Basic Audit Log Patterns (BALP)
1.1.0 - Trial-Implementation International flag

This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.0: Trial Implementation) based on FHIR R4. This is the current published version. For a full list of available versions, see the Directory of published versions

: Audit Example of a basic SAML access token of comprehensive from QDI sample - TTL Representation

Raw ttl | Download


@prefix fhir: <http://hl7.org/fhir/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

# - resource -------------------------------------------------------------------

 a fhir:AuditEvent;
  fhir:nodeRole fhir:treeRoot;
  fhir:Resource.id [ fhir:value "ex-auditPoke-SAML-QDI-Comp"];
  fhir:Resource.meta [
     fhir:Meta.profile [
       fhir:value "https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive";
       fhir:index 0;
       fhir:link <https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive>     ];
     fhir:Meta.security [
       fhir:index 0;
       fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-ActReason" ];
       fhir:Coding.code [ fhir:value "HTEST" ]     ]
  ];
  fhir:DomainResource.text [
     fhir:Narrative.status [ fhir:value "extensions" ];
     fhir:Narrative.div "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p><b>Generated Narrative</b></p><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\">Resource \"ex-auditPoke-SAML-QDI-Comp\" </p><p style=\"margin-bottom: 0px\">Profile: <a href=\"StructureDefinition-IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive.html\">Basic AuditEvent pattern for when an activity was authorized by an SAML access token Comprehensive</a></p><p style=\"margin-bottom: 0px\">Security Labels: <span title=\"{http://terminology.hl7.org/CodeSystem/v3-ActReason http://terminology.hl7.org/CodeSystem/v3-ActReason}\">http://terminology.hl7.org/CodeSystem/v3-ActReason</span></p></div><p><b>type</b>: Application Activity (Details: DICOM code 110100 = 'Application Activity', stated as 'Application Activity')</p><p><b>subtype</b>: Boredom poke (Details: urn:ietf:rfc:1438 code poke = 'poke', stated as 'Boredom poke')</p><p><b>action</b>: R</p><p><b>recorded</b>: Dec 3, 2021 3:49:00 AM</p><p><b>outcome</b>: 0</p><blockquote><p><b>agent</b></p><p><b>AuditEvent.agent Assurance Level</b>: X509 <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#X509)</span></p><p><b>AuditEvent.agent other identifiers</b>: SAML subject-id: Karl S Skagerberg</p><p><b>type</b>: information recipient <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-v3-ParticipationType.html\">ParticipationType</a>#IRCP; <a href=\"CodeSystem-UserAgentTypes.html\">The code used to identifiy a User Agent</a>#UserSamlAgent)</span></p><p><b>role</b>: Public health officier <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#307969004)</span></p><p><b>who</b>: <span></span></p><p><b>requestor</b>: true</p><p><b>policy</b>: <code>_d87f8adf-711a-4545-bf77-ff8517b498e4</code></p><p><b>purposeOfUse</b>: Uses and disclosures for public health activities. <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (unknown#PUBLICHEALTH)</span></p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: healthcare provider <span style=\"background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki\"> (<a href=\"http://terminology.hl7.org/3.1.0/CodeSystem-v3-RoleClass.html\">RoleClass</a>#PROV)</span></p><p><b>who</b>: <span>: connectred5.fedsconnect.org</span></p><p><b>requestor</b>: false</p></blockquote><h3>Sources</h3><table class=\"grid\"><tr><td>-</td><td><b>Site</b></td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td>*</td><td>server.example.com</td><td><a href=\"Device-ex-device.html\">Device/ex-device</a></td><td>Application Server (Details: http://terminology.hl7.org/CodeSystem/security-source-type code 4 = 'Application Server', stated as 'Application Server')</td></tr></table><blockquote><p><b>entity</b></p><p><b>what</b>: <span></span></p><p><b>type</b>: Consent (Details: http://hl7.org/fhir/resource-types code Consent = 'Consent', stated as 'Consent')</p><blockquote><p><b>detail</b></p><p><b>type</b>: urn:ihe:iti:xua:2012:acp</p><p><b>value</b>: urn:oid:1.2.3.4</p></blockquote><blockquote><p><b>detail</b></p><p><b>type</b>: urn:oasis:names:tc:xacml:2.0:resource:resource-id</p><p><b>value</b>: 500000000^^^&amp;amp;2.16.840.1.113883.3.333&amp;amp;ISO</p></blockquote></blockquote></div>"
  ];
  fhir:AuditEvent.type [
     fhir:Coding.system [ fhir:value "http://dicom.nema.org/resources/ontology/DCM" ];
     fhir:Coding.code [ fhir:value "110100" ];
     fhir:Coding.display [ fhir:value "Application Activity" ]
  ];
  fhir:AuditEvent.subtype [
     fhir:index 0;
     fhir:Coding.system [ fhir:value "urn:ietf:rfc:1438" ];
     fhir:Coding.code [ fhir:value "poke" ];
     fhir:Coding.display [ fhir:value "Boredom poke" ]
  ];
  fhir:AuditEvent.action [ fhir:value "R"];
