PackagesCanonicalsLogsProblems
    Packages
    ihe.iti.balp@1.1.3
    https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Minimal
JSONFHIR SchemaOther Versions
description: 'A basic AuditEvent profile for when an activity was authorized by an SAML access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the SAML access token.\n\n- Given an activity has occurred\n- And SAML is used to authorize a transaction\n- And the given activity is using the SAML\n  - XUA \n  - SAML requires ID and Issuer, so this profile of AuditEvent will work with any SAML token.\n  - usually SOAP, but not limited to SOAP\n- When an AuditEvent is recorded for the activity\n- Presumes that the consent and server have been identified in agent elements, best case with certificate identities\n- Then that AuditEvent would follow this profile regarding recording the SAML access token details\n\nThe following table uses a short-hand for the SAML fields and FHIR AuditEvent elements to keep the table compact. It is presumed the reader can understand the SAML field and the FHIR AuditEvent element given. Note the `~` character represents attributes under the SAML `AttributeStatement`. \n\n| SAML field            | Minimal AuditEvent\n|-----------------------|----------------------|\n| ID                    | agent[user].policy\n| Issuer                | agent[user].who.identifier.system\n| Subject.NameID        | agent[user].who.identifier.value\n| ~subject:purposeofuse | agent[user].purposeOfUse\n\nnote: this profile records minimal information from the SAML access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information.'
package_name: ihe.iti.balp
derivation: constraint
name: SAMLaccessTokenUseMinimal
type: AuditEvent
elements:
  agent:
    index: 0
    extensions:
      assuranceLevel: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', min: 0, type: Extension, mustSupport: true, index: 2}
      otherId: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', min: 0, type: Extension, mustSupport: true, index: 3}
    elements:
      extension:
        index: 1
        slicing:
          rules: open
          ordered: false
          discriminator:
          - {path: url, type: value}
          min: null
          slices:
            assuranceLevel:
              match: {url: null}
              schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', index: 2}
              min: 0
            otherId:
              match: {url: null}
              schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', index: 3}
              min: 0
    slicing:
      rules: open
      discriminator:
      - {path: type, type: pattern}
      min: null
      slices:
        user:
          match:
            type:
              coding:
              - {code: UserSamlAgent, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes'}
          schema:
            array: true
            min: 1
            _required: true
            index: 4
            extensions:
              assuranceLevel: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', min: 0, type: Extension, mustSupport: true, index: 5}
              otherId: {url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', min: 0, type: Extension, mustSupport: true, index: 6}
            elements:
              extension:
                type: Extension
                mustSupport: true
                url: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
                index: 5
                slicing:
                  slices:
                    assuranceLevel:
                      match: {}
                      schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel', index: 5}
                      min: 0
                    otherId:
                      match: {}
                      schema: {type: Extension, mustSupport: true, url: 'https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId', index: 6}
                      min: 0
              type:
                pattern:
                  type: CodeableConcept
                  value:
                    coding:
                    - {code: UserSamlAgent, system: 'https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes'}
                index: 7
              who:
                index: 8
                elements:
                  identifier:
                    elements:
                      system: {short: SAML Issuer, mustSupport: true, index: 9}
                      value: {short: SAML Subject.NameID, mustSupport: true, index: 10}
                    required: [value]
              requestor:
                pattern: {type: Boolean, value: true}
                index: 11
              policy: {short: SAML token ID, mustSupport: true, index: 12}
              media: {index: 13}
              network: {index: 14}
              purposeOfUse: {short: 'SAML subject:purposeofuse', mustSupport: true, index: 15}
            required: [who, policy, type]
package_version: 1.1.3
class: profile
kind: resource
url: https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Minimal
base: http://hl7.org/fhir/StructureDefinition/AuditEvent
version: 1.1.3