From 1185ab6953453afebeefef42a3df0655f23bd168 Mon Sep 17 00:00:00 2001 From: Youn <yct@kereval.com> Date: Tue, 2 Jul 2019 14:08:32 +0200 Subject: [PATCH] I added ADR docuements --- EPD-ADR-Simulator/installation.md | 159 ++++++++---- EPD-ADR-Simulator/release-note.md | 61 +---- EPD-ADR-Simulator/user.md | 409 +++++++++++++++++++++--------- 3 files changed, 410 insertions(+), 219 deletions(-) diff --git a/EPD-ADR-Simulator/installation.md b/EPD-ADR-Simulator/installation.md index 352cfc0..022fdf6 100644 --- a/EPD-ADR-Simulator/installation.md +++ b/EPD-ADR-Simulator/installation.md @@ -1,70 +1,133 @@ --- title: Installation Manual -subtitle: ATC Simulator -author: Wylem BARS -function: Software Engineer -date: 19/04/2019 -toolversion: 1.1.2 -version: 0.01 -status: Draft -reference: KER1-MAN-IHE-ATC_SIMULATOR_INSTALLATION-0_01 +subtitle: ADR Simulator +author: Youn Cadoret +function: Developer +date: 02/06/2019 +toolversion: 1.2 +version: 1.0 +status: To be reviewed +reference: KER1-MAN-IHE-ADR_SIMULATOR_INSTALLATION-0_01 customer: IHE-EUROPE --- +# EPR ADR Provider MockUp -#Â ATC Simulator - Installation & configuration +## Overview -##Â Source code +The EPR ADR Provider MockUp is a SoapUI webservice (mock) that provides Authorization Decisions when requested. -Sources of the tool are available on Inria's Gforge in the Gazelle project: -[EPD (trunk)](https://scm.gforge.inria.fr/authscm/wbars/svn/gazelle/EPD/trunk). +* default_wsdl_url: http://ehealthsuisse.ihe-europe.net:8091/adr-provider?wsdl +* default_path: /adr-provider +* default_port: 8091 +* default_mock_name: AdrDecisionQuerySoapBinding_MockService +* default_mock_path: /opt/simulators/epr-adr-provider-mockup +* default_soapui_path: /usr/local/SmartBear/SoapUI-5.3.0/ +* default_soapui_mock_log: /var/log/soapui/epr-adr-provider.log +* default_init.d: /etc/init.d/adrProviderMock +* default_keystore_path: /opt/gazelle/cert/jboss.jks -##Â Patient Audit Consumer -This project can be loaded on a Gazelle WebService tester instance. This way you will be able to launch a suite of requests from the simulator emulating -the Patient Audit Consumer actor of the CH:ATC profile. +## Install SoapUI -First you need to load the project in Gazelle WebService Tester. Then, check : -* The entire project -* The NormalCases test suite -* The ErrorCases test suite +[https://www.soapui.org/](https://www.soapui.org/) -This will allow the user to either launch a specific test suite or to launch both using the entire project. +## Install EPR Assertion Provider MockUp -Then click on the Project name in the tree and check the __endpoint__ and __enPointAssertions__ properties. This will be useful to specify where your -system is so the simulator can request it for Audit Events. -The click on each test case from the project and check all parameters. Then the user will be able to modify the request parameters send by the simulator to match -audit event from his Patient Audit Record Repository. +### Get the Subversion project -## Patient Audit Record Repository +```bash +svn checkout https://scm.gforge.inria.fr/anonscm/svn/gazelle/EPD/trunk/epr-adr-provider-mockup/ $EPR_ADR_MOCK_DIR +``` + +### Install libraries required by SoapUI + +Copy the external jars (esapi, velocity and postgresql) + +```bash +cp $EPR_ADR_MOCK_DIR/external_jar/esapi-2.1.0.1.jar $SOAPUI_INSTALL_DIR/lib/ +cp $EPR_ADR_MOCK_DIR/external_jar/velocity-1.7.jar $SOAPUI_INSTALL_DIR/lib/ +cp $EPR_ADR_MOCK_DIR/external_jar/postgresql-9.3-1102.jdbc4.jar $SOAPUI_INSTALL_DIR/lib/ +``` + +### Prepare the database + +Database is not mandatory, but if not configured, it will raise log errors for each recieving request. + +```bash +psql -U gazelle postgres +> CREATE DATABASE "adr" OWNER gazelle ; +> \q +psql -U gazelle adr < $EPR_ADR_MOCK_DIR/sql/adr-schema.sql +psql -U gazelle adr < $EPR_ADR_MOCK_DIR/sql/adr-import.sql +``` + +## Mock as a service + +### Prepare the init.d script + +Edit the init.d script `$EPR_ADR_MOCK_DIR/init.d/adrProviderMock` and set the following environment variables + +* SOAPUI_PATH => Path of SoapUI folder +* SOAPUI_PROJECT_PATH => Path of SoapUI project script +* SOAPUI_MOCK_NAME => Name of the SoapUI mock +* SOAPUI_MOCK_PORT => Port of the SoapUI mock +* SOAPUI_MOCK_ENDPOINT => Path of the SoapUI mock +* SOAPUI_MOCK_LOG => Path where to publish log file + +### Declare the service + +Type the