190 likes | 332 Views
HL7 Security and Privacy Ontology Policy and Decision Examples. Tony Weida. “Somewhere Hospital” Policies. Small fictional example Illustrates Modular composition of reusable policy elements Precise, unambiguous expression and composition via logical operators.
E N D
HL7 Security and Privacy OntologyPolicy and Decision Examples Tony Weida
“Somewhere Hospital” Policies • Small fictional example • Illustrates • Modular composition of reusable policy elements • Precise, unambiguous expression and composition via logical operators
SomewhereHospitalBasicSecurityPolicyForAuthentication Class is a reusable component for multiple policies Asserted equivalent class: BasicSecurityPolicy and (authenticationLevelOfAssurance only integer[>= 3 , <= 4]) and (thirdPartyLevelOfAssurance only integer[>= 3 , <= 4]) and (identityProofingLevelOfAssurance value 4)
SomewhereHospitalAuthorizationPolicyDisjunct_A One authorized access pattern Value expression is a nested class expression which further restricts the universal range restriction of InformationReference Asserted equivalent class: AuthorizationPolicy and governsInformationReference only (hasObject only AccountReceivable) and governsOperation only (Create or Read or Update or Append) and governsSecurityRole only AdministratorFunctionalRole and (governsTimeOfDay only integer[>= 28800 , <= 64800]) and restrictedToRoute only LocalAreaNetwork Nested alternatives 8:00 AM – 6:00 PM
SomewhereHospitalInformationReference_B Asserted equivalent class: InformationReference and hasIntegrity some (CLINRPT or HCPRPT) and hasIntegrity some (HRELIABLE or RELIABLE) and hasObject only ExternalClinicalInformation Will reference in next slide …
SomewhereHospitalAuthorizationPolicyDisjunct_B Nested class expression included by name (from previous slide) Asserted equivalent class: AuthorizationPolicy and governsInformationReference onlySomewhereHospitalInformationReference_B and governsOperation only Forward and governsPurposeOfUse only TREAT and governsSecurityRole only (NurseFunctionalRole orPhysicianFunctionalRole) These – and all other – class references match all their subclasses too
NurseTraineeFunctionalRole A class which extends the SecurityRole class hierarchy Asserted superclass: NurseFunctionalRole NurseTraineeFunctionalRole will match the reference to NurseFunctionalRole on previous slide
SomewhereHospitalAuthorizationPolicyNurseTraineeForward Describes an authorized access pattern to be negated … Asserted equivalent class: AuthorizationPolicy and governsOperation only Forward and governsSecurityRole only NurseTraineeFunctionalRole
Consolidated authorization policy for Somewhere Hospital SomewhereHospitalAuthorizationPolicy Authentication component included Asserted equivalent class: SomewhereHospitalBasicPolicyForAuthentication and (SomewhereHospitalAuthorizationPolicyDisjunct_A or SomewhereHospitalAuthorizationPolicyDisjunct_B) andnot SomewhereHospitalAuthorizationPolicyNurseTraineeForward Alternative authorized access patterns combined with or OWL reasoner determines whether entire class expression is satisfiable Unauthorized access patterns negated with not
SomewhereHospitalObligationPolicy Asserted equivalent class: ObligationPolicy and governsOperation only Forward and specifiesObligation value AOD and specifiesObligation value CPLYCD Forwarding implies obligations to audit disclosure and to comply with consent directive
SomewhereHospitalCompositeSecurityPolicy Asserted equivalent classes: CompositeSecurityPolicy and containsSecurityPolicy some SomewhereHospitalAuthorizationPolicy and containsSecurityPolicy some SomewhereHospitalObligationPolicy
