FHIR © HL7.org  |  Server Home  |  FHIR Server FHIR Server 3.4.11  |  FHIR Version n/a  User: [n/a]

Resource ValueSet/FHIR Server from package hl7.fhir.uv.security-label-ds4p#current (78 ms)

Package hl7.fhir.uv.security-label-ds4p
Type ValueSet
Id Id
FHIR Version R4
Source http://hl7.org/fhir/uv/security-label-ds4p/https://build.fhir.org/ig/HL7/fhir-security-label-ds4p/ValueSet-valueset-security-authorization.html
Url http://hl7.org/fhir/uv/security-label-ds4p/ValueSet/valueset-security-authorization
Version 1.0.0
Status draft
Date 2020-03-30
Name ValueSetSecurityAuthorizationPolicy
Title Security Authorization Policy ValueSet
Experimental False
Realm uv
Authority hl7
Description Security label metadata that may be used to 'segment' an IT resource by conveying a displayed mark, required to be rendered to indicate that the electronic or hardcopy information is protected at the level of the subset of CUI for which the authorizing law, regulation, or Government-wide policy does not set out specific handling or dissemination controls.

Resources that use this resource

No resources found


Resources that this resource uses

CodeSystem
http://terminology.hl7.org/CodeSystem/v3-ActCode ActCode


Narrative

Note: links and images are rebased to the (stated) source

  • Include these codes as defined in http://terminology.hl7.org/CodeSystem/v3-ActCode
    CodeDisplayDefinition
    AUTHPOLauthorization policyAuthorisation policies are essentially security policies related to access-control and specify what activities a subject is permitted or forbidden to do, to a set of target objects. They are designed to protect target objects so are interpreted by access control agents or the run-time systems at the target system.

    A positive authorisation policy defines the actions that a subject is permitted to perform on a target. A negative authorisation policy specifies the actions that a subject is forbidden to perform on a target. Positive authorisation policies may also include filters to transform the parameters associated with their actions. (Based on PONDERS)
    ACCESSCONSCHEMEaccess control schemeAn access control policy specific to the type of access control scheme, which is used to enforce one or more authorization policies.

    *Usage Note:* Access control schemes are the type of access control policy, which is comprised of access control policy rules concerning the provision of the access control service.

    There are two categories of access control policies, rule-based and identity-based, which are identified in CCITT Rec. X.800 aka ISO 7498-2. Rule-based access control policies are intended to apply to all access requests by any initiator on any target in a security domain. Identity-based access control policies are based on rules specific to an individual initiator, a group of initiators, entities acting on behalf of initiators, or originators acting in a specific role. Context can modify rule-based or identity-based access control policies. Context rules may define the entire policy in effect. Real systems will usually employ a combination of these policy types; if a rule-based policy is used, then an identity-based policy is usually in effect also.

    An access control scheme may be based on access control lists, capabilities, labels, and context or a combination of these. An access control scheme is a component of an access control mechanism or "service") along with the supporting mechanisms required by that scheme to provide access control decision information (ADI) supplied by the scheme to the access decision facility (ADF also known as a PDP). (Based on ISO/IEC 10181-3:1996)

    **Examples:**

    * Attribute Based Access Control (ABAC)
    * Discretionary Access Control (DAC)
    * History Based Access Control (HBAC)
    * Identity Based Access Control (IBAC)
    * Mandatory Access Control (MAC)
    * Organization Based Access Control (OrBAC)
    * Relationship Based Access Control (RelBac)
    * Responsibility Based Access Control (RespBAC)
    * Risk Adaptable Access Control (RAdAC)

    >
    DELEPOLdelegation policyDelegation policies specify which actions subjects are allowed to delegate to others. A delegation policy thus specifies an authorisation to delegate. Subjects must already possess the access rights to be delegated.

    Delegation policies are aimed at subjects delegating rights to servers or third parties to perform actions on their behalf and are not meant to be the means by which security administrators would assign rights to subjects. A negative delegation policy identifies what delegations are forbidden.