following commands register the init.d script as service + +```bash +sudo cp $EPR_ADR_MOCK_DIR/init.d/adrProviderMock /etc/init.d/adrProviderMock +sudo chmod u+x /etc/init.d/adrProviderMock +sudo chmod 775 /etc/init.d/adrProviderMock +``` + +If you want the service to start at each machine start up + +```bash +sudo update-rc.d adrProviderMock defaults +``` + +Be careful to allow the service to write logs into your target directory. As example + +```bash +sudo mkdir /var/log/soapui +sudo chmod 775 /var/log/soapui +``` + +### Start the mock -First step to set up the Patient Audit Record Repository actor from the simulator is to checkout sources. -You can checkout the entire ATC simulator sources from the url [here](https://scm.gforge.inria.fr/authscm/wbars/svn/gazelle/EPD/trunk/ATC). -For the Patient Audit Record Repository actor you will need three things : -* The SoapUI project __ATC/soapui/ATC-MockService-soapui-project.xml__ -* The folder __ATC/test_data/AuditEvent__ that contains all Audit Events known by the simulator. -* The script __ATC/init.d/atcRecordRepositoryMock__ that will allow you to start/stop the mock project as a service on your platform +To run the mock -Once you downloaded the ATC folder, you have all the data you need to run the Patient Audit Record Repository Mockup. +```bash +sudo /etc/init.d/adrProviderMock start +``` + +To stop the mock + +```bash +sudo /etc/init.d/adrProviderMock stop +``` -Simply modify __atcRecordRepositoryMock__ script properties : +To get status of the mock + +```bash +sudo /etc/init.d/adrProviderMock status +``` -| **Property** | **Description** | **Example Value** | -|----------------------------------------------|---------------------------------------------------------|----------------------------------------------------------------------------------------------| -| SOAPUI_PATH | Path to the SoapUI folder installed on your platform| /usr/local/SmartBear/SoapUI-5.3.0| -| SOAPUI_PROJECT_PATH | Path to the SoapUI project checked out from Inria's Gforge| /opt/simulators/ATC/soapui/ATC-MockService-soapui-project.xml| -| SOAPUI_MOCK_NAME | Name of the mock | PatientAuditRecordRepository| -| SOAPUI_MOCK_PORT | Port that will be used to access the Mock| 8096| -| SOAPUI_MOCK_ENDPOINT | Endpoint that will be used to reach the Mock| /atc-record-repository | -| SOAPUI_MOCK_LOG | Path to the log file for the Mock | /var/log/soapui/epr-atc-record-repository.log| +## Troubleshouting +You might need to install those following packets + +```bash +sudo apt-get install -y libxrender1 libxtst6 libxi6 +``` -When the properties are modified to fit your platform, you can copy the script or create a symbolic link in __/etc/init.d__ folder to be able to use start -and stop the mock as a service. -You will then be able to use following commands to respectively start the Mock service, see its status and stop the service : +You might need to resolve errors when starting the mock ```bash -Â sudo service atcRecordRepositoryMock start -Â sudo service atcRecordRepositoryMock status -Â sudo service atcRecordRepositoryMock stop -``` \ No newline at end of file +sudo mv /root/.soapuios/ /root/.soapuios_old +``` diff --git a/EPD-ADR-Simulator/release-note.md b/EPD-ADR-Simulator/release-note.md index e3637fb..c50e1f4 100644 --- a/EPD-ADR-Simulator/release-note.md +++ b/EPD-ADR-Simulator/release-note.md @@ -1,53 +1,12 @@ --- -title: Release note -subtitle: ATC Simulator -toolversion: 1.1.2 -releasedate: 2019-04-10 -author: Wylem BARS -function: Software Engineer -customer: IHE Europe -reference: KER1-RNO-IHE-ATC_SIMULATOR +title: Release note +subtitle: ADR Simulator +author: Youn Cadoret +function: Developer +date: 02/06/2019 +toolversion: 1.2 +version: 1.0 +status: To be reviewed +reference: KER1-RNO-IHE-ADR_SIMULATOR +customer: IHE-EUROPE --- - -# 1.1.2 -_Release date: 2019-04-10 _ - -__Bug__ - -* \[[ATCREPO-7](https://gazelle.ihe.net/jira/browse/ATCREPO-7)\] ATC Client simulator send "IHE- SAML" instead of "IHE-SAML" -* \[[ATCREPO-8](https://gazelle.ihe.net/jira/browse/ATCREPO-8)\] Patient Audit Record Repository response contains not all request parameters -* \[[ATCREPO-9](https://gazelle.ihe.net/jira/browse/ATCREPO-9)\] ATC Consumer endpoint include /ARRService and shouldn't -* \[[ATCREPO-10](https://gazelle.ihe.net/jira/browse/ATCREPO-10)\] & should not be escaped inside date parameter - -# 1.1.1 -_Release date: 2019-04-03 _ - -__Bug__ - -* \[[ATCREPO-5](https://gazelle.ihe.net/jira/browse/ATCREPO-5)\] Handling of parameter "date=ge -* \[[ATCREPO-6](https://gazelle.ihe.net/jira/browse/ATCREPO-6)\] ATC - Simulator ignores _format parameter, only responding with XML - - -# 1.1.0 -_Release date: 2019-03-27 _ - -__Story__ - -* \[[ATCREPO-1](https://gazelle.ihe.net/jira/browse/ATCREPO-1)\] Update the mock to comply with the EPR 1.8 specification - -__Improvement__ - -* \[[ATCREPO-2](https://gazelle.ihe.net/jira/browse/ATCREPO-2)\] Update the AuditMessage and AuditEvent messages - - -# 1.0.2 -_Release date: 2019-02-15 _ - -__Bug__ - -* \[[ATCREPO-3](https://gazelle.ihe.net/jira/browse/ATCREPO-3)\] Mock not correctly handle request parameters - -__Improvement__ - -* \[[ATCREPO-4](https://gazelle.ihe.net/jira/browse/ATCREPO-4)\] Replace regex with XMLHolder in assertion reading - diff --git a/EPD-ADR-Simulator/user.md b/EPD-ADR-Simulator/user.md index d8efee3..c02653f 100755 --- a/EPD-ADR-Simulator/user.md +++ b/EPD-ADR-Simulator/user.md @@ -1,127 +1,296 @@ --- title: User Manual -subtitle: ATC Simulator -author: Wylem BARS -function: Software Engineer -date: 19/01/2019 -toolversion: 1.1.0 -version: 0.01 -status: Draft -reference: KER1-MAN-IHE-ATC_SIMULATOR_USER +subtitle: ADR Simulator +author: Youn Cadoret +function: Developer +date: 02/06/2019 +toolversion: 1.2 +version: 1.0 +status: To be reviewed +reference: KER1-MAN-IHE-ADR_SIMULATOR_-0_01 customer: IHE-EUROPE --- -# Introduction - -This simulator is developed in conformance with Swiss Integration profiles and IHE Technical Framework. -This simulator emulates actor from CH:ATC (Audit Trail Consumption) profile. This profile defines the audit trail consumption requirements a community -has to provide for a patient's audit trail. The profile CH:ATC defines and precises the actors and transaction [ITI-81] of the IHE IT Infrastructure -Technical Framework Supplement Add RESTful Query to ATNA 1 and defines the content of the Audit Messages. The different types of the Audit Messages are -based on the requirements for Document and Policy Access management in order to achieve the Swiss regulation needs on the audit trail access by patients. -Therefore it can act as a Patient Audit Consumer or as a Patient Audit Record Repository. - -As a Patient Audit Consumer, this simulator is aimed to send messages to a Patient Audit Record Repository. Consequently, if your system (named SUT or System Under Test) is reachable from the Internet, you will be able to receive messages from the simulator. - -As a Patient Audit Record Repository, this simulator can be requested Audit Events by your system. - - -#Â Patient Audit Consumer - -When acting as a Patient Audit Consumer, this simulator is able to send multiple requests to your SUT to test the handling of parameters : - -* date -* entity-id -* entity-role -* source -* type -* subtype -* outcome -* entity-type -* user -* address -* _format - -It can also send bad requests (missing requested parameters, parameters providing no matches, etc) to test the behavior of the SUT against erroneous requests. - -##Â How to access the Simulator ? - -The simulator is accessible via Gazelle Webservice Tester. If the simulator is available on the instance of the tool, it should appear in the project list with the name **ATC_Repository**. -This name may also be followed with the version of the specification in brackets. - - - - -##Â How to send messages to an SUT ? - -If the simulator is available on the instance of Gazelle Webservice Tester you are using, it can then be launched as any other project from the tools. - -Go to **Run**. Select the **ATC_Repository** project. You will have two Test suite available. The **NormalCases** test suite will send a request to test each parameter listed earlier. -The **ErrorCases** test suite will focus on error cases. - - - -You can then chose if you want to execute one specific test suite or the entire project. -You will then be able to chose the endpoint the simulator will use, as well as the parameter from the requests that will be sent to your SUT. - - - -Once you defined all parameters for the Simulator to send requests, simply press **Run** and it will send messages to your SUT and keep track of exchanges in an **Execution**. -This Execution can be retrieved anytime in the **Execution List** menu. - - -#Â Patient Audit Record Repository - -The ATC Simulator can also simulates a CH:ATC Patient Audit Record Repository. -A **Patient Audit Consumer** queries a **Patient Audit Record Repository** for Audit Events defined by this profile. -The Patient Audit Consumer used entity-id (Patient ID) and date before/after as parameters to asked the Audit Record Repository. -In all, there are only three mandatory parameters. -There are also optional parameters : entity-type, entity-role, source, type, user, subtype, outcome and address. -Each request sent must have a security token in the header, this part is used to check access rights. In this token, two elements will be checked : - -* Is the assertion valid in time ? (Time not Before in the past and Time not After in the future) -* Does the mock know the patient ID passed as a **resource-id** attribute ? If not, the mock will say you do not have the right to acces the information. The list of available patient ID is displayed below. - -##Â Data Set - -###Token Security - -Here are the ID to put in the SAML token in **resource-id** attribute. -If you query any other patient id, the mock will respond with an error message saying that you are not authorized to access information related to the given patient ID. - -|**resource-id**| -|-------------| -|761337610430891416^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO| -|761337610423590456^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO| -|761337610435209810^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO| -|761337610436974489^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO| - -### AuditEvent - -Here are all couples of Dates/PatientID to effectively access audit events. -However, using optional parameters can lead you to no Audit event returned, even with those date and patient ID. -Indeed, if the events does not match even one of the optional parameters, the audit event will not be returned by the ATC Mock. - - -|**Patient ID**|**Dates**| -|--------------|----------| -|urn:oid:2.16.756.5.30.1.127.3.10.3|761337610430891416| ge2015-01-01 / le2020-01-01| -|urn:oid:2.16.756.5.30.1.127.3.10.3|761337610435209810|ge2015-01-01 / le2017-01-01| -|urn:oid:2.16.756.5.30.1.127.3.10.3|761337610436974489|ge2017-01-01 / le2019-01-01| - -## End Point - -Here are the endpoints to use to send your request to the Patient Audit Record Repository simulator : - -* [http://ehealthsuisse.ihe-europe.net:8096/atc-record-repository?wadl](https://ehealthsuisse.ihe-europe.net/atc-record-repository.wadl) -* [https://ehealthsuisse.ihe-europe.net:10443/atc-record-repository?wadl](https://ehealthsuisse.ihe-europe.net/simu/atc-record-repository.wadl) - -It requires TLS mutual authentication with testing certificate (from GSS PKI). - -##ATC URI example - -Here is an example URI for a requets on patient with ID **761337610430891416^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO** looking for audit events between -**2015-01-01** and **2020-01-01** - +eHealthSuisse ADR Provider MockUp +--------------------------------- + +eHealthSuisse ADR Provider MockUp simulates a CH:ADR Provider actor. + +ADR provider, will allow to manage access policy to the clinical data stored by an XDS Document Registry as well as to the access policies themselves, which are stored in a Policy Repository. +With the information insert in to the request, the ADR provider will could determine if user can access to the information or no, with decision like **"Permit"**, **"NotApplicable"**, **"Deny"** or **"Indeterminate"**. + +Whether it be for the access request XDS, ATC or PPQ, the ADR request is build in two parts. +The first part,that we will call "Subject", allow to inform information on user with a ID,a homeCommunity and the qualification id. +Finally, the second part, that we will call "Resource", allow to inform information on the patient, like his identification. + + + +* **Permit**: the evaluation was successful. +* **NotApplicable**: the evaluation was successful, but the patient no granted rights to the subject. +* **Deny**: the Subject is not authorised to perform the Action on the Resource. +* **Indeterminate**: the evaluation failed or, if access to the requested Resource is not managed by the Authorization Decisions Manager. + +### Data Set + +#### Healthcare Professional data + +| subject-id | subject-id-qualifier | IdP Simulator username | +|------------|----------------------|------------------------| +| 7601000050717 | urn:gs1:gln | magpar | +| 7601002033572 | urn:gs1:gln | rspieler | + + +#### Patient data + +| extension-id | root-id | homeCommunityId | IdP Simulator username | +|--------------|---------|-----------------|-------------------------| +| 761337610455909127 | 2.16.756.5.30.1.127.3.10.3 | urn:oid:1.3.6.1.4.1.21367.2017.2.6.2 | aamrein | +| 761337610436974489 | 2.16.756.5.30.1.127.3.10.3 | urn:oid:1.3.6.1.4.1.21367.2017.2.6.2 | lavdic | +| 761337610435209810 | 2.16.756.5.30.1.127.3.10.3 | urn:oid:1.3.6.1.4.1.21367.2017.2.6.2 | bovie | + + + +### End Point + +[https://ehealthsuisse.ihe-europe.net:10443/adr-provider?wsdl](https://ehealthsuisse.ihe-europe.net:10443/adr-provider?wsdl) + +It requires TLS mutual authentication with testing certificate (from GSS PKI). [The wsdl can be browsed here](/adr-provider?wsdl) + +### Request example for ADR due to XDS + +```xml +<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:epr="urn:e-health-suisse:2015:policy-administration" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <soap:Header> + <wsa:Action>urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest</wsa:Action> + <wsa:MessageID>urn:uuid:e4bb38c7-e546-4bb1-8d68-2bccf783dfbf</wsa:MessageID> + <wsa:To>http://ehealthsuisse.ihe-europe.net/adr-provider</wsa:To> + <wsse:Security> + <!-- Add an assertion here <saml2:Assertion.... --> + </wsse:Security> + </soap:Header> + <soap:Body> + <xacml-samlp:XACMLAuthzDecisionQuery InputContextOnly="false" ReturnContext="false" ID="\_682fee8b-46c0-442a-8c54-fd9d656412fc" Version="2.0" IssueInstant="2019-02-05T14:48:29Z" xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:hl7="urn:hl7-org:v3"> + <xacml-context:Request> + <xacml-context:Subject> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>7601000050717</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>urn:gs1:gln</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="PAT" codeSystem="2.16.756.5.30.1.127.3.10.6" displayName="Patient(in)"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:organization-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="NORM" codeSystem="2.16.756.5.30.1.127.3.10.5" displayName="Normalzugriff"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Subject> + + + <xacml-context:Resource> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:normal</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II"> + <xacml-context:AttributeValue> + <hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:ihe:iti:xds-b:2007:confidentiality-code" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="1051000195109" codeSystem="2.16.756.5.30.1.127.3.10.1.5" displayName="normal"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Resource> + + <xacml-context:Resource> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:restricted</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II"> + <xacml-context:AttributeValue> + <hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:ihe:iti:xds-b:2007:confidentiality-code" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="1051000195109" codeSystem="2.16.756.5.30.1.127.3.10.1.5" displayName="restricted"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Resource> + + <xacml-context:Resource> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:secret</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II"> + <xacml-context:AttributeValue> + <hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:ihe:iti:xds-b:2007:confidentiality-code" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="1051000195109" codeSystem="2.16.756.5.30.1.127.3.10.1.5" displayName="secret"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Resource> + + + <xacml-context:Action> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:ihe:iti:2018:RestrictedUpdateDocumentSet</xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Action> + + <xacml-context:Environment/> + </xacml-context:Request> + </xacml-samlp:XACMLAuthzDecisionQuery> + </soap:Body> +</soap:Envelope> ``` -http://ehealthsuisse.ihe-europe.net:8096/atc-record-repository/ARRservice/AuditEvent?date=ge2015-01-00&date=le2020-01-00&entity-id=urn:oid:2.16.756.5.30.1.127.3.10.3|761337610430891416 + + +### Request example for ADR due to PPQ + +```xml +<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:epr="urn:e-health-suisse:2015:policy-administration" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <soap:Header> + <wsa:Action>urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest</wsa:Action> + <wsa:MessageID>urn:uuid:e4bb38c7-e546-4bb1-8d68-2bccf783dfbf</wsa:MessageID> + <wsa:To>http://ehealthsuisse.ihe-europe.net/adr-provider?wsdl</wsa:To> + <wsse:Security> + <!