Profile Comparison between https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive vs https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive

Left:Basic AuditEvent pattern for when an activity was authorized by an IUA access token (https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive)
Right:Basic AuditEvent pattern for when an activity was authorized by an IUA access token (https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive)

Messages

ErrorStructureDefinition.versionValues for version differ: '1.1.2' vs '1.1.3'
InformationStructureDefinition.dateValues for date differ: '2023-08-01T08:42:00-05:00' vs '2024-02-14T15:31:49-06:00'

Metadata

NameValueComments
.abstractfalse
    .baseDefinitionhttp://hl7.org/fhir/StructureDefinition/AuditEvent
      .copyright
        .date2023-08-01T08:42:00-05:002024-02-14T15:31:49-06:00
        • Values Differ
        .descriptionA basic AuditEvent profile for when an activity was authorized by an IUA access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the IUA access token. - Given an activity has occured - And OAuth is used to authorize (both app and user) - And the given activity is using http with authorization: bearer mechanism - IUA - [3.72 Incorporate Access Token \[ITI-72\]](https://profiles.ihe.net/ITI/IUA/index.html#372-incorporate-access-token-iti-72) - Bulk Data Access - [11. Presenting an Access Token to FHIR API](https://hl7.org/fhir/uv/bulkdata/authorization/index.html#presenting-an-access-token-to-fhir-api) - SMART-app-launch - [7.1.5 Step 4: App accesses clinical data via FHIR API](http://hl7.org/fhir/smart-app-launch/index.html#step-4-app-accesses-clinical-data-via-fhir-api) - [HL7 Security for Scalable Registration, Authentication, and Authorization (aka UDAP) ](http://hl7.org/fhir/us/udap-security/history.html) when it gets published - When an AuditEvent is recorded for the activity - Then that AuditEvent would follow this profile regarding recording the IUA access token details - note: this profile records minimal information from the IUA access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information. - client slice holds the application details - This is likely replicated in other slices, but is consistently identified as the Application slice for ease of tracking all events caused by this client - place the client_id into .who.identifier.value (system is not needed, but avaialble if you have a system) - any network identification detail should be placed in .network (may be a IP address, or hostname) - oUser slice holds the user details - user id is recorded in the .who.identifier - user id is also recorded in .name to be more easy searched - if roles or purposeOfUse are known record them here - the JWT ID is recorded in .policy. Expecting that during audit anaysis this ID can be looked up and dereferenced
          .experimental
            .fhirVersion4.0.1
              .jurisdiction
                ..jurisdiction[0]http://unstats.un.org/unsd/methods/m49/m49.htm#001
                  .kindresource
                    .nameOAUTHaccessTokenUseComprehensive
                      .publisherIHE IT Infrastructure Technical Committee
                        .purpose
                          .statusactive
                            .titleBasic AuditEvent pattern for when an activity was authorized by an IUA access token
                              .typeAuditEvent
                                .urlhttps://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.OAUTHaccessTokenUse.Comprehensive
                                  .version1.1.21.1.3
                                  • Values Differ

                                  Structure

                                  NameL FlagsL Card.L TypeL Description & ConstraintsR FlagsR Card.L TypeL Description & ConstraintsCommentsdoco
                                  .. AuditEvent 0..*AuditEventEvent record kept for security purposes
                                  0..*AuditEventEvent record kept for security purposes
                                    ... id Σ0..1idLogical id of this artifactΣ0..1idLogical id of this artifact
                                      ... meta Σ0..1MetaMetadata about the resourceΣ0..1MetaMetadata about the resource
                                        ... implicitRules ?!Σ0..1uriA set of rules under which this content was created?!Σ0..1uriA set of rules under which this content was created
                                          ... language 0..1codeLanguage of the resource content
                                          Binding: ?? (preferred): A human language.

                                          Additional BindingsPurpose
                                          ??Max Binding
                                          0..1codeLanguage of the resource content
                                          Binding: ?? (preferred): A human language.

                                          Additional BindingsPurpose
                                          ??Max Binding
                                            ... text 0..1NarrativeText summary of the resource, for human interpretation0..1NarrativeText summary of the resource, for human interpretation
                                              ... contained 0..*ResourceContained, inline Resources
                                              0..*ResourceContained, inline Resources
                                                ... extension 0..*ExtensionAdditional content defined by implementations
                                                0..*ExtensionAdditional content defined by implementations
                                                  ... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
                                                  ?!0..*ExtensionExtensions that cannot be ignored
                                                    ... type Σ1..1CodingType/identifier of event
                                                    Binding: ?? (extensible): Type of event.

