Basic Audit Log Patterns (BALP)
1.1.3 - Trial-Implementation International flag

This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.3: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

: Audit Example of a basic SAML access token of comprehensive from QDI sample - JSON Representation

Raw json | Download


{
  "resourceType" : "AuditEvent",
  "id" : "ex-auditPoke-SAML-QDI-Comp",
  "meta" : {
    "profile" : [
      🔗 "https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive"
    ],
    "security" : [
      {
        "system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
        "code" : "HTEST"
      }
    ]
  },
  "text" : {
    "status" : "extensions",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p><b>Generated Narrative: AuditEvent</b><a name=\"ex-auditPoke-SAML-QDI-Comp\"> </a></p><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\">Resource AuditEvent &quot;ex-auditPoke-SAML-QDI-Comp&quot; </p><p style=\"margin-bottom: 0px\">Profile: <a href=\"StructureDefinition-IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive.html\">Basic AuditEvent pattern for when an activity was authorized by an SAML access token Comprehensive</a></p><p style=\"margin-bottom: 0px\">Security Labels: <span title=\"{http://terminology.hl7.org/CodeSystem/v3-ActReason http://terminology.hl7.org/CodeSystem/v3-ActReason}\">http://terminology.hl7.org/CodeSystem/v3-ActReason</span></p></div><p><b>type</b>: Application Activity (Details: DICOM code 110100 = 'Application Activity', stated as 'Application Activity')</p><p><b>subtype</b>: Boredom poke (Details: urn:ietf:rfc:1438 code poke = 'poke', stated as 'Boredom poke')</p><p><b>action</b>: R</p><p><b>recorded</b>: Dec 3, 2021, 3:49:00\u202fAM</p><p><b>outcome</b>: 0</p><blockquote><p><b>agent</b></p><p><b>AuditEvent.agent Assurance Level</b>: X509 <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#X509)</span></p><p><b>AuditEvent.agent other identifiers</b>: SAML subject-id/Karl S Skagerberg</p><p><b>type</b>: information recipient <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.3.0/CodeSystem-v3-ParticipationType.html\">ParticipationType</a>#IRCP; <a href=\"CodeSystem-UserAgentTypes.html\">The code used to identifiy a User Agent</a>#UserSamlAgent)</span></p><p><b>role</b>: Public health officier <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#307969004)</span></p><p><b>who</b>: <span><code>ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS</code>/UID=kskagerb</span></p><p><b>requestor</b>: true</p><p><b>policy</b>: <code>_d87f8adf-711a-4545-bf77-ff8517b498e4</code></p><p><b>purposeOfUse</b>: Uses and disclosures for public health activities. <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#PUBLICHEALTH)</span></p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: healthcare provider <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.3.0/CodeSystem-v3-RoleClass.html\">RoleClass</a>#PROV)</span></p><p><b>who</b>: <span>: connectred5.fedsconnect.org</span></p><p><b>requestor</b>: false</p></blockquote><h3>Sources</h3><table class=\"grid\"><tr><td style=\"display: none\">-</td><td><b>Site</b></td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td style=\"display: none\">*</td><td>server.example.com</td><td><a href=\"Device-ex-device.html\">Device/ex-device</a></td><td>Application Server (Details: http://terminology.hl7.org/CodeSystem/security-source-type code 4 = 'Application Server', stated as 'Application Server')</td></tr></table><blockquote><p><b>entity</b></p><p><b>what</b>: <span>urn:oid:1.2.3.4.123456789</span></p><p><b>type</b>: Consent (Details: http://hl7.org/fhir/resource-types code Consent = 'Consent', stated as 'Consent')</p><blockquote><p><b>detail</b></p><p><b>type</b>: urn:ihe:iti:xua:2012:acp</p><p><b>value</b>: urn:oid:1.2.3.4</p></blockquote><blockquote><p><b>detail</b></p><p><b>type</b>: urn:oasis:names:tc:xacml:2.0:resource:resource-id</p><p><b>value</b>: 500000000^^^&amp;amp;2.16.840.1.113883.3.333&amp;amp;ISO</p></blockquote></blockquote></div>"
  },
  "type" : {
    "system" : "http://dicom.nema.org/resources/ontology/DCM",
    "code" : "110100",
    "display" : "Application Activity"
  },
  "subtype" : [
    {
      "system" : "urn:ietf:rfc:1438",
      "code" : "poke",
      "display" : "Boredom poke"
    }
  ],
  "action" : "R",
  "recorded" : "2021-12-03T09:49:00.000Z",
  "outcome" : "0",
  "agent" : [
    {
      "extension" : [
        {
          "url" : "https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel",
          "valueCodeableConcept" : {
            "coding" : [
              {
                "system" : "urn:oasis:names:tc:SAML:2.0:ac:classes",
                "code" : "X509"
              }
            ]
          }
        },
        {
          "url" : "https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId",
          "valueIdentifier" : {
            "type" : {
              "coding" : [
                {
                  "system" : "https://profiles.ihe.net/ITI/BALP/CodeSystem/OtherIdentifierTypes",
                  "code" : "SAML-subject-id"
                }
              ]
            },
            "value" : "Karl S Skagerberg"
          }
        }
      ],
      "type" : {
        "coding" : [
          {
            "system" : "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
            "code" : "IRCP",
            "display" : "information recipient"
          },
          {
            "system" : "https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes",
            "code" : "UserSamlAgent"
          }
        ]
      },
      "role" : [
        {
          "coding" : [
            {
              "system" : "urn:oid:2.16.840.1.113883.6.96",
              "code" : "307969004",
              "display" : "Public health officier"
            }
          ]
        }
      ],
      "who" : {
        "identifier" : {
          "system" : "ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS",
          "value" : "UID=kskagerb"
        }
      },
      "requestor" : true,
      "policy" : [
        "_d87f8adf-711a-4545-bf77-ff8517b498e4"
      ],
      "purposeOfUse" : [
        {
          "coding" : [
            {
              "system" : "urn:oid:2.16.840.1.113883.3.18.7.1",
              "code" : "PUBLICHEALTH",
              "display" : "Uses and disclosures for public health activities."
            }
          ]
        }
      ]
    },
    {
      "type" : {
        "coding" : [
          {
            "system" : "http://terminology.hl7.org/CodeSystem/v3-RoleClass",
            "code" : "PROV",
            "display" : "healthcare provider"
          }
        ]
      },
      "who" : {
        "identifier" : {
          "value" : "urn:oid:2.16.840.1.113883.3.333"
        },
        "display" : "connectred5.fedsconnect.org"
      },
      "requestor" : false
    }
  ],
  "source" : {
    "site" : "server.example.com",
    "observer" : {
      🔗 "reference" : "Device/ex-device"
    },
    "type" : [
      {
        "system" : "http://terminology.hl7.org/CodeSystem/security-source-type",
        "code" : "4",
        "display" : "Application Server"
      }
    ]
  },
  "entity" : [
    {
      "what" : {
        "identifier" : {
          "value" : "urn:oid:1.2.3.4.123456789"
        }
      },
      "type" : {
        "system" : "http://hl7.org/fhir/resource-types",
        "code" : "Consent",
        "display" : "Consent"
      },
      "detail" : [
        {
          "type" : "urn:ihe:iti:xua:2012:acp",
          "valueString" : "urn:oid:1.2.3.4"
        },
        {
          "type" : "urn:oasis:names:tc:xacml:2.0:resource:resource-id",
          "valueString" : "500000000^^^&amp;2.16.840.1.113883.3.333&amp;ISO"
        }
      ]
    }
  ]
}