NIH | National Cancer Institute | NCI Wiki  

Error rendering macro 'rw-search'

null

  • Created by Unknown User (digret), last modified on Sep 05, 2010

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Access Control Policies Functional Profile

Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around access control constraints.

Access Control Policies include the following capabilities:

  • creation, deletion, edit, maintenance of policy models
  • descriptions to enable the policy modules to be visible, where the description includes a unique identifier for the policy and a sufficient, and preferably a machine processible, representation of the meaning of terms used to describe the policy, its functions, and its effects;
  • one or more discovery mechanisms that enable searching for policies that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual policy descriptions, possibly through some repository mechanism;
  • accessible storage of policies and policy descriptions, so service participants can access, examine, and use the policies as defined.
  • expression of assertion and commitment policy constraints;
  • expression of positive and negative policy constraints;
  • expression of permission and obligation policy constraints;
  • nesting of policy constraints allowing for abstractions and refinements of a policy constraint;
  • definition of alternative policy constraints to allow for the selection of compatible policy constraints for a consumer and provider;
  • composition of policies to combine one or more policies.
  • decision procedures which must be able to measure and render decisions on constraints;
  • enforcement of decisions;
  • measurement and notification of obligation constraints;
  • auditability of decisions, enforcement, and obligation measurements;
  • administration of policy and contract language artifacts;
  • storage of policies and contracts;
  • distribution of policies/contracts;
  • conflict resolution or elevation of conflicts in policy rules;
  • delegation of policy authority to agents acting on behalf of a client;
  • decision procedures capable of incorporating roles and/or attributes for rendered decisions.

This Functional Profile includes, but is not limited to, the following capability elaborations:

Derived From Requirements

  • Gap Analysis::HL7 CIC::CIC-4 -  Provide controlled, secured access to stored data There is a need to manage access control and other applicable types of control for the repository; Note that “other applicable types of control” is to be defined later in the PIM and PSM. 
  • Semantic Infrastructure Requirements::Service Discovery and Governance::Service Policies Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around governance, access control and other design and runtime constraints.
  • Semantic Infrastructure Requirements::Artifact Management::Specification Content to be done

accessContolPolicyModel

Access Control Policy Model with capabilities to create, destroy, edit, maintain service descriptions.

The Access Control Policy Model implementation includes the following capabilities

  • descriptions to enable the policy modules to be visible, where the description includes a unique identifier for the policy and the metamodel representation of the meaning of terms used to describe the policy, its functions, and its effects;
  • one or more discovery mechanisms that enable searching for policies that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual policy descriptions through some repository mechanism;
  • accessible storage of policies and policy descriptions, so service participants can access, examine, and use the policies as defined.
  • expression of assertion and commitment policy constraints;
  • expression of positive and negative policy constraints;
  • expression of permission and obligation policy constraints;
  • nesting of policy constraints allowing for abstractions and refinements of a policy constraint;
  • definition of alternative policy constraints to allow for the selection of compatible policy constraints for a consumer and provider;
  • composition of policies to combine one or more policies.
  • decision procedures which must be able to measure and render decisions on constraints;
  • enforcement of decisions;
  • measurement and notification of obligation constraints;
  • auditability of decisions, enforcement, and obligation measurements;
  • administration of policy and contract language artifacts;
  • storage of policies and contracts;
  • distribution of policies/contracts;
  • conflict resolution or elevation of conflicts in policy rules;
  • delegation of policy authority to agents acting on behalf of a client;
  • decision procedures capable of incorporating roles and/or attributes for rendered decisions.
  • No labels