                                                    Σ1..1CodingType/identifier of event
                                                    Binding: ?? (extensible): Type of event.

                                                      ... subtype Σ0..*CodingMore specific type/id for the event
                                                      Binding: ?? (extensible): Sub-type of event.


                                                      Σ0..*CodingMore specific type/id for the event
                                                      Binding: ?? (extensible): Sub-type of event.


                                                        ... action Σ0..1codeType of action performed during the event
                                                        Binding: ?? (required): Indicator for type of action performed during the event that generated the event.

                                                        Σ0..1codeType of action performed during the event
                                                        Binding: ?? (required): Indicator for type of action performed during the event that generated the event.

                                                          ... period 0..1PeriodWhen the activity occurred0..1PeriodWhen the activity occurred
                                                            ... recorded Σ1..1instantTime when the event was recordedΣ1..1instantTime when the event was recorded
                                                              ... outcome Σ0..1codeWhether the event succeeded or failed
                                                              Binding: ?? (required): Indicates whether the event succeeded or failed.

                                                              Σ0..1codeWhether the event succeeded or failed
                                                              Binding: ?? (required): Indicates whether the event succeeded or failed.

                                                                ... outcomeDesc Σ0..1stringDescription of the event outcomeΣ0..1stringDescription of the event outcome
                                                                  ... purposeOfEvent Σ0..*CodeableConceptThe purposeOfUse of the event
                                                                  Binding: ?? (extensible): The reason the activity took place.


                                                                  Σ0..*CodeableConceptThe purposeOfUse of the event
                                                                  Binding: ?? (extensible): The reason the activity took place.


                                                                    ... Slices for agent 1..*BackboneElementActor involved in the event
                                                                    Slice: Unordered, Open by pattern:type
                                                                    1..*BackboneElementActor involved in the event
                                                                    Slice: Unordered, Open by pattern:type
                                                                      .... id 0..1stringUnique id for inter-element referencing0..1stringUnique id for inter-element referencing
                                                                        .... extension 0..*ExtensionAdditional content defined by implementations
                                                                        0..*ExtensionAdditional content defined by implementations
                                                                          .... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                          ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                            .... type 0..1CodeableConceptHow agent participated
                                                                            Binding: ?? (extensible): The Participation type of the agent to the event.

                                                                            0..1CodeableConceptHow agent participated
                                                                            Binding: ?? (extensible): The Participation type of the agent to the event.

                                                                              .... role 0..*CodeableConceptAgent role in the event
                                                                              Binding: ?? (example): What security role enabled the agent to participate in the event.


                                                                              0..*CodeableConceptAgent role in the event
                                                                              Binding: ?? (example): What security role enabled the agent to participate in the event.


                                                                                .... who Σ0..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of whoΣ0..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)Identifier of who
                                                                                  .... altId 0..1stringAlternative User identity0..1stringAlternative User identity
                                                                                    .... name 0..1stringHuman friendly name for the agent0..1stringHuman friendly name for the agent
                                                                                      .... requestor Σ1..1booleanWhether user is initiatorΣ1..1booleanWhether user is initiator
                                                                                        .... location 0..1Reference(Location)Where0..1Reference(Location)Where
                                                                                          .... policy 0..*uriPolicy that authorized event
                                                                                          0..*uriPolicy that authorized event
                                                                                            .... media 0..1CodingType of media
                                                                                            Binding: ?? (extensible): Used when the event is about exporting/importing onto media.

                                                                                            0..1CodingType of media
                                                                                            Binding: ?? (extensible): Used when the event is about exporting/importing onto media.

                                                                                              .... network 0..1BackboneElementLogical network location for application activity0..1BackboneElementLogical network location for application activity
                                                                                                ..... id 0..1stringUnique id for inter-element referencing0..1stringUnique id for inter-element referencing
                                                                                                  ..... extension 0..*ExtensionAdditional content defined by implementations
                                                                                                  0..*ExtensionAdditional content defined by implementations
                                                                                                    ..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                    ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                      ..... address 0..1stringIdentifier for the network access point of the user device0..1stringIdentifier for the network access point of the user device
                                                                                                        ..... type 0..1codeThe type of network access point
                                                                                                        Binding: ?? (required): The type of network access point of this agent in the audit event.

