W3C Semantic Web Projects.
for more details, see the background slides.
PREFIX :mydb <http://cityhospital.example/dbs> CONSTRUCT { ?o a :PatientObservation . ?o :patient ?p . ?p foaf:name ?pName . ?p :takes ?takes . ?o :doctor ?d . ?d foaf:name ?dName }
WHERE { ?o mydb:patient ?p . ?o mydb:doctor ?d . ?d mydb:name ?dName . ?p mydb:patientName ?pName . }
PREFIX :obs <http://cityhospital.example/dbs/observations> PREFIX :ppl <http://cityhospital.example/dbs/people> PREFIX :med <http://cityhospital.example/dbs/medication> PREFIX :acl <http://cityhospital.example/dbs/acls> CONSTRUCT { ?o a :PatientObservation . ?o :patient ?p . ?p foaf:name ?pName . ?p :takes ?takes . ?o :doctor ?d . ?d foaf:name ?dName }
WHERE { ?o obs:patient ?p . ?o obs:doctor ?d . ?d ppl:name ?dName . OPTIONAL { ?p ppl:familyName ?pName . ?acl acls:entitles ?_requester . ?acl acls:includes acls:identity } OPTIONAL { ?p obs:medication ?takes . ?acl acls:entitles ?_requester . ?acl acls:includes acls:medication }
GRAPH <users> { ?_requestor x:username $USER ; x:ip $IP ; } }
from protocol
SELECT { ?o :patient ?p . ?p :takes ?takes . ?o :doctor ?d . ?d :foaf:name "Dr. Bob" }
Specific endowment language
Read or write a particular field.
Roles for describing endowments in large strokes
PrimaryCarePhysician implies access to medical history.
Rules extending endowments
Radiologist at accredited clinic implies access to X-ray corpus.
Obligations
Doctor must not deliver medical history to third parties.
Product Integration | |||
---|---|---|---|
<Policy PolicyId="Policy0" RuleCombiningAlgId="Permit-Overrides"> <Description>Sales Report Policy</Description> <Target/> <Rule RuleId="Report_Access" Effect="Permit"> <Target> <Subjects> <Subject> Manager </Subject> </Subjects> <Resources> <Resource> Sales Report </Resource> </Resources> <Actions> <Action> Modify </Action> </Actions> </Target> <Condition> <SubjectAttributeDesignator AttributeId="Division“/> <AttributeValue> Sales Department </AttributeValue> </Condition> </Rule> <Rule RuleId="FinalRule" Effect="Deny"/> </Policy>
concept | HL7 |
---|---|
Identification | PRD-006 |
Progress Notes | PRD-017 |
Past Visits | PRD-012 |
Medical History | PRD-003 |
Vitals/Measurements | PRD-005 |
Provider Info | PRD-009 |
Medications | PRD-010 |
Request |
@prefix xacml: <urn:oasis:names:tc:xacml:2.0:context:schema:os> . @prefix subject1: <urn:oasis:names:tc:xacml:1.0:subject:> . @prefix subject2: <urn:oasis:names:tc:xacml:2.0:subject:> . @prefix hl7-subject: <urn:oasis:names:tc:xspa:1.0:subject:hl7:> . @prefix hl7-resource: <urn:oasis:names:tc:xspa:1.0:resource:hl7:> . @prefix hl7-xspa: <urn:oasis:names:tc:xspa:1.0:hl7:> . @prefix resource: <urn:oasis:names:tc:xacml:1.0:resource:> . @prefix env: <urn:oasis:names:tc:xspa:1.0:environment:> . <> doc:schemaLocation "urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/ access_control-xacml-2.0-context-schema-os.xsd" . [ a xacml:Request ; xacml:Subject [ subject1:subject-id "Dr. Bob" ; subject1:locality "Facility A" ; subject2:role "physician" ; hl7-subject:permission hl7-xspa:prd-006 , hl7-xspa:prd-010 ; subject2:purpose "Healthcare Treatment" . ] ; xacml:Resource [ resource:resource-id "Bambi Smith" ; hl7-resource:type hl7-resource:medical-record . ] ; env:locality "Facility A" . ] . |
FILTER( x:UBA_notExcludes_subject($p, "Bob") && # protocol x:UBA_notExcludes_role($p, <physician>) && (/* MA? */) && x:data_includes(?p, <P_006>) && # CONSTRUCT rule x:data_includes(?p, <P_010>) && # CONSTRUCT rule x:locality_includes(?p, "192.168.1.1") && # protocol x:role_includes(?p, <physician>) )
WHERE { ?o mydb:patient ?p . ?o mydb:doctor ?d . ?d mydb:name ?dName . ?p mydb:patientName ?pName . GRAPH <policies> { ?p x:data includes "identity" } ?p mydb:medication ?takes . GRAPH <policies> { ?p x:data includes "medication" } GRAPH <users> { _:requestor x:username "Bob" ; x:ip "192.168.1.1" ; } }
PREFIX :obs <http://cityhospital.example/dbs/observations> PREFIX :ppl <http://cityhospital.example/dbs/people> PREFIX :med <http://cityhospital.example/dbs/medication> PREFIX :acl <http://cityhospital.example/dbs/acls> CONSTRUCT { ?o a :PatientObservation . ?o :patient ?p . ?p :foaf:name ?pName . ?o :doctor ?d . ?d :foaf:name ?dName }
WHERE { ?o obs:patient ?p . ?o obs:doctor ?d . ?d ppl:name ?dName . OPTIONAL { ?p ppl:familyName ?pName . ?acl acls:entitles ?_requester . ?acl acls:includes acls:identity } OPTIONAL { ?p obs:medication ?takes . ?acl acls:entitles ?_requester . ?acl acls:includes acls:medication }
GRAPH <users> { ?_requestor x:username $USER ; x:ip $IP ; } }
from protocol
<foo> a xacml:Policy ; xacml:pair [ xacml:pattern "{ ?a ppl:familyName ?b . }" ; xacml:covers hl7:identity ] ; xacml:pair [ xacml:pattern "{ ?a obs:medication ?b . }" ; xacml:covers hl7:medication ] .