ISO/TS 22600-2-2006 医用信息.权限管理和入口控制.第2部分:形式模型
作者:标准资料网
时间:2024-05-05 05:26:57
浏览:9817
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Healthinformatics-Privilegemanagementandaccesscontrol-Part2:Formalmodels
【原文标准名称】:医用信息.权限管理和入口控制.第2部分:形式模型
【标准号】:ISO/TS22600-2-2006
【标准状态】:现行
【国别】:国际
【发布日期】:2006-08
【实施或试行日期】:
【发布单位】:国际标准化组织(IX-ISO)
【起草单位】:ISO/TC215
【标准类型】:()
【标准水平】:()
【中文主题词】:入口控制;合格证书;计算机科学;定义;医院;主机系统;识别;同一性试验;交替使用性;TI安全性;医用信息;医学科学;模型;网络管理;资料保护;公共卫生;安全要求;安全性管理;系统管理;系统安全设计
【英文主题词】:Accesscontrols;Certificates;Computersciences;Dataprotection;Definitions;Hospitals;Hostsystems;Identification;Identitytesting;Interoperability;ITsecurity;Medicalinformatics;Medicalsciences;Models;Networkmanagement;Protectionofinformation;Publichealth;Safetyrequirements;Securitymanagement;Systemmanagement;Systemsafetycontrivance
【摘要】:ThispartofISO/TS22600isintendedtosupporttheneedsofhealthcareinformationsharingacrossunaffiliatedprovidersofhealthcare,healthcareorganizations,healthinsurancecompanies,theirpatients,staffmembersandtradingpartners.Itisalsointendedtosupportinquiriesfrombothindividualsandapplicationsystems.ISO/TS22600definesmethodsformanagingauthorizationandaccesscontroltodataand/orfunctions.Itaccommodatespolicybridging.Itisbasedonaconceptualmodelwherelocalauthorizationserversandcrossborderdirectoryandpolicyrepositoryservicescanassistaccesscontrolinvariousapplications(softwarecomponents).Thepolicyrepositoryprovidesinformationonrulesforaccesstovariousapplicationfunctionsbasedonrolesandotherattributes.Thedirectoryserviceenablesidentificationoftheindividualuser.Thegrantedaccesswillbebasedonfouraspects:theauthenticatedidentificationoftheuser;therulesforaccessconnectedwithaspecificinformationobject;therulesregardingauthorizationattributeslinkedtotheuserprovidedbytheauthorizationmanager;thefunctionsofthespecificapplication.ThispartofISO/TS22600shouldbeusedinaperspectiverangingfromalocalsituationtoaregionalornationalone.Oneofthekeypointsintheseperspectivesistohaveorganizationalcriteriacombinedwithauthorizationprofilesagreeduponfromboththerequestinganddeliveringsideinawrittenpolicyagreement.ThispartofISO/TS22600supportscollaborationbetweenseveralauthorizationmanagersthatmayoperateoverorganizationalandpolicyborders.Thecollaborationisdefinedinapolicyagreement,signedbyallinvolvedorganizations,andconstitutesthebasicplatformfortheoperation.Adocumentationformatisproposed,asaplatformforthepolicyagreement,whichmakesitpossibletoobtaincomparabledocumentationfromallpartiesinvolvedintheinformationexchangeofinformation.ThispartofISO/TS22600excludesplatform-specificandimplementationdetails.Itdoesnotspecifytechnicalcommunicationsecurityservicesandprotocolsthathavebeenestablishedinotherstandards,e.g.ENV13608.Italsoexcludesauthenticationtechniques.ThispartofISO/TS22600introducestheunderlyingparadigmofformalhighlevelmodelsforarchitecturalcomponentsbasedonISO/IEC10746.Inthatcontext,theDomainModel,theDocumentModel,thePolicyModel,theRoleModel,theAuthorizationModel,theDelegationModel,theControlModelandtheAccessControlModelareintroduced.Thespecificationsareprovidedusingthemeta-languagesUnifiedModellingLanguage(UML)andExtensibleMarkupLanguage(XML).Additionaldiagramsareusedforexplainingtheprinciples.TheattributesusedhavebeenreferencedtotheHL7ReferenceInformationModelandtheHL7datatypedefinitions.
