假设我们有以下EHR的例子
<?xml version="1.0" ?>
<ehr id="BH13325600">
<personalInfo>
<patientId > PI-33181CRA </patientId>
<name> Smith Fred </name>
<birthdate > 07/01/1962 </birthdate>
<driverL> S350-000-4434 </driverL>
<p_email> smith.f@domain.net </p_email>
<gender> Male </gender>
<address> 166 Hortaon Ave </address>
<city> GR </city>
<state> Michigan </state>
<postCode> 49008 </postCode>
</personalInfo>
<healthInfo>
<summaryOVisit>
Mr. Smith is 53 years-old MALE who presents complaining for breathing for the past Bla Bla
</summaryOVisit>
<diagnosis> diagnosed with both knees inflammation
</diagnosis>
<physicianNotes > The patient has diabetes and hypertension
</physicianNotes>
<labResults> Glucose H107 74-100 mg/dL,
Ca 10.1 8.6-10.2 mg/dL,
BUN 17 8-23 mg/dL,
</labResults>
<medicationInfo> Lipitor 20 MG Oral Tablet,
</medicationInfo>
<accountInfo> Active since 08/22/2008, referred by Dr. Jeff Peterson </accountInfo>
</healthInfo>
<billingInfo>
<name> Smith Fred </name>
<birthdate> 07/01/1962 </birthdate>
<sSN> 888-888-8888</sSN>
<healthInsPolicyNo> JXE2346620 </healthInsPolicyNo>
<paymentType> CCard </paymentType>
<cardNumber> 0000-0000-0000-0000 </cardNumber>
<address> 166 Hortaon Ave </address>
<city> GR</city>
<state> Michigan </state>
</billingInfo>
</ehr>
这是外科医生要求进入EHR的请求(外科医生想要访问所有EHR,包括所有子元素)
<?xml version="1.0" encoding="UTF-8"?>
<Request
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:xsi="https://www.w3.org/TR/2004/REC-xmlschema-1-20041028"
xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"
ReturnPolicyIdList="false"
CombinedDecision="false">
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
<AttributeValue DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
mjack@ces.dh.com <!-- Surgeon-->
</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">
file://data/SmithFred/EHR <!-- location of Patient's EHR -->
</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
read <!-- Access Actions-->
</AttributeValue>
</Attribute>
</Attributes>
</Request>
在遵守政策之前:Q1:您认为我错过了请求中的内容吗?如果是的话请告诉我。
我提出了一个变量值TVT,它应该是EHR的每个子元素(记录)的信任值,并且外科医生有TV(信任值)。当电视&gt; = TVT作为记录时,surgoen将能够访问EHR中的任何记录。 所以根据你的建议,我必须为EHR中的每个子元素编写规则。我添加了这条规则作为例子,以确保我的方式正确:
<Rule RuleId="Data Reduction Rule" effect= "Permit">
<Description>
Any subject with an e-mail name in the health.network.com can access (read) only records with TV >= TVT.
</Description>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
<VariableReference VariableId= TVT>
<Attribute IncludeInResult="false" AttributeId="SSNTV">
<Attributevalue DataType="http://www.w3.org/2001/XMLSchema#integer">80<Attributevalue/>
</Attribute>
</Apply>
</Condition>
</Rule>
这是一个很长的问题,但您的反馈非常感谢。感谢