标准编号:ISO/TS 22600-1:2006
中文名称:医用信息.权限管理和入口控制.第1部分:综述和政策管理
英文名称:Health informatics — Privilege management and access control — Part 1: Overview and policy management
发布日期:2006-08
标准范围
This part of ISO/TS 22600 is intended to support the needs of healthcare information sharing acrossunaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staffmembers and trading partners. It is also intended to support inquiries from both individuals and applicationsystems.ISO/TS 22600 defines methods for managing authorization and access control to data and/or functions. Itaccommodates policy bridging. It is based on a conceptual model where local authorization servers and crossborderdirectory and policy repository services can assist access control in various applications (softwarecomponents). The policy repository provides information on rules for access to various application functionsbased on roles and other attributes. The directory service enables identification of the individual user. Thegranted access will be based on four aspects:the authenticated identification of the user;the rules for access connected with a specific information object;the rules regarding authorization attributes linked to the user provided by the authorization manager;the functions of the specific application.This part of ISO/TS 22600 should be used in a perspective ranging from a local situation to a regional ornational one. One of the key points in these perspectives is to have organizational criteria combined withauthorization profiles agreed upon from both the requesting and delivering side in a written policy agreement.This part of ISO/TS 22600 supports collaboration between several authorization managers that may operateover organizational and policy borders.The collaboration is defined in a policy agreement, signed by all involved organizations, and constitutes thebasic platform for the operation.A documentation format is proposed, as a platform for the policy agreement, which makes it possible to obtaincomparable documentation from all parties involved in the information exchange of information.This part of ISO/TS 22600 excludes platform-specific and implementation details. It does not specify technicalcommunication security services and protocols that have been established in other standards,e.g. ENV 13608. It also excludes authentication techniques.
立即下载标准文件