Access Control is broken into various parts. One part makes an access control decision. This is made based on possibly many vectors. Please read this article on Vectors through Consent to Control Big-Data Feeding frenzy. It explains that some data is sensitive simply because of who authored it (Betty Ford Clinic), which is clear by looking at the author element.
Security Labeling Service
- Only identify the overall Confidentiality Assessment. Is the data normal health data, or is it Restricted?
- Only identify the various sensitive kinds of data within the data. The data has indicators of sexually transmitted disease, substance abuse, etc..
- Identify which fragments of the data are sensitive. The data is not modified, but enough information is given to identify the fragments. For example a FHIR Bundle might be assessed, and a list of Resources within the bundle might be identified with specific tags.
- Tag fragments of the data with sensitivity. The data is modified with the tags. Such as updating the FHIR resources .meta.security value.
How does the SLS work?
To modify the data or not
When to Scan?
Provenance of SLS update
ConclusionSo the SLS role is to somehow tag the data with kinds of sensitivity it represents, so that access control enforcement can support Data Segmentation for Privacy.
Here is a sample of how this is engaged
- Some access request is made -- Client ID, User ID, Roles, PurposeOfUse
- Gross access control decision is made --> Permit with scopes
- Data is gathered from FHIR Server using normal FHIR query parameter processing --> Bundle of stuff
- Bundle of stuff is examined by SLS. SLS looks for sensitivity topics, tagging data with those sensitivity codes (e.g. HIV, ETH, etc)
- Access Control Enforcement examines output of SLS relative to security token/scope to determine if whole result can be returned, or if some data needs to be removed.
- Access Control Enforcement sets each bundled Resource .meta.security with ConfidentityCode (R vs N), removing the sensitivity codes.
- Access Control Enforcement determines 'high water mark' ConfidentityCode to tag the Bundle.meta
- Access Control Enforcement may set other Bundle.meta.security values such as Obligations based on the Access Control Decision (e.g. Do-Not-Print)
- Bundle of stuff is returned to requester