthorizationwithPolicy DecisionEngine PHR 1 AuthorityCredential Provider I A A I HCO A I Identity Token vHIN Authority HCO Healthcare Org Employee Token A Invokes submitAuditRecord
Typical PHR Interaction PHR vHIN Identity Provider Credential Provider HIDN vHIN Standards: WS-*, PASS Standards: WS-*, PASS-IDF Standards: WS-*, SAML Standards: WS-*, SAML, PASS Standards: WS-*, OASIS, PASS Standards: WS-*, HL7 PASS Context Service Health ID Resolution Service Identity ProviderAuthentication Service Credential Provider AccessControlAuthorization Service PersonalHealth Record Service A A A A A A Login Identifier Redirect- Identity Provider Identifier, Assertions I Verified Identity Token Request PHR Access Request Privacy Policy Request Credential C Verified Credential Request User Role C User Role Assertion Request PHR Access,submit credentials I C C Access Granted- Redirect Access PHR A Invokes PASS submitAuditRecord or equivalent
