description: A basic AuditEvent profile for when an activity was authorized by an SAML access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the SAML access token. \n\nThe following table uses a short-hand for the SAML fields and FHIR AuditEvent elements to keep the table compact. It is presumed the reader can understand the SAML field and the FHIR AuditEvent element given. Note the `~` character represents attributes under the SAML `AttributeStatement`. \n\n**Builds upon the Minimal**\n\n| SAML field | Comprehensive AuditEvent\n|------------------------------|-----------------------------------|\n| ID | agent[user].policy\n| Issuer | agent[user].who.identifier.system\n| Subject.NameID | agent[user].who.identifier.value\n| ~subject:role | agent[user].role\n| ~subject:purposeofuse | agent[user].purposeOfUse\n| AuthnContextClassRef | agent[user].extension[assuranceLevel]\n| ~subject:subject-id | agent[user].extension[otherId][subject-id].value\n| ~subject:npi | agent[user].extension[otherId][npi].value\n| ~subject:provider-identifier | agent[user].extension[otherId][provider-id].value\n| ~subject:organization | agent[userorg].who.display\n| ~subject:organization-id | agent[userorg].who.identifier.value\n| ~homeCommunityId | agent[homeCommunityId].who.identifier.value \n| ~bppc:2007:docid | entity[consent].what.identifier.value \n| ~xua:2012:acp | entity[consent].detail.valueString \n| ~resource:resource-id | entity[consent-patient].what.identifier.value package_name: ihe.iti.balp derivation: constraint name: SAMLaccessTokenUseComprehensive type: AuditEvent elements: agent: index: 0 extensions: assuranceLevel: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', min: 0, type: Extension, mustSupport: true, index: 2} otherId: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', min: 0, type: Extension, mustSupport: true, index: 3} elements: extension: index: 1 slicing: rules: open ordered: false discriminator: - {path: url, type: value} min: null slices: assuranceLevel: match: {url: null} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', index: 2} min: 0 otherId: match: {url: null} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', index: 3} min: 0 slicing: rules: open discriminator: - {path: type, type: pattern} min: null slices: user: match: type: coding: - {code: UserSamlAgent, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes'} schema: array: true min: 1 _required: true index: 4 extensions: assuranceLevel: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', min: 0, type: Extension, mustSupport: true, index: 6} otherId: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', min: 0, type: Extension, mustSupport: true, index: 7} otherId/subject-id: url: null array: true index: 8 elements: value[x]: elements: type: pattern: type: CodeableConcept value: coding: - {code: SAML-subject-id, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/OtherIdentifierTypes'} index: 9 value: {short: SAML Attribute subject-id, mustSupport: true, index: 10} required: [value] otherId/npi: url: null array: true index: 11 elements: value[x]: elements: type: pattern: type: CodeableConcept value: coding: - {code: NPI, system: 'http://terminology.hl7.org/CodeSystem/v2-0203'} index: 12 value: {short: SAML Attribute npi, mustSupport: true, index: 13} required: [value] otherId/provider-id: url: null array: true index: 14 elements: value[x]: elements: type: pattern: type: CodeableConcept value: coding: - {code: PRN, system: 'http://terminology.hl7.org/CodeSystem/v2-0203'} index: 15 value: {short: SAML Attribute provider-identifier, mustSupport: true, index: 16} required: [value] elements: role: {short: 'SAML subject:role(s)', mustSupport: true, index: 18} requestor: pattern: {type: Boolean, value: true} index: 23 who: index: 19 elements: identifier: elements: system: {short: SAML Issuer, mustSupport: true, index: 20} value: {short: SAML Subject.NameID, mustSupport: true, index: 21} required: [value] altId: {index: 22} type: pattern: type: CodeableConcept value: coding: - {code: UserSamlAgent, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes'} index: 17 policy: {short: SAML token ID, mustSupport: true, index: 24} purposeOfUse: {short: 'SAML subject:purposeofuse', mustSupport: true, index: 27} extension: index: 5 slicing: rules: open ordered: false discriminator: - {path: url, type: value} - {path: value.ofType(Identifier).type, type: value} min: null slices: assuranceLevel: match: url: null value: ofType(Identifier): {type: null} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', index: 6} min: 0 otherId: match: url: null value: ofType(Identifier): {type: null} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', index: 7} min: 0 otherId/subject-id: match: url: null value: ofType(Identifier): {type: null} schema: array: true index: 8 elements: value[x]: elements: type: pattern: type: CodeableConcept value: coding: - {code: