1、February 2015Translation by DIN-Sprachendienst.English price group 27No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).IC
2、S 35.240.80!%?c“2286427www.din.deDDIN EN ISO 22600-3Health informatics Privilege management and access control Part 3: Implementations (ISO 22600-3:2014);English version EN ISO 22600-3:2014,English translation of DIN EN ISO 22600-3:2015-02Medizinische Informatik Privilegienmanagement und Zugriffsste
3、uerung Teil 3: Implementierungen (ISO 22600-3:2014);Englische Fassung EN ISO 22600-3:2014,Englische bersetzung von DIN EN ISO 22600-3:2015-02Informatique de sant Gestion de privilges et contrle daccs Partie 3: Mises en oeuvre (ISO 22600-3:2014);Version anglaise EN ISO 22600-3:2014,Traduction anglais
4、e de DIN EN ISO 22600-3:2015-02www.beuth.deIn case of doubt, the German-language original shall be considered authoritative.Document comprises 75 pages01.15 DIN EN ISO 22600-3:2015-02 2 A comma is used as the decimal marker. National foreword This document (EN ISO 22600-3:2014) has been prepared by
5、Technical Committee ISO/TC 215 “Health informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” (Secretariat: NEN, Netherlands). The responsible German body involved in its preparation was the DIN-Normenausschuss Medizin (DIN Standards Committee Medicine), Working Commi
6、ttee NA 063-07-04 AA Sicherheit. The text of ISO 22600-3 has been adopted without any modification. In translating the text into German particular attention was paid to the use of a correct and consistent technical terminology in German. The full English term is given for each term in Clause 3 “Term
7、s and definitions”. English text in figures 1, 3, Tables 2, C.1 and in program lines of Annexes A and D has been taken over because a translation into German was considered to be unnecessary and the target group of IT specialists normally has sufficient knowledge of English to understand these texts
8、. DIN EN ISO 22600 consists of the following parts, under the general title Health informatics Privilege management and access control: Part 1: Overview and policy management Part 2: Formal models Part 3: Implementations EN ISO 22600-3October 2014 ICS 35.240.80 English Version Health informatics - P
9、rivilege management and access control - Part 3: Implementations (ISO 22600-3:2014) Informatique de sant - Gestion de privilges et contrle daccs - Partie 3: Mises en oeuvre (ISO 22600-3:2014) Medizinische Informatik - Privilegienmanagement undZugriffssteuerung - Teil 3: Implementierungen(ISO 22600-3
10、:2014)This European Standard was approved by CEN on 21 June 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
11、references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of
12、a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Mace
13、donia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey andUnited Kingdom. CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN
14、All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 22600-3:2014 EEUROPEAN COMMITTEE FOR STANDARDIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMITEE FR NORMUNGEUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMContents Page Foreword .
15、 3 Introduction . 4 1 Scope . 7 2 Normative references. 7 3 Terms and definitions 7 4 Abbreviated terms 19 5 Structures and services for privilege management and access control 21 6 Interpretation of ISO 22600-2 formal models in healthcare settings 24 7 Concept representation for health information
16、systems . 24 7.1 Overview . 24 7.2 Domain languages . 25 7.3 OCL constraint modelling . 26 7.4 Other constraint representations . 26 8 Consent . 28 8.1 Overview . 28 8.2 Patient consent . 28 8.3 Patient consent management . 28 9 Emergency access . 28 10 Refinement of the control model 29 11 Refineme
17、nt of the delegation model 29 Annex A (informative) Privilege management infrastructure 30 Annex B (informative) Attribute certificate extensions 66 Annex C (informative) Terminology comparison 68 Annex D (informative) Examples for policy management and policy representation 69 Bibliography 72 DIN E
18、N ISO 22600-3:2015-02 EN ISO 22600-3:2014 (E) 2ForewordThis document (EN ISO 22600-3:2014) has been prepared by Technical Committee ISO/TC 215 Health informatics in collaboration with Technical Committee CEN/TC 251 “Health informatics” the secretariat of which is held by NEN. This European Standard
19、shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by April 2015, and conflicting national standards shall be withdrawn at the latest by April 2015. Attention is drawn to the possibility that some of the elements of this docu
20、ment may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard:
21、Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, S
22、weden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO 22600-3:2014 has been approved by CEN as EN ISO 22600-3:2014 without any modification. “”DIN EN ISO 22600-3:2015-02EN ISO 22600-3:2014 (E)3IntroductionThe distributed architecture of shared care information systems
23、 supporting service-oriented architecture (SOA) is increasingly based on corporate networks and virtual private networks. For meeting the interoperability challenge, the use of standardized user interfaces, tools, and protocols, which ensures platform independence, but also the number of really open
24、 information systems, is rapidly growing during the last couple of years.As a common situation today, hospitals are supported by several vendors providing different applications, which are not able to communicate authentication and authorization since each has its own way of handling these functions
25、. For achieving an integrated scenario, it takes a remarkable amount of money, time, and efforts to get users and changing organizational environments dynamically mapped before starting communication and cooperation. Resources required for the development and maintenance of security functions grow e
26、xponentially with the number of applications, with the complexity of organizations towards a regional, national, or even international level, and with the flexibility of users playing multiple roles, sometimes even simultaneously.The situation becomes even more challenging when inter-organizational
27、communications happens, thereby crossing security policy domain boundaries. Moving from one healthcare centre to another or from country to country, different rules for privileges and their management can apply to similar types of users, both for execution of particular functions and for access to i
28、nformation. The policy differences between these domains have to be bridged automatically or through policy agreements, defining sets of rules followed by the parties involved, for achieving interoperability.Another challenge to be met is how to improve the quality of care by using IT without infrin