【中国标准分类号】:C07
【国际标准分类号】:35_240_80
【页数】:27P.;A4
【正文语种】:英语
【原文标准名称】:医用信息.权限管理和入口控制.第2部分:形式模型
【标准号】:ISO/TS22600-2-2006
【标准状态】:现行
【国别】:国际
【发布日期】:2006-08
【实施或试行日期】:
【发布单位】:国际标准化组织(IX-ISO)
【起草单位】:ISO/TC215
【标准类型】:()
【标准水平】:()
【中文主题词】:入口控制;合格证书;计算机科学;定义;医院;主机系统;识别;同一性试验;交替使用性;TI安全性;医用信息;医学科学;模型;网络管理;资料保护;公共卫生;安全要求;安全性管理;系统管理;系统安全设计
【英文主题词】:Accesscontrols;Certificates;Computersciences;Dataprotection;Definitions;Hospitals;Hostsystems;Identification;Identitytesting;Interoperability;ITsecurity;Medicalinformatics;Medicalsciences;Models;Networkmanagement;Protectionofinformation;Publichealth;Safetyrequirements;Securitymanagement;Systemmanagement;Systemsafetycontrivance
【摘要】:ThispartofISO/TS22600isintendedtosupporttheneedsofhealthcareinformationsharingacrossunaffiliatedprovidersofhealthcare,healthcareorganizations,healthinsurancecompanies,theirpatients,staffmembersandtradingpartners.Itisalsointendedtosupportinquiriesfrombothindividualsandapplicationsystems.ISO/TS22600definesmethodsformanagingauthorizationandaccesscontroltodataand/orfunctions.Itaccommodatespolicybridging.Itisbasedonaconceptualmodelwherelocalauthorizationserversandcrossborderdirectoryandpolicyrepositoryservicescanassistaccesscontrolinvariousapplications(softwarecomponents).Thepolicyrepositoryprovidesinformationonrulesforaccesstovariousapplicationfunctionsbasedonrolesandotherattributes.Thedirectoryserviceenablesidentificationoftheindividualuser.Thegrantedaccesswillbebasedonfouraspects:theauthenticatedidentificationoftheuser;therulesforaccessconnectedwithaspecificinformationobject;therulesregardingauthorizationattributeslinkedtotheuserprovidedbytheauthorizationmanager;thefunctionsofthespecificapplication.ThispartofISO/TS22600shouldbeusedinaperspectiverangingfromalocalsituationtoaregionalornationalone.Oneofthekeypointsintheseperspectivesistohaveorganizationalcriteriacombinedwithauthorizationprofilesagreeduponfromboththerequestinganddeliveringsideinawrittenpolicyagreement.ThispartofISO/TS22600supportscollaborationbetweenseveralauthorizationmanagersthatmayoperateoverorganizationalandpolicyborders.Thecollaborationisdefinedinapolicyagreement,signedbyallinvolvedorganizations,andconstitutesthebasicplatformfortheoperation.Adocumentationformatisproposed,asaplatformforthepolicyagreement,whichmakesitpossibletoobtaincomparabledocumentationfromallpartiesinvolvedintheinformationexchangeofinformation.ThispartofISO/TS22600excludesplatform-specificandimplementationdetails.Itdoesnotspecifytechnicalcommunicationsecurityservicesandprotocolsthathavebeenestablishedinotherstandards,e.g.ENV13608.Italsoexcludesauthenticationtechniques.ThispartofISO/TS22600introducestheunderlyingparadigmofformalhighlevelmodelsforarchitecturalcomponentsbasedonISO/IEC10746.Inthatcontext,theDomainModel,theDocumentModel,thePolicyModel,theRoleModel,theAuthorizationModel,theDelegationModel,theControlModelandtheAccessControlModelareintroduced.Thespecificationsareprovidedusingthemeta-languagesUnifiedModellingLanguage(UML)andExtensibleMarkupLanguage(XML).Additionaldiagramsareusedforexplainingtheprinciples.TheattributesusedhavebeenreferencedtotheHL7ReferenceInformationModelandtheHL7datatypedefinitions.
【中国标准分类号】:C07
【国际标准分类号】:35_240_80
【页数】:27P.;A4
【正文语种】:英语
下载地址:
点击此处下载