Basic Audit Log Patterns (BALP)
1.1.3 - Trial-Implementation International flag

This page is part of the IHE Basic Audit Log Patterns (BALP) (v1.1.3: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

Resource Profile: Basic AuditEvent pattern for when an activity was authorized by an SAML access token Comprehensive

Official URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive Version: 1.1.3
Active as of 2024-02-14 Computable Name: SAMLaccessTokenUseComprehensive

A basic AuditEvent profile for when an activity was authorized by an SAML access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the SAML access token.

The following table uses a short-hand for the SAML fields and FHIR AuditEvent elements to keep the table compact. It is presumed the reader can understand the SAML field and the FHIR AuditEvent element given. Note the ~ character represents attributes under the SAML AttributeStatement.

Builds upon the Minimal

SAML field Comprehensive AuditEvent
ID agent[user].policy
Issuer agent[user].who.identifier.system
Subject.NameID agent[user].who.identifier.value
~subject:role agent[user].role
~subject:purposeofuse agent[user].purposeOfUse
AuthnContextClassRef agent[user].extension[assuranceLevel]
~subject:subject-id agent[user].extension[otherId][subject-id].value
~subject:npi agent[user].extension[otherId][npi].value
~subject:provider-identifier agent[user].extension[otherId][provider-id].value
~subject:organization agent[userorg].who.display
~subject:organization-id agent[userorg].who.identifier.value
~homeCommunityId agent[homeCommunityId].who.identifier.value
~bppc:2007:docid entity[consent].what.identifier.value
~xua:2012:acp entity[consent].detail.valueString
~resource:resource-id entity[consent-patient].what.identifier.value

Usage:

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from AuditEvent

NameFlagsCard.TypeDescription & Constraintsdoco
.. AuditEvent 0..*AuditEventEvent record kept for security purposes
... Slices for agent 1..*BackboneElementActor involved in the event
Slice: Unordered, Open by pattern:type
.... agent:All Slices Content/Rules for all slices
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
.... agent:user 1..*BackboneElementActor involved in the event
..... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url, value:value.ofType(Identifier).type
...... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
...... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
...... extension:otherId/subject-id 0..*OtherIdAuditEvent.agent other identifiers
....... value[x]
........ type 0..1CodeableConceptDescription of identifier
Required Pattern: At least the following
......... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
.......... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/OtherIdentifierTypes
.......... code1..1codeSymbol in syntax defined by the system
Fixed Value: SAML-subject-id
........ value S1..1stringSAML Attribute subject-id
...... extension:otherId/npi 0..*OtherIdAuditEvent.agent other identifiers
....... value[x]
........ type 0..1CodeableConceptDescription of identifier
Required Pattern: At least the following
......... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
.......... system1..1uriIdentity of the terminology system
Fixed Value: http://terminology.hl7.org/CodeSystem/v2-0203
.......... code1..1codeSymbol in syntax defined by the system
Fixed Value: NPI
........ value S1..1stringSAML Attribute npi
...... extension:otherId/provider-id 0..*OtherIdAuditEvent.agent other identifiers
....... value[x]
........ type 0..1CodeableConceptDescription of identifier
Required Pattern: At least the following
......... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
.......... system1..1uriIdentity of the terminology system
Fixed Value: http://terminology.hl7.org/CodeSystem/v2-0203
.......... code1..1codeSymbol in syntax defined by the system
Fixed Value: PRN
........ value S1..1stringSAML Attribute provider-identifier
..... type 1..1CodeableConceptHow agent participated
Required Pattern: At least the following
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... system1..1uriIdentity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: UserSamlAgent
..... role S0..*CodeableConceptSAML subject:role(s)
..... who 1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
...... identifier
....... system S0..1uriSAML Issuer
....... value S1..1stringSAML Subject.NameID
..... altId 0..0
..... requestor 1..1booleanWhether user is initiator
Required Pattern: true
..... policy S1..1uriSAML token ID
..... media 0..0
..... network 0..0
..... purposeOfUse S0..*CodeableConceptSAML subject:purposeofuse
.... agent:userorg 0..*BackboneElementActor involved in the event
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... type 1..1CodeableConceptHow agent participated
Required Pattern: At least the following
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... system1..1uriIdentity of the terminology system
Fixed Value: http://terminology.hl7.org/CodeSystem/v3-RoleClass
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: PROV
..... role 0..0
..... who
...... identifier
....... value S1..1stringSAML Attribute urn:oasis:names:tc:xspa:1.0:subject:organization-id
...... display S1..1stringSAML Attribute urn:oasis:names:tc:xspa:1.0:subject:organization
..... altId 0..0
..... name 0..0
..... requestor 1..1booleanWhether user is initiator
Required Pattern: false
..... location 0..0
..... policy 0..0
..... media 0..0
..... network 0..0
..... purposeOfUse 0..0
.... agent:homeCommunityId 0..*BackboneElementActor involved in the event
..... assuranceLevel S0..*CodeableConceptAuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)
..... otherId S0..*IdentifierAuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
..... type 1..1CodeableConceptHow agent participated
Required Pattern: At least the following
...... coding1..*CodingCode defined by a terminology system
Fixed Value: (complex)
....... system1..1uriIdentity of the terminology system
Fixed Value: urn:ihe:iti:xca:2010
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: homeCommunityId
..... role 0..0
..... who
...... identifier S1..1IdentifierhomeCommunityId
..... altId 0..0
..... name 0..0
..... requestor 1..1booleanWhether user is initiator
Required Pattern: false
..... location 0..0
..... policy 0..0
..... media 0..0
..... network 0..0
..... purposeOfUse 0..0
... Slices for entity 0..*BackboneElementData or objects used
Slice: Unordered, Open by pattern:type
.... entity:consent 0..*BackboneElementData or objects used
..... what
...... identifier S0..1IdentifierBPPC Patient Privacy Policy Acknowledgement Document unique id
..... type 1..1CodingType of entity involved
Required Pattern: At least the following
...... system1..1uriIdentity of the terminology system
Fixed Value: http://hl7.org/fhir/resource-types
...... code1..1codeSymbol in syntax defined by the system
Fixed Value: Consent
..... Slices for detail 0..*BackboneElementAdditional Information about the entity
Slice: Unordered, Open by pattern:type
...... detail:acp 0..1BackboneElementHome Community ID where the Consent is.
....... type 1..1stringName of the property
Required Pattern: urn:ihe:iti:xua:2012:acp
....... value[x] 1..1stringProperty value
...... detail:patient-id 0..1BackboneElementThe Patient Identity where the Consent is.
....... type 1..1stringName of the property
Required Pattern: urn:oasis:names:tc:xacml:2.0:resource:resource-id
....... value[x] 1..1stringProperty value

doco Documentation for this format

 

Other representations of profile: CSV, Excel, Schematron