29、ging the privacy of the patient. To provide physicians with adequate information about the patient, a virtual electronic health care record is required which makes it possible to keep track of all the activities belonging to one patient regardless of where and by whom they have been performed and do
30、cumented. In such an environment, a generic model or specific agreement between the parties for managing privileges and access control including the patient or its representative is needed.Besides a diversity of roles and responsibilities, typical for any type of large organization, also ethical and
31、 legal aspects in the healthcare scenario due to the sensitivity of person-related health information managed and its personal and social impact have to be considered.Advanced solutions for privilege management and access control are required today already, but this challenge will even grow over the
32、 next couple of years. The reason is the increase of information exchanged between systems in order to fulfil the demands of health service providers at different care levels for having access to more and more patient-related information to ensure the quality and efficiency of patients diagnosis and
33、 treatment, however combined with increased security and privacy risks.The implementation of this International Standard might be currently too advanced and therefore not feasible in certain organizational and technical settings. For meeting the basic principle of best possible action, it is therefo
34、re very important that at least a policy agreement is written between the parties stating to progress towards this International Standard when any update/upgrade of the systems is intended. The level of formalization and granularity of policies and the objects these policies are bound to defines the
35、 solution maturity on a pathway towards the presented specification.The policy agreement also has to contain defined differences in the security systems and agreed solutions on how to overcome the differences. For example, the authentication service and privileges of a requesting party at the respon
36、ding site have to be managed according to the policy declared in the agreement. For that reason, information and service requester, as well as information and service provider on the one hand, and information and services requested and provided on the other hand, have to be grouped and classified in
37、 a limited number of concepts for enabling the specification of a limited number of solution categories. Based on that classification, claimant mechanisms, target sensitivity mechanisms, and policy specification and management mechanisms can be implemented. Once all parties have signed the policy ag
38、reement, the communication and information exchange can start with the existing systems if the parties can accept the risks. If there are unacceptable risks which have to be eliminated before the information exchange starts, they also have to be recorded in the policy agreement DIN EN ISO 22600-3:20
39、15-02 EN ISO 22600-3:2014 (E) 4together with an action plan stating how these risks have to be removed. The policy agreement also has to contain a time plan for this work and an agreement on how it has to be financed.The documentation of the negotiation process is very important and provides the pla
40、tform for the policy agreement.Privilege management and access control address security and privacy services required for communication and cooperation, i.e. distributed use of health information. It also implies safety aspects, professional standards, and legal and ethical issues. This Internationa
41、l Standard introduces principles and specifies services needed for managing privileges and access control. Cryptographic protocols are out of the scope of this International Standard.This three-part International Standard references existing architectural and security standards as well as specificat
42、ions in the healthcare area such as ISO, CEN, ASTM, OMG, W3C, etc., and endorses existing appropriate standards or identifies enhancements or modifications or the need for new standards. It comprises of: ISO 22600-1: describes the scenarios and the critical parameters in information exchange across
43、policy domains. It also gives examples of necessary documentation methods as the basis for the policy agreement. ISO 22600-2: describes and explains, in a more detailed manner, the architectures and underlying models for privilege management and access control which are necessary for secure informat
44、ion sharing including the formal representation of policies. ISO 22600-3: describes examples of implementable specifications of application security services and infrastructural services using different specification languages.It accommodates policy bridging. It is based on a conceptual model where
45、local authorization servers and cross-border directory and policy repository services can assist access control in various applications (software components). The policy repository provides information on rules for access to various application functions based on roles and other attributes. The dire
46、ctory service enables identification of the individual user. The granted access will be based on four aspects: the authenticated identification of principals (i.e. human users and objects that need to operate under their own rights) involved; the rules for access to a specific information object inc
47、luding purpose of use; the rules regarding authorization attributes linked to the principal provided by the authorization manager; the functions of the specific application.This International Standard supports collaboration between several authorization managers that can operate over organizational
48、and policy borders.This International Standard is strongly related to other ISO/TC 215 works such as ISO 17090 (all parts), ISO 22857, ISO 21091, and ISO 21298.This International Standard is meant to be read in conjunction with its complete set of associated standards.Based on the Unified Process, a
49、 three-dimensional architectural reference model has been derived for defining the constraint models needed. The dimensions of the Generic Component Model used are the domain axis, the decomposition/composition axis, and the axis describing the views on a system and its components. For being future-proof, sustainable, flexible, portable, and scalable, only the constraining process and the resulting security-related meta-models are presented. The instantiation and impl