-- Add an assertion here <saml2:Assertion.... --> + </wsse:Security> + </soap:Header> + <soap:Body> + <xacml-samlp:XACMLAuthzDecisionQuery InputContextOnly="false" ReturnContext="false" ID="\_682fee8b-46c0-442a-8c54-fd9d656412fc" Version="2.0" IssueInstant="2019-02-05T14:22:29Z" xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:hl7="urn:hl7-org:v3"> + <xacml-context:Request> + <xacml-context:Subject> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>7601000050717</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>urn:gs1:gln</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="PAT" codeSystem="2.16.756.5.30.1.127.3.10.6" displayName="Patient(in)"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:organization-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="NORM" codeSystem="2.16.756.5.30.1.127.3.10.5" displayName="Normalzugriff"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Subject> + + <xacml-context:Resource> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>5b15774d-61e2-4d73-98d4-15462f38d872</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II"> + <xacml-context:AttributeValue> + <hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:policy-attributes:referenced-policy-set" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:e-health-suisse:2015:policies:exclusion-list</xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Resource> + + <xacml-context:Action> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:e-health-suisse:2015:policy-administration:AddPolicy</xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Action> + + <xacml-context:Environment/> + </xacml-context:Request> + </xacml-samlp:XACMLAuthzDecisionQuery> + </soap:Body> +</soap:Envelope> ``` + + +### Request example for ADR due to ATC + + +```xml +<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:epr="urn:e-health-suisse:2015:policy-administration" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <soap:Header> + <wsa:Action>urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest</wsa:Action> + <wsa:MessageID>urn:uuid:e4bb38c7-e546-4bb1-8d68-2bccf783dfbf</wsa:MessageID> + <wsa:To>http://ehealthsuisse.ihe-europe.net/adr-provider</wsa:To> + <wsse:Security> + <!-- Add an assertion here <saml2:Assertion.... --> + </wsse:Security> + </soap:Header> + <soap:Body> + <xacml-samlp:XACMLAuthzDecisionQuery InputContextOnly="false" ReturnContext="false" ID="\_682fee8b-46c0-442a-8c54-fd9d656412fc" Version="2.0" IssueInstant="2019-02-05T14:58:58Z" xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:hl7="urn:hl7-org:v3"> + <xacml-context:Request> + <xacml-context:Subject> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>7601000050717</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>urn:gs1:gln</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="PAT" codeSystem="2.16.756.5.30.1.127.3.10.6" displayName="Patient(in)"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:organization-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" DataType="urn:hl7-org:v3#CV"> + <xacml-context:AttributeValue> + <hl7:CodedValue code="NORM" codeSystem="2.16.756.5.30.1.127.3.10.5" displayName="Normalzugriff"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Subject> + + + <xacml-context:Resource> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:patient-audit-trail-records</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II"> + <xacml-context:AttributeValue> + <hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/> + </xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Resource> + + + <xacml-context:Action> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> + <xacml-context:AttributeValue>urn:e-health-suisse:2015:patient-audit-administration:RetrieveAtnaAudit</xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Action> + + <xacml-context:Environment/> + </xacml-context:Request> + </xacml-samlp:XACMLAuthzDecisionQuery> + </soap:Body> +</soap:Envelope> +``` \ No newline at end of file -- GitLab