    A Delegation policy specifies the authorisation policy from which delegated rights are derived, the grantors, which are the entities which can delegate these access rights, and the grantees, which are the entities to which the access rights can be delegated. There are two types of delegation policy, positive and negative. (Based on PONDERS)
    INFOACCESSaccess informationAuthorization to obtain information with no further permission to collect and store it.
    INFOCOLLECTcollect informationAuthorization to gather and store information.
    INFODEIDENTIFIYdeidentify informationAuthorization to alter or remove identifying characteristics of an entity or individual that is a subject of the information.
    INFODISCLOSEdisclose informationAuthorization to make information known to another party.
    INFOMASKmask informationAuthorization to alter information in order to conceal it from unauthorized recipients.
    INFOREADONLYread only informationAuthorization to access information within a specific context for communication purposes only. Storing, manipulating, and further disclosure are prohibited and may be technically disabled.
    INFOREDACTredact informationAuthorization to remove information that a recipient is not authorized to access.
    INFOREDISCLOSEredisclose informationAuthorization to make disclosed information known to another party.
    INFOREIDENTIFYreidentify informationAuthorization to alter or relink deidentified information so that an entity or individual that is the subject of that information identifiable.
    INFOUSEuse informationAuthorization to employ or alter information.

Source

{
  "resourceType" : "ValueSet",
  "id" : "valueset-security-authorization",
  "text" : {
    "status" : "extensions",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><ul><li>Include these codes as defined in <a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html\"><code>http://terminology.hl7.org/CodeSystem/v3-ActCode</code></a><table class=\"none\"><tr><td style=\"white-space:nowrap\"><b>Code</b></td><td><b>Display</b></td><td><b>Definition</b></td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-AUTHPOL\">AUTHPOL</a></td><td>authorization policy</td><td>Authorisation policies are essentially security policies related to access-control and specify what activities a subject is permitted or forbidden to do, to a set of target objects. They are designed to protect target objects so are interpreted by access control agents or the run-time systems at the target system.<br/><br/>A positive authorisation policy defines the actions that a subject is permitted to perform on a target. A negative authorisation policy specifies the actions that a subject is forbidden to perform on a target. Positive authorisation policies may also include filters to transform the parameters associated with their actions. (Based on PONDERS)</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-ACCESSCONSCHEME\">ACCESSCONSCHEME</a></td><td>access control scheme</td><td>An access control policy specific to the type of access control scheme, which is used to enforce one or more authorization policies.<br/><br/>*Usage Note:* Access control schemes are the type of access control policy, which is comprised of access control policy rules concerning the provision of the access control service.<br/><br/>There are two categories of access control policies, rule-based and identity-based, which are identified in CCITT Rec. X.800 aka ISO 7498-2. Rule-based access control policies are intended to apply to all access requests by any initiator on any target in a security domain. Identity-based access control policies are based on rules specific to an individual initiator, a group of initiators, entities acting on behalf of initiators, or originators acting in a specific role. Context can modify rule-based or identity-based access control policies. Context rules may define the entire policy in effect. Real systems will usually employ a combination of these policy types; if a rule-based policy is used, then an identity-based policy is usually in effect also.<br/><br/>An access control scheme may be based on access control lists, capabilities, labels, and context or a combination of these. An access control scheme is a component of an access control mechanism or &quot;service&quot;) along with the supporting mechanisms required by that scheme to provide access control decision information (ADI) supplied by the scheme to the access decision facility (ADF also known as a PDP). (Based on ISO/IEC 10181-3:1996)<br/><br/>**Examples:** <br/><br/> * Attribute Based Access Control (ABAC)<br/> * Discretionary Access Control (DAC)<br/> * History Based Access Control (HBAC)<br/> * Identity Based Access Control (IBAC)<br/> * Mandatory Access Control (MAC)<br/> * Organization Based Access Control (OrBAC)<br/> * Relationship Based Access Control (RelBac)<br/> * Responsibility Based Access Control (RespBAC)<br/> * Risk Adaptable Access Control (RAdAC)<br/><br/>&gt;</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-DELEPOL\">DELEPOL</a></td><td>delegation policy</td><td>Delegation policies specify which actions subjects are allowed to delegate to others. A delegation policy thus specifies an authorisation to delegate. Subjects must already possess the access rights to be delegated.<br/><br/>Delegation policies are aimed at subjects delegating rights to servers or third parties to perform actions on their behalf and are not meant to be the means by which security administrators would assign rights to subjects. A negative delegation policy identifies what delegations are forbidden.