This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.3: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

• Narrative Content
• XML
• JSON
• TTL

: Audit Example of a basic SAML access token of comprehensive from QDI sample - TTL Representation

Raw ttl | Download

@prefix fhir: <http://hl7.org/fhir/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

# - resource -------------------------------------------------------------------

 a fhir:AuditEvent ;
  fhir:nodeRole fhir:treeRoot ;
  fhir:id [ fhir:v "ex-auditPoke-SAML-QDI-Comp"] ; # 
  fhir:meta [
    ( fhir:profile [
fhir:v "https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive"^^xsd:anyURI ;
fhir:link <https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive>     ] ) ;
    ( fhir:security [
fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ActReason"^^xsd:anyURI ] ;
fhir:code [ fhir:v "HTEST" ]     ] )
  ] ; # 
  fhir:text [
fhir:status [ fhir:v "extensions" ] ;
fhir:div "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p><b>Generated Narrative: AuditEvent</b><a name=\"ex-auditPoke-SAML-QDI-Comp\"> </a></p><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\">Resource AuditEvent &quot;ex-auditPoke-SAML-QDI-Comp&quot; </p><p style=\"margin-bottom: 0px\">Profile: <a href=\"StructureDefinition-IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive.html\">Basic AuditEvent pattern for when an activity was authorized by an SAML access token Comprehensive</a></p><p style=\"margin-bottom: 0px\">Security Labels: <span title=\"{http://terminology.hl7.org/CodeSystem/v3-ActReason http://terminology.hl7.org/CodeSystem/v3-ActReason}\">http://terminology.hl7.org/CodeSystem/v3-ActReason</span></p></div><p><b>type</b>: Application Activity (Details: DICOM code 110100 = 'Application Activity', stated as 'Application Activity')</p><p><b>subtype</b>: Boredom poke (Details: urn:ietf:rfc:1438 code poke = 'poke', stated as 'Boredom poke')</p><p><b>action</b>: R</p><p><b>recorded</b>: Dec 3, 2021, 3:49:00 AM</p><p><b>outcome</b>: 0</p><blockquote><p><b>agent</b></p><p><b>AuditEvent.agent Assurance Level</b>: X509 <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#X509)</span></p><p><b>AuditEvent.agent other identifiers</b>: SAML subject-id/Karl S Skagerberg</p><p><b>type</b>: information recipient <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.3.0/CodeSystem-v3-ParticipationType.html\">ParticipationType</a>#IRCP; <a href=\"CodeSystem-UserAgentTypes.html\">The code used to identifiy a User Agent</a>#UserSamlAgent)</span></p><p><b>role</b>: Public health officier <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#307969004)</span></p><p><b>who</b>: <span><code>ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS</code>/UID=kskagerb</span></p><p><b>requestor</b>: true</p><p><b>policy</b>: <code>_d87f8adf-711a-4545-bf77-ff8517b498e4</code></p><p><b>purposeOfUse</b>: Uses and disclosures for public health activities. <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#PUBLICHEALTH)</span></p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: healthcare provider <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/5.3.0/CodeSystem-v3-RoleClass.html\">RoleClass</a>#PROV)</span></p><p><b>who</b>: <span>: connectred5.fedsconnect.org</span></p><p><b>requestor</b>: false</p></blockquote><h3>Sources</h3><table class=\"grid\"><tr><td style=\"display: none\">-</td><td><b>Site</b></td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td style=\"display: none\">*</td><td>server.example.com</td><td><a href=\"Device-ex-device.html\">Device/ex-device</a></td><td>Application Server (Details: http://terminology.hl7.org/CodeSystem/security-source-type code 4 = 'Application Server', stated as 'Application Server')</td></tr></table><blockquote><p><b>entity</b></p><p><b>what</b>: <span>urn:oid:1.2.3.4.123456789</span></p><p><b>type</b>: Consent (Details: http://hl7.org/fhir/resource-types code Consent = 'Consent', stated as 'Consent')</p><blockquote><p><b>detail</b></p><p><b>type</b>: urn:ihe:iti:xua:2012:acp</p><p><b>value</b>: urn:oid:1.2.3.4</p></blockquote><blockquote><p><b>detail</b></p><p><b>type</b>: urn:oasis:names:tc:xacml:2.0:resource:resource-id</p><p><b>value</b>: 500000000^^^&amp;amp;2.16.840.1.113883.3.333&amp;amp;ISO</p></blockquote></blockquote></div>"
