StructureDefinition-IHE.BasicAudit.SAMLaccessTokenUse.Minimal

Source

ihe.iti.balp#current:Basic Audit Log Patterns (BALP) (v4.0.1)

resourceType

StructureDefinition

IHE.BasicAudit.SAMLaccessTokenUse.Minimal

canonical

https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Minimal

version

1.1.2

status

active

publisher

IHE IT Infrastructure Technical Committee

name

SAMLaccessTokenUseMinimal

title

Basic AuditEvent pattern for when an activity was authorized by an SAML access token Minimal

date

2023-07-28T13:59:05+00:00

description

A basic AuditEvent profile for when an activity was authorized by an SAML access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the SAML access token. - Given an activity has occurred - And SAML is used to authorize a transaction - And the given activity is using the SAML - XUA - SAML requires ID and Issuer, so this profile of AuditEvent will work with any SAML token. - usually SOAP, but not limited to SOAP - When an AuditEvent is recorded for the activity - Presumes that the consent and server have been identified in agent elements, best case with certificate identities - Then that AuditEvent would follow this profile regarding recording the SAML access token details The following table uses a short-hand for the SAML fields and FHIR AuditEvent elements to keep the table compact. It is presumed the reader can understand the SAML field and the FHIR AuditEvent element given. Note the `~` character represents attributes under the SAML `AttributeStatement`. | SAML field | Minimal AuditEvent |-----------------------|----------------------| | ID | agent[user].policy | Issuer | agent[user].who.identifier.system | Subject.NameID | agent[user].who.identifier.value | ~subject:purposeofuse | agent[user].purposeOfUse note: this profile records minimal information from the SAML access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information.

jurisdictions

fhirVersion

4.0.1

kind

resource

abstract

false

sdTtype

AuditEvent

derivation

constraint

base

http://hl7.org/fhir/StructureDefinition/AuditEvent

Usages

IHE BALP Audit Creator (profile)
IHE ATNA Audit Record Repository supporting BALP Content (profile)
IHE BALP Audit Consumer (profile)

Name	Flags	Card.	Type	Description & Constraints
AuditEvent			AuditEvent
Slices for agent				Slice: Unordered, Open by pattern:type
agent:All Slices				Content/Rules for all slices
Slices for extension				Slice: Unordered, Open by value:url
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: todo ( preferred )
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
agent:user		1..*
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: todo ( preferred )
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
type		1..		Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
code		1..1	code	Symbol in syntax defined by the system Fixed Value: UserSamlAgent
who		1..
identifier
system	S			SAML Issuer
value	S	1..		SAML Subject.NameID
requestor				Required Pattern: true
policy	S	1..1		SAML token ID
media		.. 0
network		.. 0
purposeOfUse	S			SAML subject:purposeofuse
Documentation for this format

Produced 08 Sep 2023