<br/><br/>A Delegation policy specifies the authorisation policy from which delegated rights are derived, the grantors, which are the entities which can delegate these access rights, and the grantees, which are the entities to which the access rights can be delegated. There are two types of delegation policy, positive and negative. (Based on PONDERS)</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOACCESS\">INFOACCESS</a></td><td>access information</td><td>Authorization to obtain information with no further permission to collect and store it.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOCOLLECT\">INFOCOLLECT</a></td><td>collect information</td><td>Authorization to gather and store information.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFODEIDENTIFIY\">INFODEIDENTIFIY</a></td><td>deidentify information</td><td>Authorization to alter or remove identifying characteristics of an entity or individual that is a subject of the information.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFODISCLOSE\">INFODISCLOSE</a></td><td>disclose information</td><td>Authorization to make information known to another party.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOMASK\">INFOMASK</a></td><td>mask information</td><td>Authorization to alter information in order to conceal it from unauthorized recipients.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOREADONLY\">INFOREADONLY</a></td><td>read only information</td><td>Authorization to access information within a specific context for communication purposes only. Storing, manipulating, and further disclosure are prohibited and may be technically disabled.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOREDACT\">INFOREDACT</a></td><td>redact information</td><td>Authorization to remove information that a recipient is not authorized to access.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOREDISCLOSE\">INFOREDISCLOSE</a></td><td>redisclose information</td><td>Authorization to make disclosed information known to another party.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOREIDENTIFY\">INFOREIDENTIFY</a></td><td>reidentify information</td><td>Authorization to alter or relink deidentified information so that an entity or individual that is the subject of that information identifiable.</td></tr><tr><td><a href=\"http://terminology.hl7.org/5.1.0/CodeSystem-v3-ActCode.html#v3-ActCode-INFOUSE\">INFOUSE</a></td><td>use information</td><td>Authorization to employ or alter information.</td></tr></table></li></ul></div>"
  },
  "extension" : [
    {
      "url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm",
      "valueInteger" : 2
    },
    {
      "url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
      "valueCode" : "sec"
    },
    {
      "url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status",
      "valueCode" : "trial-use"
    }
  ],
  "url" : "http://hl7.org/fhir/uv/security-label-ds4p/ValueSet/valueset-security-authorization",
  "version" : "1.0.0",
  "name" : "ValueSetSecurityAuthorizationPolicy",
  "title" : "Security Authorization Policy ValueSet",
  "status" : "draft",
  "experimental" : false,
  "date" : "2020-03-30",
  "publisher" : "HL7 Security Working Group",
  "contact" : [
    {
      "name" : "HL7 Security Working Group",
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/secure/index.cfm"
        },
        {
          "system" : "email",
          "value" : "security-cc@lists.hl7.org"
        }
      ]
    }
  ],
  "description" : "Security label metadata that may be used to 'segment' an IT resource by conveying a displayed mark, required to be rendered to indicate that the electronic or hardcopy information is protected at the level of the subset of CUI for which the authorizing law, regulation, or Government-wide policy does not set out specific handling or dissemination controls.",
  "jurisdiction" : [
    {
      "coding" : [
        {
          "system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code" : "001",
          "display" : "World"
        }
      ]
    }
  ],
  "compose" : {
    "include" : [
      {
        "system" : "http://terminology.hl7.org/CodeSystem/v3-ActCode",
        "concept" : [
          {
            "code" : "AUTHPOL",
            "display" : "authorization policy"
          },
          {
            "code" : "ACCESSCONSCHEME",
            "display" : "access control scheme"
          },
          {
            "code" : "DELEPOL",
            "display" : "delegation policy"
          },
          {
            "code" : "INFOACCESS",
            "display" : "access information"
          },
          {
            "code" : "INFOCOLLECT",
            "display" : "collect information"
          },
          {
            "code" : "INFODEIDENTIFIY",
            "display" : "deidentify information"
          },
          {
            "code" : "INFODISCLOSE",
            "display" : "disclose information"
          },
          {
            "code" : "INFOMASK",
            "display" : "mask information"
          },
          {
            "code" : "INFOREADONLY",
            "display" : "read only information"
          },
          {
            "code" : "INFOREDACT",
            "display" : "redact information"
          },
          {
            "code" : "INFOREDISCLOSE",
            "display" : "redisclose information"
          },
          {
            "code" : "INFOREIDENTIFY",
            "display" : "reidentify information"
          },
          {
            "code" : "INFOUSE",
            "display" : "use information"
          }
        ]
      }
    ]
  }
}

XIG built as of ??metadata-date??. Found ??metadata-resources?? resources in ??metadata-packages?? packages.