  ] ; # 
  fhir:type [
fhir:system [ fhir:v "http://dicom.nema.org/resources/ontology/DCM"^^xsd:anyURI ] ;
fhir:code [ fhir:v "110100" ] ;
fhir:display [ fhir:v "Application Activity" ]
  ] ; # 
  fhir:subtype ( [
fhir:system [ fhir:v "urn:ietf:rfc:1438"^^xsd:anyURI ] ;
fhir:code [ fhir:v "poke" ] ;
fhir:display [ fhir:v "Boredom poke" ]
  ] ) ; # 
  fhir:action [ fhir:v "R"] ; # 
  fhir:recorded [ fhir:v "2021-12-03T09:49:00.000Z"^^xsd:dateTime] ; # 
  fhir:outcome [ fhir:v "0"] ; # 
  fhir:agent ( [
    ( fhir:extension [
fhir:url [ fhir:v "https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel"^^xsd:anyURI ] ;
fhir:value [
a fhir:CodeableConcept ;
        ( fhir:coding [
fhir:system [ fhir:v "urn:oasis:names:tc:SAML:2.0:ac:classes"^^xsd:anyURI ] ;
fhir:code [ fhir:v "X509" ]         ] )       ]     ] [
fhir:url [ fhir:v "https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId"^^xsd:anyURI ] ;
fhir:value [
a fhir:Identifier ;
fhir:type [
          ( fhir:coding [
fhir:system [ fhir:v "https://profiles.ihe.net/ITI/BALP/CodeSystem/OtherIdentifierTypes"^^xsd:anyURI ] ;
fhir:code [ fhir:v "SAML-subject-id" ]           ] )         ] ;
fhir:value [ fhir:v "Karl S Skagerberg" ]       ]     ] ) ;
fhir:type [
      ( fhir:coding [
fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-ParticipationType"^^xsd:anyURI ] ;
fhir:code [ fhir:v "IRCP" ] ;
fhir:display [ fhir:v "information recipient" ]       ] [
fhir:system [ fhir:v "https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes"^^xsd:anyURI ] ;
fhir:code [ fhir:v "UserSamlAgent" ]       ] )     ] ;
    ( fhir:role [
      ( fhir:coding [
fhir:system [ fhir:v "urn:oid:2.16.840.1.113883.6.96"^^xsd:anyURI ] ;
fhir:code [ fhir:v "307969004" ] ;
fhir:display [ fhir:v "Public health officier" ]       ] )     ] ) ;
fhir:who [
fhir:identifier [
fhir:system [ fhir:v "ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS"^^xsd:anyURI ] ;
fhir:value [ fhir:v "UID=kskagerb" ]       ]     ] ;
fhir:requestor [ fhir:v "true"^^xsd:boolean ] ;
    ( fhir:policy [ fhir:v "_d87f8adf-711a-4545-bf77-ff8517b498e4"^^xsd:anyURI ] ) ;
    ( fhir:purposeOfUse [
      ( fhir:coding [
fhir:system [ fhir:v "urn:oid:2.16.840.1.113883.3.18.7.1"^^xsd:anyURI ] ;
fhir:code [ fhir:v "PUBLICHEALTH" ] ;
fhir:display [ fhir:v "Uses and disclosures for public health activities." ]       ] )     ] )
  ] [
fhir:type [
      ( fhir:coding [
fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/v3-RoleClass"^^xsd:anyURI ] ;
fhir:code [ fhir:v "PROV" ] ;
fhir:display [ fhir:v "healthcare provider" ]       ] )     ] ;
fhir:who [
fhir:identifier [
fhir:value [ fhir:v "urn:oid:2.16.840.1.113883.3.333" ]       ] ;
fhir:display [ fhir:v "connectred5.fedsconnect.org" ]     ] ;
fhir:requestor [ fhir:v "false"^^xsd:boolean ]
  ] ) ; # 
  fhir:source [
fhir:site [ fhir:v "server.example.com" ] ;
fhir:observer [
fhir:reference [ fhir:v "Device/ex-device" ]     ] ;
    ( fhir:type [
fhir:system [ fhir:v "http://terminology.hl7.org/CodeSystem/security-source-type"^^xsd:anyURI ] ;
fhir:code [ fhir:v "4" ] ;
fhir:display [ fhir:v "Application Server" ]     ] )
  ] ; # 
  fhir:entity ( [
fhir:what [
fhir:identifier [
fhir:value [ fhir:v "urn:oid:1.2.3.4.123456789" ]       ]     ] ;
fhir:type [
fhir:system [ fhir:v "http://hl7.org/fhir/resource-types"^^xsd:anyURI ] ;
fhir:code [ fhir:v "Consent" ] ;
fhir:display [ fhir:v "Consent" ]     ] ;
    ( fhir:detail [
fhir:type [ fhir:v "urn:ihe:iti:xua:2012:acp" ] ;
fhir:value [ fhir:v "urn:oid:1.2.3.4" ]     ] [
fhir:type [ fhir:v "urn:oasis:names:tc:xacml:2.0:resource:resource-id" ] ;
fhir:value [ fhir:v "500000000^^^&amp;2.16.840.1.113883.3.333&amp;ISO" ]     ] )
  ] ) . #