Skip to content

Commit

Permalink
typo
Browse files Browse the repository at this point in the history
  • Loading branch information
JohnMoehrke committed Oct 25, 2022
1 parent 3e07fa3 commit 490bbdf
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions ITI/SeR/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@
<p><strong>Please verify you have the most recent version of this document.</strong> See <a href="http://profiles.ihe.net/ITI">here</a> for Trial Implementation and Final Text versions and <a href="https://profiles.ihe.net/ITI/#1.3">here</a> for Public Comment versions.</p>
<p><strong>Foreword</strong></p>
<p>This is a supplement to the IHE IT Infrastructure Technical Framework. Each supplement undergoes a process of public comment and trial implementation before being incorporated into the volumes of the Technical Frameworks.</p>
<p>This supplement is published on August 12, 2022 for public comment. Comments are invited and can be submitted using the <a href="http://www.ihe.net/ITI_Public_Comments/">ITI Public Comment form</a> or by creating a <a href="https://github.com/IHE/ITI.SeR/issues/new?assignees=&amp;labels=&amp;template=public-comment-issue-template.md&amp;title=">GitHub Issue</a>. In order to be considered in development of the trial implementation version of the supplement, comments must be received by September 12, 2022.</p>
<p>This supplement is published on October 24, 2022 for trial implementation and may be available for testing at subsequent IHE Connectathons. The supplement may be amended based on the results of testing. Following successful testing it will be incorporated into the IT Infrastructure Technical Framework. Comments are invited and can be submitted using the <a href="http://www.ihe.net/ITI_Public_Comments/">ITI Public Comment form</a> or by creating a <a href="https://github.com/IHE/ITI.SeR/issues/new?assignees=&amp;labels=&amp;template=public-comment-issue-template.md&amp;title=">GitHub Issue</a>.</p>
<p>This supplement describes changes to the existing technical framework documents.</p>
<p>"Boxed" instructions like the sample below indicate to the Volume Editor how to integrate the relevant section(s) into the relevant Technical Framework volume.</p>
<table>
Expand Down Expand Up @@ -532,7 +532,8 @@ <h5 id="394211-xds-repositories-with-a-centralized-authorization-decision-manage
<p>For example:</p>
<p>Mr. White comes to his GP, Dr. Brown, to show him a Laboratory Report. This Laboratory Report is shared in an XDS infrastructure. Using his EHR, Dr. Brown queries for Mr. White's Laboratory Reports shared in the XDS infrastructure. The Query Response returns some DocumentEntries to the XDS Document Consumer. Each XDSDocumentEntry in the response is authorized for the retrieval. Dr. Brown uses his XDS Document Consumer to retrieve these documents. The XDS Document Repository enforces the Authorization Decision for each document requested by limiting the documents provided to Dr. Brown.</p>
<h5 id="394212-xds-repositories-with-a-centralized-authorization-decision-manager-process-flow">39.4.2.1.2 XDS Repositories with a centralized Authorization Decision Manager Process Flow</h5>
<p><img src="assets/images/uc1-flow.png" alt="Figure 39.4.2.1.2-1: Basic Process Flow in SeR Profile" /> <strong>Figure 39.4.2.1.2-1: Process Flow of the use case.</strong> <em>Note: The source code for the UML diagram is available <a href="https://github.com/IHE/ITI.SeR/blob/main/assets/plantuml/uc1-flow.plantuml">here</a>.</em></p>
<p><img src="assets/images/uc1-flow.png" alt="Figure 39.4.2.1.2-1: Basic Process Flow in SeR Profile" /> <strong>Figure 39.4.2.1.2-1: Process Flow of the use case.</strong></p>
<p><em>Note: The source code for the UML diagram is available <a href="https://github.com/IHE/ITI.SeR/blob/main/assets/plantuml/uc1-flow.plantuml">here</a>.</em></p>
<h4 id="39422-use-case-2-query-type-extension-use-case">39.4.2.2 Use Case #2: Query Type Extension Use Case</h4>
<p>This use case describes how a Community uses the SeR Profile to enforce authorization for all actors which manage sensitive data and uses various query types in a national extensions.</p>
