Security and Privacy Ontology
Back to: Security Main Page
Back to: CBCC Main Page
This page provides a focal point for the HL7 Security and Privacy Ontology Project: a hub for connecting to its artifacts, discussions, status and links to related projects and work groups. Most of the technical content for this project will be contained within its artifacts which will be linked via this page and stored on GForge.
The scope of the project was defined by the answers to a set of scoping questions.
An introduction to Description Logic, OWL and Protégé:
Overview and Status:
- Integration of HL7 Security and Privacy Ontology with Other Ontologies (May 2013; revised July 2013)
Ontology Development Methodology
This methodology has been derived from a guideused by the Protégé team and demonstrates a basic model development process that shares some steps with HL7 HDF. The draft was written from the standpoint of developing an ontology from scratch.
This project uses the Protégé-OWL Editor for ontology editing and the Ontology Browser for Web-based ontology review.
The Protégé-OWL Editor operates on OWL 2 ontologies. It also handles SWRL. The Security and Privacy Ontology is currently edited with the Protégé 4.3 Release version.
The Ontology Browser provides read-only access to OWL 2 ontologies.
The current published version of the Security and Privacy Ontology will be available for download and hosted browsing as follows. When reviewing, please take note of explanatory comments among the annotations.
The Ontologies zip file contains an Ontologies directory, which in turn contains a set of OWL files representing the sub-ontologies: Ontologies.zip
Apelon is voluntarily hosting the Ontology Browser to facilitate peer review of the Security and Privacy Ontology. Please respect that purpose.
To browse the current published draft ontology using a Web browser:
- Visit the hosted Ontology Browser: Ontology Browser
- Optionally (but recommended), to view the Ontology as enriched by an OWL reasoner:
- Click Options (on the right, towards the top of the page).
- Select HermiT from the pulldown list labelled Reasoner (under Model on the right).
- Click Ontology Browser at the top left.
- Enter the URL for an OWL file in the box labeled Specify the physical location of your ontology. URLs for the Security and Privacy Ontology are shown in the table below. Suggested entries are highlighted in yellow and gold.
- Click load.
- Click Help (at top right) to for further details. See especially Getting started under Documentation.
- The Ontology Browser generally works well when viewing ontology contents, but there are occasional glitches loading or switching ontologies. Try clearing and reloading ontologies (see below) or restarting your Web browser.
- Click the red box with the white X (near top left) to clear all ontologies.
- Click Ontology Browser (at top left) to return to the home page, where you can load ontologies.
|Sub-ontology||URL for hosted Ontology Browser||Notes|
Represents sample clinical observations.
Represents compartments based on the proposed HL7 v3 Compartment value set.
Represents confidentialities based on the HL7 v3 Confidentiality value set (OID = 2.16.840.1.1138188.8.131.5228).
Represents Create, Read, Update, Delete, Execute and Append operations from the HL7 RBAC Healthcare Permission Catalog.
Represents further data operations from the HL7 RBAC Permission Catalog and beyond.
Represents integrities based on the HL7 v3 Integrity value set (OID = 2.16.840.1.1138184.108.40.20669) [limited to descendants of _SECINTOBV inclusive].
Represents objects from the HL7 RBAC Permission Catalog.
Represents obligations, based on the HL7 v3 Obligation value set (OID = 2.16.840.1.1138220.127.116.1145).
Represents payment sources, based on the HL7 v3 ActCoverageTypeCode value set (OID = 2.16.840.1.113818.104.22.16855).</
Represents permissions from the HL7 RBAC Permission Catalog.
Represents privacy operations from the CSP-DAM.
Represents purposes of use, based on the HL7 v3 PurposeOfUse value set (OID = 2.16.840.1.113822.214.171.12448).
Represents purely RBAC classes based on ANSI/INCITS 359-2004 and the HL7 RBAC Permission Catalog. Note that classes imported from SecurityAndPrivacy.owl may come with attributes outside of pure RBAC and/or may add pure RBAC restrictions here.
Represents refrains, based on the HL7 v3 Refrain value set (OID = 2.16.840.1.1138126.96.36.19946).
Represents sample security roles, both structural and functional.
Represents sample routes.
The base HL7 Security and Privacy Ontology.
Represents sensitivities based on the HL7 v3 Sensitivity value set (OID = 2.16.840.1.1138188.8.131.5229).
Represents service delivery locations based on the HL7 v3 ServiceDeliveryLocation value set (OID = 2.16.840.1.1138184.108.40.20660).
Imports all of the preceding sub-ontologies directly or indirectly. Thus, enables browsing them together.
Represents examples at a local institution, the fictional Somewhere Hospital.
Further instances to be developed.
To support SWRL rules, adds several classes (whose names begin with *; note that the SWRL rules are not accessible via the Ontology Browser).
- An Ontologies directory is hosted on the same virtual server as the Ontology Browser. The URLs in the preceding table will direct the hosted Ontology Browser to OWL files on its local host (not your local host).
- Eventually, HL7 ontologies may be hosted at a well known location such as http://hl7.org/ontology/ (which doesn't currently exist). In anticipation, the IRIs for sub-ontologies and other elements of the Security and Privacy Ontology embody that location. Unlike Protégé, the current Ontology Browser software provides no way to redirect such IRIs. Therefore, we direct the Ontology Browser to the hosted files (having manually edited OWL imports accordingly within the hosted files).
Ontology Review Criteria
Suggested criteria for interim review of the Security-Privacy Ontology:
- Security-Privacy Ontology Review Criteria: Updated - 10/20/2010
- Security-Privacy Ontology Review Criteria with Forms (to fill in responses):Updated - 10/20/2010