This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "Security & Privacy DAM"

From HL7Wiki
Jump to navigation Jump to search
Line 1: Line 1:
 +
[[Security|Back to Security Main Page]]
 +
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
Line 30: Line 32:
 
=Grantee=
 
=Grantee=
  
===S&P DAM R1 Description [page   ]===
+
===S&P DAM R1 Description [page 25]===
 +
 
 +
''A delegation policy is intended to assign access rights to a specific individual or organization (a grantee). ISO 22600-2 defines delegation as 'conveyance of privilege from one entity that holds such privilege, to another entity'. A DelegationPolicy 'defines what authorizations can be delegated to whom'. Association 'DelegationPolicy.grantee' of type ' Grantee' with cardinality of [*] The person or organization that is the subject of delegation. This is the entity that receives the privilege granted by the DelegationPolicy.''
 +
 
 +
 
 +
 
 +
 
  
 
===Issues===
 
===Issues===

Revision as of 21:22, 21 February 2013

Back to Security Main Page

Back to Security Main Page

Authority

S&P DAM R1 Description [page ]

Issues

Level of Assurance (LoA)

S&P DAM R1 Description [page 23]

page 23 Class: AuthorizationPolicy AuthorizationPolicy is a specialization of a BasicPolicy and is used to describe an authorization policy that may be exchanged across domains. An instance of AuthorizationPolicy specifies 'permitted actions' according to ISO 22600-2. A positive (or negative) AuthorizationPolicy defines the actions ('OperationType') that a subject is permitted (or forbidden) to perform on a target. Actions encoded using the 'OperationType' class represents the operations defined in the interface of a target object. The following are attributes of an AuthorizationPolicy:

  • Attribute 'AuthorizationPolicy.enable' of type ' Boolean' with cardinality of [1]

This attribute is used to specify if the policy enables or declines an authorization. If this attribute is set to 'true', the policy authorizes the actions and conditions pertaining to the resources referenced by the policy. Otherwise the authorization is declined.

  • Attribute 'AuthorizationPolicy.levelOfAssurance' of type ' INT' with cardinality of [0..1]

Level of Assurance (LoA) refers to the degree of certainty that

  • (1) a resource owner has that a person's physical self has been adequately verified before credentials are issued by a registration

authority, and

  • (2) a user owns the credentials they are subsequently presenting to access the resource.

LoA is relevant to authentication, authorization, and access control. A BasicPolicy requires the level of assurance as indicated within the AuthorizationPolicy specialization.

Issues

Grantee

S&P DAM R1 Description [page 25]

A delegation policy is intended to assign access rights to a specific individual or organization (a grantee). ISO 22600-2 defines delegation as 'conveyance of privilege from one entity that holds such privilege, to another entity'. A DelegationPolicy 'defines what authorizations can be delegated to whom'. Association 'DelegationPolicy.grantee' of type ' Grantee' with cardinality of [*] The person or organization that is the subject of delegation. This is the entity that receives the privilege granted by the DelegationPolicy.



Issues