  fhir:AuditEvent.recorded [ fhir:value "2021-12-03T09:49:00.000Z"^^xsd:dateTime];
  fhir:AuditEvent.outcome [ fhir:value "0"];
  fhir:AuditEvent.agent [
     fhir:index 0;
     fhir:Element.extension [
       fhir:index 0;
       fhir:Extension.url [ fhir:value "https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel" ];
       fhir:Extension.valueCodeableConcept [
         fhir:CodeableConcept.coding [
           fhir:index 0;
           fhir:Coding.system [ fhir:value "urn:oasis:names:tc:SAML:2.0:ac:classes" ];
           fhir:Coding.code [ fhir:value "X509" ]         ]       ]     ], [
       fhir:index 1;
       fhir:Extension.url [ fhir:value "https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId" ];
       fhir:Extension.valueIdentifier [
         fhir:Identifier.type [
           fhir:CodeableConcept.coding [
             fhir:index 0;
             fhir:Coding.system [ fhir:value "https://profiles.ihe.net/ITI/BALP/CodeSystem/OtherIdentifierTypes" ];
             fhir:Coding.code [ fhir:value "SAML-subject-id" ]           ]         ];
         fhir:Identifier.value [ fhir:value "Karl S Skagerberg" ]       ]     ];
     fhir:AuditEvent.agent.type [
       fhir:CodeableConcept.coding [
         fhir:index 0;
         fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-ParticipationType" ];
         fhir:Coding.code [ fhir:value "IRCP" ];
         fhir:Coding.display [ fhir:value "information recipient" ]       ], [
         fhir:index 1;
         fhir:Coding.system [ fhir:value "https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes" ];
         fhir:Coding.code [ fhir:value "UserSamlAgent" ]       ]     ];
     fhir:AuditEvent.agent.role [
       fhir:index 0;
       fhir:CodeableConcept.coding [
         fhir:index 0;
         fhir:Coding.system [ fhir:value "urn:oid:2.16.840.1.113883.6.96" ];
         fhir:Coding.code [ fhir:value "307969004" ];
         fhir:Coding.display [ fhir:value "Public health officier" ]       ]     ];
     fhir:AuditEvent.agent.who [
       fhir:Reference.identifier [
         fhir:Identifier.system [ fhir:value "ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS" ];
         fhir:Identifier.value [ fhir:value "UID=kskagerb" ]       ]     ];
     fhir:AuditEvent.agent.requestor [ fhir:value "true"^^xsd:boolean ];
     fhir:AuditEvent.agent.policy [
       fhir:value "_d87f8adf-711a-4545-bf77-ff8517b498e4";
       fhir:index 0     ];
     fhir:AuditEvent.agent.purposeOfUse [
       fhir:index 0;
       fhir:CodeableConcept.coding [
         fhir:index 0;
         fhir:Coding.system [ fhir:value "urn:oid:2.16.840.1.113883.3.18.7.1" ];
         fhir:Coding.code [ fhir:value "PUBLICHEALTH" ];
         fhir:Coding.display [ fhir:value "Uses and disclosures for public health activities." ]       ]     ]
  ], [
     fhir:index 1;
     fhir:AuditEvent.agent.type [
       fhir:CodeableConcept.coding [
         fhir:index 0;
         fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/v3-RoleClass" ];
         fhir:Coding.code [ fhir:value "PROV" ];
         fhir:Coding.display [ fhir:value "healthcare provider" ]       ]     ];
     fhir:AuditEvent.agent.who [
       fhir:Reference.identifier [
         fhir:Identifier.value [ fhir:value "urn:oid:2.16.840.1.113883.3.333" ]       ];
       fhir:Reference.display [ fhir:value "connectred5.fedsconnect.org" ]     ];
     fhir:AuditEvent.agent.requestor [ fhir:value "false"^^xsd:boolean ]
  ];
  fhir:AuditEvent.source [
     fhir:AuditEvent.source.site [ fhir:value "server.example.com" ];
     fhir:AuditEvent.source.observer [
       fhir:Reference.reference [ fhir:value "Device/ex-device" ]     ];
     fhir:AuditEvent.source.type [
       fhir:index 0;
       fhir:Coding.system [ fhir:value "http://terminology.hl7.org/CodeSystem/security-source-type" ];
       fhir:Coding.code [ fhir:value "4" ];
       fhir:Coding.display [ fhir:value "Application Server" ]     ]
  ];
  fhir:AuditEvent.entity [
     fhir:index 0;
     fhir:AuditEvent.entity.what [
       fhir:Reference.identifier [
         fhir:Identifier.value [ fhir:value "urn:oid:1.2.3.4.123456789" ]       ]     ];
     fhir:AuditEvent.entity.type [
       fhir:Coding.system [ fhir:value "http://hl7.org/fhir/resource-types" ];
       fhir:Coding.code [ fhir:value "Consent" ];
       fhir:Coding.display [ fhir:value "Consent" ]     ];
     fhir:AuditEvent.entity.detail [
       fhir:index 0;
       fhir:AuditEvent.entity.detail.type [ fhir:value "urn:ihe:iti:xua:2012:acp" ];
       fhir:AuditEvent.entity.detail.valueString [ fhir:value "urn:oid:1.2.3.4" ]     ], [
       fhir:index 1;
       fhir:AuditEvent.entity.detail.type [ fhir:value "urn:oasis:names:tc:xacml:2.0:resource:resource-id" ];
       fhir:AuditEvent.entity.detail.valueString [ fhir:value "500000000^^^&amp;2.16.840.1.113883.3.333&amp;ISO" ]     ]
  ].

# - ontology header ------------------------------------------------------------

 a owl:Ontology;
  owl:imports fhir:fhir.ttl.