Access Control Policies Functional Profile
Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around access control constraints.
Access Control Policies include the following capabilities:
- creation, deletion, edit, maintenance of policy models
- descriptions to enable the policy modules to be visible, where the description includes a unique identifier for the policy and a sufficient, and preferably a machine processible, representation of the meaning of terms used to describe the policy, its functions, and its effects;
- one or more discovery mechanisms that enable searching for policies that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual policy descriptions, possibly through some repository mechanism;
- accessible storage of policies and policy descriptions, so service participants can access, examine, and use the policies as defined.
This Functional Profile includes, but is not limited to, the following capability elaborations:
Derived From Requirements
- Gap Analysis::HL7 CIC::CIC-4 - Provide controlled, secured access to stored data There is a need to manage access control and other applicable types of control for the repository; Note that “other applicable types of control” is to be defined later in the PIM and PSM.
- Semantic Infrastructure Requirements::Service Discovery and Governance::Service Policies Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around governance, access control and other design and runtime constraints.
- Semantic Infrastructure Requirements::Artifact Management::Specification Content to be done
accessContolPolicyModel
Access Control Policy Model with capabilities to create, destroy, edit, maintain service descriptions.
The Access Control Policy Model implementation includes the following capabilities
- descriptions to enable the policy modules to be visible, where the description includes a unique identifier for the policy and the metamodel representation of the meaning of terms used to describe the policy, its functions, and its effects;
- one or more discovery mechanisms that enable searching for policies that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual policy descriptions through some repository mechanism;
- accessible storage of policies and policy descriptions, so service participants can access, examine, and use the policies as defined.