[Source: See the posting of David Staggs to the XSPA TC: http://lists.oasis-open.org/archives/xspa/200810/msg00003.html]
October 20, 2008
Coarse Grained Examples: (i.e., no HL7 permissions, ASTM 1986 structural roles passed)
SAML
1.4.1.1 “Scenarios for ASTM 1986 Role [not Role/Permission] ”
Access to patient record allowed based on structural role
1.4.1.2 “Scenarios for ASTM 1986 Role [not Role/Permission]”
Access to patient record not allowed based on structural role
Patient consent directives – UBA
1.4.2.1 “Scenarios for ASTM 1986 Role (Patient consent directives – UBA)
Consent Allowed based on structural role
1.4.2.2 “Scenarios for ASTM 1986 Role (Patient consent directives – UBA)
Consent Disallowed on ‘structural role’ applied
Purpose of Use (coarse)
TPO demonstrated by the use cases above
EA
1.4.4.1 “Emergency Access”
Based on ASTM 1986
Role, with no permissions passed.
Fine Grained (i.e., HL7 permissions passed (app/requestor), object, actions, knowledge of data schemata, obligations)
SAML
Fine grained (application specific EHR:radiology) control of object “radiology”
HL7 permissions are passed with request:
1.4.5.1.2 “Patient has specified constraints that would limit of all oncologists, access to the radiology portion of the patient record”
Patient elects “no X-rays,” results in the application specific command to mask radiology from chart
Purpose of Use (fine)
TPO demonstrated by the use case above
EA
1.4.4.1 “Emergency Access” HL7 permissions passed along with request.
Patient elected “no X-rays,” but clinician overrides with an application specific command to un-mask radiology from chart
WS-Trust:
Purpose of Use:
TPO: Multi-party
Authorization
Access the
chart of a named patient
Two domains and emergency access is required in foreign domain. Local STS acquires foreign domain token.
EA: Multi-party Authorization,
Two domains and emergency access is required in foreign domain. Local STS acquires foreign domain token.
Stretch goal:
Site A states if POU is EA, then grant permission. Site B states if POU is EA, then do not grant permission (denial at site B)
Demonstrates the requestor has the ability to get proper token but the foreign policy denies access based on a different patient directive at foreign domain