ImageVerifierCode 换一换
格式:PDF , 页数:33 ,大小:2.17MB ,
资源ID:682559      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-682559.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(DIN EN ISO 22600-2-2015 Health informatics - Privilege management and access control - Part 2 Formal models (ISO 22600-2 2014) German version EN ISO 22600-2 2014《健康信息学 特权管理和访问控制 第2.pdf)为本站会员(amazingpat195)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

DIN EN ISO 22600-2-2015 Health informatics - Privilege management and access control - Part 2 Formal models (ISO 22600-2 2014) German version EN ISO 22600-2 2014《健康信息学 特权管理和访问控制 第2.pdf

1、February 2015Translation by DIN-Sprachendienst.English price group 15No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).IC

2、S 35.240.80!%?c=“2286426www.din.deDDIN EN ISO 22600-2Health informatics Privilege management and access control Part 2: Formal models (ISO 22600-2:2014);English version EN ISO 22600-2:2014,English translation of DIN EN ISO 22600-2:2015-02Medizinische Informatik Privilegienmanagement und Zugriffssteu

3、erung Teil 2: Formale Modelle (ISO 22600-2:2014);Englische Fassung EN ISO 22600-2:2014,Englische bersetzung von DIN EN ISO 22600-2:2015-02Informatique de sant Gestion de privilges et contrle daccs Partie 2: Modles formels (ISO 22600-2:2014);Version anglaise EN ISO 22600-2:2014,Traduction anglaise de

4、 DIN EN ISO 22600-2:2015-02www.beuth.deIn case of doubt, the German-language original shall be considered authoritative.Document comprises 33 pages01.15 DIN EN ISO 22600-2:2015-02 2 A comma is used as the decimal marker. National foreword This document (EN ISO 22600-2:2014) has been prepared by Tech

5、nical Committee ISO/TC 215 “Health informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” (Secretariat: NEN, Netherlands). The responsible German body involved in its preparation was the DIN-Normenausschuss Medizin (DIN Standards Committee Medicine), Working Committee

6、 NA 063-07-04 AA Sicherheit. The text of ISO 22600-2 has been adopted without any modification. In translating the text into German particular attention was paid to the use of a correct and consistent technical terminology in German. The full English term is given for each term in Clause 3 “Terms an

7、d definitions”. English text in figures 4, 5, 6, 9, 10, A.3, A.4, A.5 and in Tables 1, 2 and A.1 has been taken over because a translation into German was considered to be unnecessary and the target group of IT specialists normally has sufficient knowledge of English to understand these texts. The D

8、IN Standard corresponding to the International Standard referred to in this document is as follows: ISO/IEC 27002 DIN ISO/IEC 27002 DIN EN ISO 22600 consists of the following parts, under the general title Health informatics Privilege management and access control: Part 1: Overview and policy manage

9、ment Part 2: Formal models Part 3: Implementations National Annex NA (informative) Bibliography DIN ISO/IEC 27002, Information technology Security techniques Code of practice for information secu-rity management (currently at draft stage) EN ISO 22600-2 October 2014 ICS 35.240.80 English Version Hea

10、lth informatics - Privilege management and access control - Part 2: Formal models (ISO 22600-2:2014) Informatique de sant - Gestion de privilges et contrle daccs - Partie 2: Modles formels (ISO 22600-2:2014) Medizinische Informatik - Privilegienmanagement undZugriffssteuerung - Teil 2: Formale Model

11、le(ISO 22600-2:2014)This European Standard was approved by CEN on 22 May 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bib

12、liographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the respo

13、nsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Rep

14、ublic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey andUnited Kingdom. CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Bruss

15、els 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 22600-2:2014 EEUROPEAN COMMITTEE FOR STANDARDIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMITEE FR NORMUNGEUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMContents Pa

16、ge Foreword . 3 Introduction . 4 1 Scope . 6 2 Normative references. 6 3 Terms and definitions 6 4 Abbreviated terms 11 5 Component paradigm 11 6 Generic models 12 6.1 Framework 12 6.2 Domain model . 14 6.3 Document model 15 6.4 Policy model . 16 6.5 Role model 19 6.6 Authorization model Role and pr

17、ivilege assignment . 19 6.7 Control model . 20 6.8 Delegation model . 21 6.9 Access control model 23 Annex A (informative) Functional and structural roles 25 Bibliography 30 2DIN EN ISO 22600-2:2015-02 EN ISO 22600-2:2014 (E) ForewordThis document (EN ISO 22600-2:2014) has been prepared by Technical

18、 Committee ISO/TC 215 Health informatics in collaboration with Technical Committee CEN/TC 251 “Health informatics” the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the la

19、test by April 2015, and conflicting national standards shall be withdrawn at the latest by April 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all suc

20、h patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Maced

21、onia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO 22600-2:2014 has been approved by C

22、EN as EN ISO 22600-2:2014 without any modification. “”3DIN EN ISO 22600-2:2015-02EN ISO 22600-2:2014 (E)IntroductionThe distributed architecture of shared care information systems supporting service-oriented architecture (SOA) is increasingly based on corporate networks and virtual private networks.

