ISO/TS 22600-2:2006
Health informatics - Privilege management and access control - Part 2: Formal models

Standard No.

ISO/TS 22600-2:2006

Release Date

2006

Published By

International Organization for Standardization (ISO)

Status

Withdraw

Latest

ISO/TS 22600-2:2006

Scope

This part of ISO/TS 22600 is intended to support the needs of healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members and trading partners. It is also intended to support inquiries from both individuals and application systems. ISO/TS 22600 defines methods for managing authorization and access control to data and/or functions. It accommodates policy bridging. It is based on a conceptual model where local authorization servers and crossborder directory and policy repository services can assist access control in various applications (software components). The policy repository provides information on rules for access to various application functions based on roles and other attributes. The directory service enables identification of the individual user. The granted access will be based on four aspects: the authenticated identification of the user; the rules for access connected with a specific information object; the rules regarding authorization attributes linked to the user provided by the authorization manager; the functions of the specific application. This part of ISO/TS 22600 should be used in a perspective ranging from a local situation to a regional or national one. One of the key points in these perspectives is to have organizational criteria combined with authorization profiles agreed upon from both the requesting and delivering side in a written policy agreement. This part of ISO/TS 22600 supports collaboration between several authorization managers that may operate over organizational and policy borders. The collaboration is defined in a policy agreement, signed by all involved organizations, and constitutes the basic platform for the operation. A documentation format is proposed, as a platform for the policy agreement, which makes it possible to obtain comparable documentation from all parties involved in the information exchange of information. This part of ISO/TS 22600 excludes platform-specific and implementation details. It does not specify technical communication security services and protocols that have been established in other standards, e.g. ENV 13608. It also excludes authentication techniques. This part of ISO/TS 22600 introduces the underlying paradigm of formal high level models for architectural components based on ISO/IEC 10746. In that context, the Domain Model, the Document Model, the Policy Model, the Role Model, the Authorization Model, the Delegation Model, the Control Model and the Access Control Model are introduced. The specifications are provided using the meta-languages Unified Modelling Language (UML) and Extensible Markup Language (XML). Additional diagrams are used for explaining the principles. The attributes used have been referenced to the HL7 Reference Information Model and the HL7 datatype definitions.

ISO/TS 22600-2:2006 history

• 2006 ISO/TS 22600-2:2006 Health informatics - Privilege management and access control - Part 2: Formal models