Combining Policies SomewhereHospitalAuthorizationPolicy Asserted equivalent class: SomewhereHospitalBasicPolicyForAuthentication and (SomewhereHospitalAuthorizationPolicyDisjunct_A or SomewhereHospitalAuthorizationPolicyDisjunct_B) andnotSomewhereHospitalAuthorizationPolicyNurseTraineeForward ElsewhereHospitalAuthorizationPolicy Asserted equivalent class: AuthorizationPolicy and governsInformationReference only (hasObject onlyExternalClinicalInformation or TransferSummary) and governsOperation only (Create orRead orForward) and governsSecurityRole onlyNurseFunctionalRole and (governsTimeOfDay only integer[>= 32400 , <= 61200]) and restrictedToRoute only(LocalAreaNetwork or VirtualPrivateNetwork) CombinedAuthorizationPolicy Asserted equivalent class: SomewhereHospitalAuthorizationPolicy and ElsewhereHospitalAuthorizationPolicy Stated description superficially quite different from SomewhereHospitalAuthorizationPolicy but entirely comparable via logic Merging policies is simply logical Could as well combine: FederalPolicyandStatePolicyandSomewhereHospitalPolicyandConsentForHarryLevin
Partial Class Hierarchy (Stated) BasicSecurityPolicy SomewhereHospitalBasicSecurityPolicyForAuthentication AuthorizationPolicy SomewhereHospitalAuthorizationPolicyDisjunct_A SomewhereHospitalAuthorizationPolicyDisjunct_B SomewhereHospitalAuthorizationPolicy ElsewhereHospitalAuthorizationPolicy CombinedAuthorizationPolicy
Partial Class Hierarchy Partial Class Hierarchy (Inferred) OWL Reasoner confirms and refines subclass relationships for display and review BasicSecurityPolicy SomewhereHospitalBasicSecurityPolicyForAuthentication AuthorizationPolicy SomewhereHospitalAuthorizationPolicyDisjunct_A SomewhereHospitalAuthorizationPolicyDisjunct_B SomewhereHospitalAuthorizationPolicy is either of these disjuncts, so it must be an AuthorizationPolicy SomewhereHospitalAuthorizationPolicy ElsewhereHospitalAuthorizationPolicy CombinedAuthorizationPolicy Organizational benefits grow with the size of the policy library
I_InformationReference_B_123 An individual Asserted description: Property assertions: hasIntegrity CLINRPT hasIntegrity HRELIABLE hasObject I_ExternalClinicalInformation_123 • InformationReference • hasIntegrity exactly 2 • hasObject exactly 1 … of type InformationReference, with two integrity values (only) and one object (only) Will reference in next slide …
I_CandidateInstantiationOfAuthorizationPolicy_123 Asserted description: governsInformationReference I_InformationReference_B_123 governsOperation I_Forward_123 governsPurposeOfUse TREAT governsSecurityRole PhysicianFunctionalRole restrictedToRoute I_SomewhereHospital_LocalAreaNetwork Property assertions: • Authorization Policy • governsInformationReference max 1 • governsOperation max 1 • governsPurposeOfUse max 1 • governsSecurityRole max 1 • restrictedToRoute max 1 Data assertions: Is this access authorized? According to which policies? • authenticationLevelOfAssurance 4 • identityProofingLevelOfAssurance 4 • thirdPartyLevelOfAssurance 4 • governsTimeOfDay 43200 Guaranteed consistent decision rendered by OWL reasoner. No software writing required. Instantiates SomewhereHospitalAuthorizationPolicy but not ElsewhereHospitalAuthorizationPolicy
I_CandidateInstantiationOfAuthorizationPolicy_123 Asserted description: Property assertions: governsInformationReference I_InformationReference_B_123 governsOperation I_Forward_123 governsPurposeOfUse TREAT governsSecurityRole NurseTraineeFunctionalRole restrictedToRoute I_SomewhereHospital_LocalAreaNetwork • Authorization Policy • governsInformationReference max 1 • governsOperation max 1 • governsPurposeOfUse max 1 • governsSecurityRole max 1 • restrictedToRoute max 1 Data assertions: • authenticationLevelOfAssurance 4 • identityProofingLevelOfAssurance 4 • thirdPartyLevelOfAssurance 4 • governsTimeOfDay 43200 Instantiates ElsewhereHospitalAuthorizationPolicy but not SomewhereHospitalAuthorizationPolicy
I_CandidateInstantiationOfAuthorizationPolicy_123 Asserted description: Property assertions: governsInformationReference I_InformationReference_B_123 governsOperation I_Forward_123 governsPurposeOfUse TREAT governsSecurityRole RegisteredNurseFunctionalRole restrictedToRoute I_SomewhereHospital_LocalAreaNetwork • Authorization Policy • governsInformationReference max 1 • governsOperation max 1 • governsPurposeOfUse max 1 • governsSecurityRole max 1 • restrictedToRoute max 1 Data assertions: • authenticationLevelOfAssurance 4 • identityProofingLevelOfAssurance 4 • thirdPartyLevelOfAssurance 4 • governsTimeOfDay 43200 Instantiates CombinedAuthorizationPolicy, i.e., both SomewhereHospitalAuthorizationPolicy and ElsewhereHospitalAuthorizationPolicy