ISO 21298:2017 pdf download

ISO 21298:2017 pdf download.Health informatics — Functional and structural roles
1 Scope
This document defines a model for expressing functional and structural roles and populates it with a basic set of roles for international use in health applications. Roles are generally assigned to entities that are actors. This will focus on roles of persons (e.g. the roles of health professionals) and their roles in the context of the provision of care (e.g. subject of care). Roles can be structural (e.g. licensed general practitioner, non-licensed transcriptionist, etc.) or functional (e.g. a provider who is a member of a therapeutic team, an attending physician, prescriber, etc.). Structural roles are relatively static, often lasting for many years. They deal with relationships between entities expressed at a level of complex concepts. Functional roles are bound to the realization of actions and are highly dynamic. They are normally expressed at a decomposed level of fine-grained concepts. Roles addressed in this document are not restricted to privilege management purposes, though privilege management and access control is one of the applications of this document. This document does not address specifications related to permissions. This document treats the role and the permission as separate constructs. Further details regarding the relationship with permissions, policy, and access control are provided in ISO 22600.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http:// www .electropedia .org/
— ISO Online browsing platform: available at http:// www .iso .org/ obp
3.1 access control
means of ensuring that the resources of a data processing system can be accessed only by authorized entities in authorized ways
[SOURCE: ISO/IEC 2382-8:2015, 2126294]
3.2 attribute certificate authority
AA
authority which assigns privileges by issuing attribute certificates (3.3)
[SOURCE: ISO/IEC 9594-8:2014, 3.5.2, modified]
5 Modeling roles in an architectural context
5.1 Roles within the Generic Component Model
For embedding components meeting functional requirements and services needed in a system, the components of that system have to be managed in its architectural context. Therefore, requirements analysis, design, and deployment of those components have to be developed and managed based on a reference architecture following a unified process. With the Generic Component Model (GCM), such reference architecture in conformance with essential standards for distributed, component-based, service-oriented and semantically interoperable information systems has been developed in the mid-1990s (e.g. ISO/IEC 9594-8, ISO/IEC 10746-2, and ISO/IEC 2382-8) and used in the context of several ISO TC 215 and CEN TC 251, as well as HL7 specifications. The model specifies a component-based and service-oriented architecture for any domain. While this document goes beyond security and privacy issues.