Difference between revisions of "Security and Privacy Ontology"

From HL7Wiki
Jump to navigation Jump to search
Line 88: Line 88:
 
! Sub-ontology
 
! Sub-ontology
 
! URL for hosted Ontology Browser
 
! URL for hosted Ontology Browser
! Notes
+
! Notes|-
|- style="background:yellow;"
 
| SecurityAndPrivacyOntology.owl
 
| FILE://localhost/C:/Ontologies/SecurityAndPrivacyOntology.owl
 
| <p>The base HL7 Security and Privacy Ontology.</p> <p>Intended to be normative once approved.</p>
 
|-
 
 
| ClinicalConditionOntology.owl
 
| ClinicalConditionOntology.owl
 
| FILE://localhost/C:/Ontologies/ClinicalConditionOntology.owl
 
| FILE://localhost/C:/Ontologies/ClinicalConditionOntology.owl
Line 132: Line 127:
 
| RoleOntology.owl
 
| RoleOntology.owl
 
| FILE://localhost/C:/Ontologies/RoleOntology.owl
 
| FILE://localhost/C:/Ontologies/RoleOntology.owl
| <p>Imports SecurityAndPrivacyOntology.owl.</p> <p>Represents example security roles.  Presently includes all ASTM structural roles.  A representative subset of them will be selected and retained as discussed at the Orlando WGM.  Also includes a few functional roles, to be revised.</p>  
+
| <p>Imports SecurityAndPrivacyOntology.owl.</p> <p>Represents example security roles.  Presently includes all ASTM structural roles.  A representative subset of them will be selected and retained as discussed at the Orlando WGM.  Also includes a few functional roles, to be revised.</p>
|- style="background:gray;"
+
|- style="background:yellow;"
| SandboxOntology.owl
+
| SecurityAndPrivacyOntology.owl
| FILE://localhost/C:/Ontologies/SandboxOntology.owl
+
| FILE://localhost/C:/Ontologies/SecurityAndPrivacyOntology.owl  
| <p>Imports SecurityAndPrivacyOntology.owl.</p> <p>Represents provisional work, pending potential incorporation into the Security and Privacy Ontology suite.</p> <p>Not recommended for review at this time.</p>  
+
| <p>The base HL7 Security and Privacy Ontology.</p> <p>Intended to be normative once approved.</p>  
 
|-
 
|-
 
| SensitivityOntology.owl
 
| SensitivityOntology.owl

Revision as of 12:44, 25 March 2013

Back to: Security Main Page

Back to: CBCC Main Page


Introduction

This page is intended to provide a focal point for the Security and Privacy Ontology Project; a hub for connecting to its artifacts, discussions, status and links to related projects and work groups. Most of the technical content for this project will be contained within its artifacts which will be linked to on this page and stored on GForge or other wikis. This page will provide sufficient content for project and document organization.

Scope

The scope of the project was defined by the answers to a set of scoping questions.

Project Documentation

Approved Project Scope Statement

Presentations

An introduction to Description Logic, OWL and Protégé:

May 2011 Status Report:

January 2012 Status Report and Work Discussion:

Ontology Development Methodology

This methodology has been derived from a guideused by the Protégé team and demonstrates a basic model development process that shares some steps with HL7 HDF. The draft was written from the standpoint of developing an ontology from scratch.

Use Cases

Access Control Based on Category of Action

Access Control Based on Category of Object

Access Control Based on Category of Structural Role

Access Control Based on Category of Functional Role

Access Control Based on Multiple Role Values

Enable Design of Access Control System

Facilitate an Automated Decision Function

Tooling

This project uses the Protégé-OWL Editor for ontology editing and the Ontology Browser for Web-based ontology review.

Protégé-OWL Editor

The Protégé-OWL Editor operates on OWL 2 ontologies. It also handles SWRL. The Security and Privacy Ontology is currently edited with the Protégé 4.1 Release version.

Ontology Browser

The Ontology Browser provides read-only access to OWL 2 ontologies.

Draft Ontology

The current published draft of the Security and Privacy ontology will be available for download and hosted browsing as follows. When reviewing, please take note of explanatory comments among the annotations.

Download

The Security and Privacy Ontology is distributed as a zip file containing an Ontologies directory, a set of OWL files representing the sub-ontologies, and an XML Catalog. The catalog supports redirection of ontology IRIs to the local file system. For example, http://www.hl7.org/ontologies/SecurityAndPrivacy.owl, which does not yet exist on the Web, is redirected to the SecurityAndPrivacy.owl file.

Current published draft of the Security-Privacy Ontology for peer review: Ontologies.zip - April 6, 2012

Hosted Browsing

Apelon is voluntarily hosting the Ontology Browser to facilitate peer review of the Security and Privacy Ontology. Please respect that purpose.