                                                                                                        0..1codeThe type of network access point
                                                                                                        Binding: ?? (required): The type of network access point of this agent in the audit event.

                                                                                                          .... purposeOfUse 0..*CodeableConceptReason given for this user
                                                                                                          Binding: ?? (extensible): The reason the activity took place.


                                                                                                          0..*CodeableConceptReason given for this user
                                                                                                          Binding: ?? (extensible): The reason the activity took place.


                                                                                                            ... source 1..1BackboneElementAudit Event Reporter1..1BackboneElementAudit Event Reporter
                                                                                                              .... id 0..1stringUnique id for inter-element referencing0..1stringUnique id for inter-element referencing
                                                                                                                .... extension 0..*ExtensionAdditional content defined by implementations
                                                                                                                0..*ExtensionAdditional content defined by implementations
                                                                                                                  .... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                                  ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                                    .... site 0..1stringLogical source location within the enterprise0..1stringLogical source location within the enterprise
                                                                                                                      .... observer Σ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)The identity of source detecting the eventΣ1..1Reference(PractitionerRole | Practitioner | Organization | Device | Patient | RelatedPerson)The identity of source detecting the event
                                                                                                                        .... type 0..*CodingThe type of source where event originated
                                                                                                                        Binding: ?? (extensible): Code specifying the type of system that detected and recorded the event.


                                                                                                                        0..*CodingThe type of source where event originated
                                                                                                                        Binding: ?? (extensible): Code specifying the type of system that detected and recorded the event.


                                                                                                                          ... entity C0..*BackboneElementData or objects used
                                                                                                                          C0..*BackboneElementData or objects used
                                                                                                                            .... id 0..1stringUnique id for inter-element referencing0..1stringUnique id for inter-element referencing
                                                                                                                              .... extension 0..*ExtensionAdditional content defined by implementations
                                                                                                                              0..*ExtensionAdditional content defined by implementations
                                                                                                                                .... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                                                ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                                                  .... what Σ0..1Reference(Resource)Specific instance of resourceΣ0..1Reference(Resource)Specific instance of resource
                                                                                                                                    .... type 0..1CodingType of entity involved
                                                                                                                                    Binding: ?? (extensible): Code for the entity type involved in the audit event.

                                                                                                                                    0..1CodingType of entity involved
                                                                                                                                    Binding: ?? (extensible): Code for the entity type involved in the audit event.

                                                                                                                                      .... role 0..1CodingWhat role the entity played
                                                                                                                                      Binding: ?? (extensible): Code representing the role the entity played in the audit event.

                                                                                                                                      0..1CodingWhat role the entity played
                                                                                                                                      Binding: ?? (extensible): Code representing the role the entity played in the audit event.

                                                                                                                                        .... lifecycle 0..1CodingLife-cycle stage for the entity
                                                                                                                                        Binding: ?? (extensible): Identifier for the data life-cycle stage for the entity.

                                                                                                                                        0..1CodingLife-cycle stage for the entity
                                                                                                                                        Binding: ?? (extensible): Identifier for the data life-cycle stage for the entity.

                                                                                                                                          .... securityLabel 0..*CodingSecurity labels on the entity
                                                                                                                                          Binding: ?? (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


                                                                                                                                          0..*CodingSecurity labels on the entity
                                                                                                                                          Binding: ?? (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


                                                                                                                                            .... name ΣC0..1stringDescriptor for entityΣC0..1stringDescriptor for entity
                                                                                                                                              .... description 0..1stringDescriptive text0..1stringDescriptive text
                                                                                                                                                .... query ΣC0..1base64BinaryQuery parametersΣC0..1base64BinaryQuery parameters
                                                                                                                                                  .... detail 0..*BackboneElementAdditional Information about the entity
                                                                                                                                                  0..*BackboneElementAdditional Information about the entity
                                                                                                                                                    ..... id 0..1stringUnique id for inter-element referencing0..1stringUnique id for inter-element referencing
                                                                                                                                                      ..... extension 0..*ExtensionAdditional content defined by implementations
                                                                                                                                                      0..*ExtensionAdditional content defined by implementations
                                                                                                                                                        ..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                                                                        ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
                                                                                                                                                          ..... type 1..1stringName of the property1..1stringName of the property
                                                                                                                                                            ..... value[x] 1..1string, base64BinaryProperty value1..1string, base64BinaryProperty value

                                                                                                                                                              doco Documentation for this format