<p>In this use case sensitive information has been identified to be:</p>
Expand Down Expand Up @@ -566,7 +567,8 @@ <h5 id="394221-query-type-extension-use-case-description">39.4.2.2.1 Query Type
<li>enforce the Authorization Decision returning only the data the healthcare professional is authorized for.</li>
</ul>
<h5 id="394222-query-type-extension-process-flow">39.4.2.2.2 Query Type Extension Process Flow</h5>
<p><img src="assets/images/uc2-flow.png" alt="Figure 39.4.2.2.2-1: Query Type Extension Process Flow" /> <strong>Figure 39.4.2.2.2-1: Process Flow of the use case with query type extension</strong> <em>Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines.The source code for the UML diagram is available <a href="https://github.com/IHE/ITI.SeR/blob/main/assets/plantuml/uc2-flow.plantuml">here</a>.</em></p>
<p><img src="assets/images/uc2-flow.png" alt="Figure 39.4.2.2.2-1: Query Type Extension Process Flow" /> <strong>Figure 39.4.2.2.2-1: Process Flow of the use case with query type extension</strong></p>
<p><em>Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines.The source code for the UML diagram is available <a href="https://github.com/IHE/ITI.SeR/blob/main/assets/plantuml/uc2-flow.plantuml">here</a>.</em></p>
<h4 id="39423-use-case-3-mobile-health-use-case">39.4.2.3 Use Case #3: Mobile Health Use Case</h4>
<p>This use case describes how an <a href="https://profiles.ihe.net/ITI/MHD/index.html">MHD Document Responder</a> uses Authorization Decisions made by the Authorization Decisions Manager.</p>
<p>To protect the sensitive information against malicious misuse the MHD Document Responder is grouped with the Authorization Decisions Verifier and performs an Authorization Decisions Query [ITI-79] messages whenever a MHD Document Consumer queries for the sensitive data to disclose the data based on the Access Decision.</p>
Expand All @@ -577,7 +579,8 @@ <h5 id="394231-mobile-health-use-case-description">39.4.2.3.1 Mobile Health Use
<p>Dr. Brown uses her tablet to query the laboratory reports of her patient Mr. White. The hospitals mHealth app has previously been registered and authorized by the hospital IT authorizing the mHealth app to perform the transactions defined in the MHD Profile.</p>
<p>The mHealth infrastructure enforces Authorization Decisions in the background and discloses the laboratory reports depending on the access policies of the hospital (e.g., identity and role of Dr. Brown, employment state, etc.).</p>
<h5 id="394232-mobile-health-use-case-process-flow">39.4.2.3.2 Mobile Health Use Case Process Flow</h5>
<p><img src="assets/images/uc3-flow.png" alt="Figure 39.4.2.3.2-1: Mobile Health Process Flow" /> <strong>Figure 39.4.2.3.2-1: Process Flow of the mhealth use case.</strong> <em>Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines. The source code for the UML diagram is available <a href="https://github.com/IHE/ITI.SeR/blob/main/assets/plantuml/uc3-flow.plantuml">here</a>.</em></p>
<p><img src="assets/images/uc3-flow.png" alt="Figure 39.4.2.3.2-1: Mobile Health Process Flow" /> <strong>Figure 39.4.2.3.2-1: Process Flow of the mhealth use case.</strong></p>
<p><em>Note: Actors profiled in this supplement are yellow boxed and transactions profiled are drawn as solid lines. The source code for the UML diagram is available <a href="https://github.com/IHE/ITI.SeR/blob/main/assets/plantuml/uc3-flow.plantuml">here</a>.</em></p>
<h2 id="395-ser-security-considerations">39.5 SeR Security Considerations</h2>
<p>To prevent interaction with malicious third parties, a closed system of trust based on TLS digital identities is strongly recommended. Authorization Decisions Manager should accept queries only from a restricted set of Secure Nodes/Applications. The Authorization Decisions Verifier should perform queries only to the domain-identified Authorization Decisions Manager.</p>
<p>Authorization Decisions my be collected by the Authorization Decisions Manager. These Authorization Decisions should not be exposed to other systems and encryption may be used (when stored by the Authorization Decisions Manager) to avoid the disclosure of sensitive information.</p>
Expand Down

0 comments on commit 490bbdf

Please sign in to comment.