SAML-subject-id, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/OtherIdentifierTypes'} index: 9 value: {short: SAML Attribute subject-id, mustSupport: true, index: 10} required: [value] otherId/npi: match: url: null value: ofType(Identifier): {type: null} schema: array: true index: 11 elements: value[x]: elements: type: pattern: type: CodeableConcept value: coding: - {code: NPI, system: 'http://terminology.hl7.org/CodeSystem/v2-0203'} index: 12 value: {short: SAML Attribute npi, mustSupport: true, index: 13} required: [value] otherId/provider-id: match: url: null value: ofType(Identifier): {type: null} schema: array: true index: 14 elements: value[x]: elements: type: pattern: type: CodeableConcept value: coding: - {code: PRN, system: 'http://terminology.hl7.org/CodeSystem/v2-0203'} index: 15 value: {short: SAML Attribute provider-identifier, mustSupport: true, index: 16} required: [value] network: {index: 26} media: {index: 25} required: [who, policy, type] userorg: match: type: coding: - {code: PROV, system: 'http://terminology.hl7.org/CodeSystem/v3-RoleClass'} schema: array: true index: 28 extensions: assuranceLevel: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', min: 0, type: Extension, mustSupport: true, index: 29} otherId: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', min: 0, type: Extension, mustSupport: true, index: 30} elements: role: {index: 32} requestor: pattern: {type: Boolean, value: false} index: 37 who: elements: identifier: elements: value: {short: 'SAML Attribute urn:oasis:names:tc:xspa:1.0:subject:organization-id', mustSupport: true, index: 33} required: [value] display: {short: 'SAML Attribute urn:oasis:names:tc:xspa:1.0:subject:organization', mustSupport: true, index: 34} required: [display] altId: {index: 35} name: {index: 36} type: pattern: type: CodeableConcept value: coding: - {code: PROV, system: 'http://terminology.hl7.org/CodeSystem/v3-RoleClass'} index: 31 policy: {index: 39} purposeOfUse: {index: 42} extension: type: Extension mustSupport: true url: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel index: 29 slicing: slices: assuranceLevel: match: {} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', index: 29} min: 0 otherId: match: {} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', index: 30} min: 0 network: {index: 41} location: {index: 38} media: {index: 40} required: [type] homeCommunityId: match: type: coding: - {code: homeCommunityId, system: 'urn:ihe:iti:xca:2010'} schema: array: true index: 43 extensions: assuranceLevel: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', min: 0, type: Extension, mustSupport: true, index: 44} otherId: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', min: 0, type: Extension, mustSupport: true, index: 45} elements: role: {index: 47} requestor: pattern: {type: Boolean, value: false} index: 51 who: elements: identifier: {short: homeCommunityId, mustSupport: true, index: 48} required: [identifier] altId: {index: 49} name: {index: 50} type: pattern: type: CodeableConcept value: coding: - {code: homeCommunityId, system: 'urn:ihe:iti:xca:2010'} index: 46 policy: {index: 53} purposeOfUse: {index: 56} extension: type: Extension mustSupport: true url: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel index: 44 slicing: slices: assuranceLevel: match: {} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', index: 44} min: 0 otherId: match: {} schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', index: 45} min: 0 network: {index: 55} location: {index: 52} media: {index: 54} required: [type] entity: index: 57 slicing: rules: open discriminator: - {path: type, type: pattern} min: null slices: consent: match: type: {code: Consent, system: 'http://hl7.org/fhir/resource-types'} schema: array: true index: 58 elements: what: elements: identifier: {short: BPPC Patient Privacy Policy Acknowledgement Document unique id, mustSupport: true, index: 59} type: pattern: type: Coding value: {code: Consent, system: 'http://hl7.org/fhir/resource-types'} index: 60 detail: index: 61 slicing: rules: open discriminator: - {path: type, type: pattern} min: null slices: acp: match: {type: 'urn:ihe:iti:xua:2012:acp'} schema: short: Home Community ID where the Consent is. index: 62 elements: type: pattern: {type: String, value: 'urn:ihe:iti:xua:2012:acp'} index: 63 value: choices: [valueString] index: 65 valueString: {type: string, choiceOf: value, index: 66} patient-id: match: {type: 'urn:oasis:names:tc:xacml:2.0:resource:resource-id'} schema: short: The Patient Identity where the Consent is. index: 67 elements: type: pattern: {type: String, value: 'urn:oasis:names:tc:xacml:2.0:resource:resource-id'} index: 68 value: choices: [valueString] index: 70 valueString: {type: string, choiceOf: value, index: 71} required: [type] package_version: 1.1.2 class: profile kind: resource url: https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Comprehensive base: http://hl7.org/fhir/StructureDefinition/AuditEvent version: 1.1.2