Basic Audit Log Patterns (BALP)
1.1.3 - Trial-Implementation
This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.3: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions
<AuditEvent xmlns="http://hl7.org/fhir">
<id value="ex-auditPoke-SAML-QDI-Comp"/>
<meta>
<profile
value="https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive"/>
<security>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="HTEST"/>
</security>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p><b>Generated Narrative: AuditEvent</b><a name="ex-auditPoke-SAML-QDI-Comp"> </a></p><div style="display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%"><p style="margin-bottom: 0px">Resource AuditEvent "ex-auditPoke-SAML-QDI-Comp" </p><p style="margin-bottom: 0px">Profile: <a href="StructureDefinition-IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive.html">Basic AuditEvent pattern for when an activity was authorized by an SAML access token Comprehensive</a></p><p style="margin-bottom: 0px">Security Labels: <span title="{http://terminology.hl7.org/CodeSystem/v3-ActReason http://terminology.hl7.org/CodeSystem/v3-ActReason}">http://terminology.hl7.org/CodeSystem/v3-ActReason</span></p></div><p><b>type</b>: Application Activity (Details: DICOM code 110100 = 'Application Activity', stated as 'Application Activity')</p><p><b>subtype</b>: Boredom poke (Details: urn:ietf:rfc:1438 code poke = 'poke', stated as 'Boredom poke')</p><p><b>action</b>: R</p><p><b>recorded</b>: Dec 3, 2021, 3:49:00 AM</p><p><b>outcome</b>: 0</p><blockquote><p><b>agent</b></p><p><b>AuditEvent.agent Assurance Level</b>: X509 <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (unknown#X509)</span></p><p><b>AuditEvent.agent other identifiers</b>: SAML subject-id/Karl S Skagerberg</p><p><b>type</b>: information recipient <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (<a href="http://terminology.hl7.org/5.3.0/CodeSystem-v3-ParticipationType.html">ParticipationType</a>#IRCP; <a href="CodeSystem-UserAgentTypes.html">The code used to identifiy a User Agent</a>#UserSamlAgent)</span></p><p><b>role</b>: Public health officier <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (unknown#307969004)</span></p><p><b>who</b>: <span><code>ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS</code>/UID=kskagerb</span></p><p><b>requestor</b>: true</p><p><b>policy</b>: <code>_d87f8adf-711a-4545-bf77-ff8517b498e4</code></p><p><b>purposeOfUse</b>: Uses and disclosures for public health activities. <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (unknown#PUBLICHEALTH)</span></p></blockquote><blockquote><p><b>agent</b></p><p><b>type</b>: healthcare provider <span style="background: LightGoldenRodYellow; margin: 4px; border: 1px solid khaki"> (<a href="http://terminology.hl7.org/5.3.0/CodeSystem-v3-RoleClass.html">RoleClass</a>#PROV)</span></p><p><b>who</b>: <span>: connectred5.fedsconnect.org</span></p><p><b>requestor</b>: false</p></blockquote><h3>Sources</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Site</b></td><td><b>Observer</b></td><td><b>Type</b></td></tr><tr><td style="display: none">*</td><td>server.example.com</td><td><a href="Device-ex-device.html">Device/ex-device</a></td><td>Application Server (Details: http://terminology.hl7.org/CodeSystem/security-source-type code 4 = 'Application Server', stated as 'Application Server')</td></tr></table><blockquote><p><b>entity</b></p><p><b>what</b>: <span>urn:oid:1.2.3.4.123456789</span></p><p><b>type</b>: Consent (Details: http://hl7.org/fhir/resource-types code Consent = 'Consent', stated as 'Consent')</p><blockquote><p><b>detail</b></p><p><b>type</b>: urn:ihe:iti:xua:2012:acp</p><p><b>value</b>: urn:oid:1.2.3.4</p></blockquote><blockquote><p><b>detail</b></p><p><b>type</b>: urn:oasis:names:tc:xacml:2.0:resource:resource-id</p><p><b>value</b>: 500000000^^^&amp;2.16.840.1.113883.3.333&amp;ISO</p></blockquote></blockquote></div>
</text>
<type>
<system value="http://dicom.nema.org/resources/ontology/DCM"/>
<code value="110100"/>
<display value="Application Activity"/>
</type>
<subtype>
<system value="urn:ietf:rfc:1438"/>
<code value="poke"/>
<display value="Boredom poke"/>
</subtype>
<action value="R"/>
<recorded value="2021-12-03T09:49:00.000Z"/>
<outcome value="0"/>
<agent>
<extension
url="https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel">
<valueCodeableConcept>
<coding>
<system value="urn:oasis:names:tc:SAML:2.0:ac:classes"/>
<code value="X509"/>
</coding>
</valueCodeableConcept>
</extension>
<extension
url="https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId">
<valueIdentifier>
<type>
<coding>
<system
value="https://profiles.ihe.net/ITI/BALP/CodeSystem/OtherIdentifierTypes"/>
<code value="SAML-subject-id"/>
</coding>
</type>
<value value="Karl S Skagerberg"/>
</valueIdentifier>
</extension>
<type>
<coding>
<system
value="http://terminology.hl7.org/CodeSystem/v3-ParticipationType"/>
<code value="IRCP"/>
<display value="information recipient"/>
</coding>
<coding>
<system
value="https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes"/>
<code value="UserSamlAgent"/>
</coding>
</type>
<role>
<coding>
<system value="urn:oid:2.16.840.1.113883.6.96"/>
<code value="307969004"/>
<display value="Public health officier"/>
</coding>
</role>
<who>
<identifier>
<system
value="ldap:///CN%3DSAML%20User%2COU%3DHarris%2CO%3DHITS%2CL%3DMelbourne%2CST%3DFL%2CC%3DUS"/>
<value value="UID=kskagerb"/>
</identifier>
</who>
<requestor value="true"/>
<policy value="_d87f8adf-711a-4545-bf77-ff8517b498e4"/>
<purposeOfUse>
<coding>
<system value="urn:oid:2.16.840.1.113883.3.18.7.1"/>
<code value="PUBLICHEALTH"/>
<display value="Uses and disclosures for public health activities."/>
</coding>
</purposeOfUse>
</agent>
<agent>
<type>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/v3-RoleClass"/>
<code value="PROV"/>
<display value="healthcare provider"/>
</coding>
</type>
<who>
<identifier>
<value value="urn:oid:2.16.840.1.113883.3.333"/>
</identifier>
<display value="connectred5.fedsconnect.org"/>
</who>
<requestor value="false"/>
</agent>
<source>
<site value="server.example.com"/>
<observer>🔗
<reference value="Device/ex-device"/>
</observer>
<type>
<system
value="http://terminology.hl7.org/CodeSystem/security-source-type"/>
<code value="4"/>
<display value="Application Server"/>
</type>
</source>
<entity>
<what>
<identifier>
<value value="urn:oid:1.2.3.4.123456789"/>
</identifier>
</what>
<type>
<system value="http://hl7.org/fhir/resource-types"/>
<code value="Consent"/>
<display value="Consent"/>
</type>
<detail>
<type value="urn:ihe:iti:xua:2012:acp"/>
<valueString value="urn:oid:1.2.3.4"/>
</detail>
<detail>
<type value="urn:oasis:names:tc:xacml:2.0:resource:resource-id"/>
<valueString
value="500000000^^^&amp;2.16.840.1.113883.3.333&amp;ISO"/>
</detail>
</entity>
</AuditEvent>