23、 For meeting the interoperability challenge, the use of standardized user interfaces, tools, and protocols, which ensures platform independence, but also the number of really open information systems, is rapidly growing during the last couple of years.As a common situation today, hospitals are suppo

24、rted by several vendors providing different applications, which are not able to communicate authentication and authorization since each has its own way of handling these functions. For achieving an integrated scenario, it takes a remarkable amount of money, time, and efforts to get users and changin

25、g organizational environments dynamically mapped before starting communication and cooperation. Resources required for the development and maintenance of security functions grow exponentially with the number of applications, with the complexity of organizations towards a regional, national, or even

26、international level, and with the flexibility of users playing multiple roles, sometimes even simultaneously.The situation becomes even more challenging when inter-organizational communications happens, thereby crossing security policy domain boundaries. Moving from one healthcare centre to another

27、or from country to country, different rules for privileges and their management can apply to similar types of users, both for execution of particular functions and for access to information. The policy differences between these domains have to be bridged automatically or through policy agreements, d

28、efining sets of rules followed by the parties involved, for achieving interoperability.Another challenge to be met is how to improve the quality of care by using IT without infringing the privacy of the patient. To provide physicians with adequate information about the patient, a virtual electronic

29、health care record is required which makes it possible to keep track of all the activities belonging to one patient regardless of where and by whom they have been performed and documented. In such an environment, a generic model or specific agreement between the parties for managing privileges and a

30、ccess control including the patient or its representative is needed.Besides a diversity of roles and responsibilities, typical for any type of large organization, also ethical and legal aspects in the healthcare scenario due to the sensitivity of person-related health information managed and its per

31、sonal and social impact have to be considered.Advanced solutions for privilege management and access control are required today already, but this challenge will even grow over the next couple of years. The reason is the increase of information exchanged between systems in order to fulfil the demands

32、 of health service providers at different care levels for having access to more and more patient-related information to ensure the quality and efficiency of patients diagnosis and treatment, however combined with increased security and privacy risks.The implementation of this International Standard

33、might be currently too advanced and therefore not feasible in certain organizational and technical settings. For meeting the basic principle of best possible action, it is therefore very important that at least a policy agreement is written between the parties stating to progress towards this Intern

34、ational Standard when any update/upgrade of the systems is intended. The level of formalization and granularity of policies and the objects these policies are bound to defines the solution maturity on a pathway towards the presented specification.The policy agreement also has to contain defined diff

35、erences in the security systems and agreed solutions on how to overcome the differences. For example, the authentication service and privileges of a requesting party at the responding site have to be managed according to the policy declared in the agreement. For that reason, information and service

36、requester, as well as information and service provider on the one hand, and information and services requested and provided on the other hand, have to be grouped and classified in a limited number of concepts for enabling the specification of a limited number of solution categories. Based on that cl

37、assification, claimant mechanisms, target sensitivity mechanisms, and policy specification and management mechanisms can be implemented. Once all parties have signed the policy agreement, the communication and information exchange can start with the existing systems if the parties can accept the ris

38、ks. If there are unacceptable risks which have to be eliminated before the information exchange starts, they shall also be recorded in the policy agreement 4DIN EN ISO 22600-2:2015-02 EN ISO 22600-2:2014 (E) together with an action plan stating how these risks shall be removed. The policy agreement

39、also has to contain a time plan for this work and an agreement on how it shall be financed.The documentation of the negotiation process is very important and provides the platform for the policy agreement.Privilege management and access control address security and privacy services required for comm

40、unication and cooperation, i.e. distributed use of health information. It also implies safety aspects, professional standards, and legal and ethical issues. This International Standard introduces principles and specifies services needed for managing privileges and access control. Cryptographic proto

41、cols are out of the scope of this International Standard.This three-part International Standard references existing architectural and security standards as well as specifications in the healthcare area such as ISO, CEN, ASTM, OMG, W3C, etc., and endorses existing appropriate standards or identifies

42、enhancements or modifications or the need for new standards. It comprises of: ISO 22600-1: describes the scenarios and the critical parameters in information exchange across policy domains. It also gives examples of necessary documentation methods as the basis for the policy agreement. ISO 22600-2:

43、describes and explains, in a more detailed manner, the architectures and underlying models for privilege management and access control which are necessary for secure information sharing including the formal representation of policies. ISO 22600-3: describes examples of implementable specifications o

44、f application security services and infrastructural services using different specification languages.It accommodates policy bridging. It is based on a conceptual model where local authorization servers and cross border directory and policy repository services can assist access control in various app

45、lications (software components). The policy repository provides information on rules for access to various application functions based on roles and other attributes. The directory service enables identification of the individual user. The granted access will be based on four aspects: the authenticat

46、ed identification of principals (i.e. human users and objects that need to operate under their own rights) involved; the rules for access to a specific information object including purpose of use; the rules regarding authorization attributes linked to the principal provided by the authorization mana

47、ger; the functions of the specific applicationThis International Standard supports collaboration between several authorization managers that can operate over organizational and policy borders.This International Standard is strongly related to other ISO/TC 215 work such as ISO 17090 (all parts), ISO

48、22857, ISO 21091, and ISO 21298.This International Standard is meant to be read in conjunction with its complete set of associated standards.5DIN EN ISO 22600-2:2015-02EN ISO 22600-2:2014 (E)1 ScopeThis multi-part International Standard defines principles and specifies services needed for managing p

49、rivileges and access control to data and/or functions.It focuses on communication and use of health information distributed across policy domain boundaries. This includes healthcare information sharing across unaffiliated providers of healthcare, healthcare organizations, health insurance companies, their patients, staff members, and trading partners by both individuals and application systems ranging from a local situation to a regional or even national situatio

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1