To browse the current published draft ontology using a Web browser:

  1. Visit the hosted Ontology Browser: Ontology Browser
  2. Optionally (but recommended), to view the Ontology as enriched by an OWL reasoner:
    1. Click Options (on the right, towards the top of the page).
    2. Select HermiT from the pulldown list labelled Reasoner (under Model on the right).
    3. Click Ontology Browser at the top left.
  3. Enter the URL for an OWL file in the box labeled Specify the physical location of your ontology. URLs for the Security and Privacy Ontology are shown in the table below. Suggested entries are highlighted in yellow and gold.
  4. Click load.

Hints:

  • Click Help (at top right) to for further details. See especially Getting started under Documentation.
  • The Ontology Browser generally works well when viewing ontology contents, but there are occasional glitches loading or switching ontologies. Try clearing and reloading ontologies (see below) or restarting your Web browser.
  • Click the red box with the white X (near top left) to clear all ontologies.
  • Click Ontology Browser (at top left) to return to the home page, where you can load ontologies.
Sub-ontology URL for hosted Ontology Browser - ClinicalConditionOntology.owl FILE://localhost/C:/Ontologies/ClinicalConditionOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents clinical conditions, starting with samples taken from the CSP-DAM.

ConfidentialityOntology.owl FILE://localhost/C:/Ontologies/ConfidentialityOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents sensitivities based on the HL7 v3 Confidentiality code system [2.16.840.1.113883.5.25].

ObjectOntology.owl FILE://localhost/C:/Ontologies/ObjectOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents objects from the HL7 RBAC Permission Catalog.

ObligationOntology.owl FILE://localhost/C:/Ontologies/ObligationOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents obligations, starting with samples taken from the CSP-DAM.

OperationOntology.owl FILE://localhost/C:/Ontologies/OperationOntology.owl

Imports OperationOntology_CRUDE.owl.

Represents further operations from the HL7 RBAC Permission Catalog.

OperationOntology_CRUDE.owl FILE://localhost/C:/Ontologies/OperationOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents "CRUDE" operations from the HL7 RBAC Permission Catalog.

PermissionOntology.owl FILE://localhost/C:/Ontologies/PermissionOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents permissions from the HL7 RBAC Permission Catalog.

PurposeOfUseOntology.owl FILE://localhost/C:/Ontologies/PurposeOfUseOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents purposes of use, starting with samples taken from the CSP-DAM.

RBACOntology.owl FILE://localhost/C:/Ontologies/RBACOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents purely RBAC classes based on ANSI/INCITS 359-2004 and the HL7 RBAC Permission Catalog. Note that classes imported from SecurityAndPrivacy.owl may come with attributes outside of pure RBAC and/or may add pure RBAC restrictions here.

RoleOntology.owl FILE://localhost/C:/Ontologies/RoleOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents example security roles. Presently includes all ASTM structural roles. A representative subset of them will be selected and retained as discussed at the Orlando WGM. Also includes a few functional roles, to be revised.

SecurityAndPrivacyOntology.owl FILE://localhost/C:/Ontologies/SecurityAndPrivacyOntology.owl

The base HL7 Security and Privacy Ontology.

Intended to be normative once approved.

SensitivityOntology.owl FILE://localhost/C:/Ontologies/SensitivityOntology.owl

Imports SecurityAndPrivacyOntology.owl.

Represents sensitivities based on the HL7 v3 ActPrivacyPolicy value set (drawn from ActCode code system).

SomewhereHospitalOntology.owl FILE://localhost/C:/Ontologies/SomewhereHospitalOntology.owl

Imports all of the preceding sub-ontologies. Thus, enables browsing them together.

Represents an interrelated set of individuals collectively representing an access control request.

Further instances to be developed.

To support SWRL rules, adds several classes (whose names begin with *; note that the SWRL rules are not accessible via the Ontology Browser).

Notes:

  • An Ontologies directory is hosted on the same virtual server as the Ontology Browser. The URLs in the preceding table will direct the hosted Ontology Browser to OWL files on its local host (not your local host).
  • Eventually, HL7 ontologies may be hosted at a well known location such as http://www.hl7.org/ontologies/ (which doesn't currently exist). In anticipation, the IRIs for sub-ontologies and other elements of the Security and Privacy Ontology embody that location. Unlike Protégé, the current Ontology Browser software provides no way to redirect such IRIs. Therefore, we direct the Ontology Browser to the hosted files (having manually edited OWL imports accordingly within the hosted files).

Ontology Review Criteria

Suggested criteria for interim review of the Security-Privacy Ontology:

Related HL7 Projects

Resources