Basic AuditEvent pattern for when an activity was authorized by an SAML access token Minimal - Basic Audit Log Patterns (BALP) v1.1.4-current

Basic Audit Log Patterns (BALP)
1.1.4-current - ci-build International flag

Basic Audit Log Patterns (BALP), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.4-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.BasicAudit/ and changes regularly. See the Directory of published versions

Resource Profile: Basic AuditEvent pattern for when an activity was authorized by an SAML access token Minimal

Official URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.SAMLaccessTokenUse.Minimal				Version: 1.1.4-current
Active as of 2024-11-14				Computable Name: SAMLaccessTokenUseMinimal

A basic AuditEvent profile for when an activity was authorized by an SAML access token. This profile is expected to be used with some other detail that explains the activity. This profile only covers the SAML access token.

Given an activity has occurred
And SAML is used to authorize a transaction
And the given activity is using the SAML
- XUA
- SAML requires ID and Issuer, so this profile of AuditEvent will work with any SAML token.
- usually SOAP, but not limited to SOAP
When an AuditEvent is recorded for the activity
Presumes that the consent and server have been identified in agent elements, best case with certificate identities
Then that AuditEvent would follow this profile regarding recording the SAML access token details

The following table uses a short-hand for the SAML fields and FHIR AuditEvent elements to keep the table compact. It is presumed the reader can understand the SAML field and the FHIR AuditEvent element given. Note the ~ character represents attributes under the SAML AttributeStatement.

SAML field	Minimal AuditEvent
ID	agent[user].policy
Issuer	agent[user].who.identifier.system
Subject.NameID	agent[user].who.identifier.value
~subject:purposeofuse	agent[user].purposeOfUse

note: this profile records minimal information from the SAML access token, which presumes that use of the AuditEvent at a later time will be able to resolve the given information.

Usage:

Examples for this Resource Profile: AuditEvent/ex-auditPoke-SAML-Min, AuditEvent/ex-auditPoke-SAML-Min2 and AuditEvent/ex-auditPoke-SAML-QDI-Min

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

Differential Table
Key Elements Table
Snapshot Table
Statistics/References
All

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by value:type
agent:All Slices				Content/Rules for all slices
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
agent:user		1..*	BackboneElement	Actor involved in the event
Slices for extension				Content/Rules for all slices
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
type		1..1	CodeableConcept	How agent participated Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
code		1..1	code	Symbol in syntax defined by the system Fixed Value: UserSamlAgent
who		1..1	Reference(PractitionerRole \| Practitioner \| Organization \| Device \| Patient \| RelatedPerson)	Identifier of who
identifier
system	S	0..1	uri	SAML Issuer
value	S	1..1	string	SAML Subject.NameID
requestor		1..1	boolean	Whether user is initiator Required Pattern: true
policy	S	1..1	uri	SAML token ID
media		0..0
network		0..0
purposeOfUse	S	0..*	CodeableConcept	SAML subject:purposeofuse
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
recorded	Σ	1..1	instant	Time when the event was recorded
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by value:type
agent:All Slices				Content/Rules for all slices
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
requestor	Σ	1..1	boolean	Whether user is initiator
agent:user		1..*	BackboneElement	Actor involved in the event
Slices for extension				Content/Rules for all slices
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
code		1..1	code	Symbol in syntax defined by the system Fixed Value: UserSamlAgent
who	Σ	1..1	Reference(PractitionerRole \| Practitioner \| Organization \| Device \| Patient \| RelatedPerson)	Identifier of who
identifier	Σ	0..1	Identifier	Logical reference, when literal reference is not known
use	?!Σ	0..1	code	usual \| official \| temp \| secondary \| old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
system	SΣ	0..1	uri	SAML Issuer Example General: http://www.acme.com/identifiers/patient
value	SΣ	1..1	string	SAML Subject.NameID Example General: 123456
requestor	Σ	1..1	boolean	Whether user is initiator Required Pattern: true
policy	S	1..1	uri	SAML token ID
purposeOfUse	S	0..*	CodeableConcept	SAML subject:purposeofuse Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
observer	Σ	1..1	Reference(PractitionerRole \| Practitioner \| Organization \| Device \| Patient \| RelatedPerson)	The identity of source detecting the event
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
AuditEvent.type	extensible	AuditEventID `http://hl7.org/fhir/ValueSet/audit-event-type` from the FHIR Standard
AuditEvent.agent:user.type	extensible	Pattern: UserSamlAgent `http://hl7.org/fhir/ValueSet/participation-role-type` from the FHIR Standard
AuditEvent.agent:user.who.identifier.use	required	IdentifierUse `http://hl7.org/fhir/ValueSet/identifier-use\|4.0.1` from the FHIR Standard
AuditEvent.agent:user.purposeOfUse	extensible	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse`

Description & Constraints

AuditEvent

0..*

AuditEvent

Event record kept for security purposes

id

Σ

0..1

id

Logical id of this artifact

Meta

Metadata about the resource

implicitRules

?!Σ

0..1

uri

A set of rules under which this content was created

language

0..1

code

Language of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional Bindings

Purpose

AllLanguages

Max Binding

text

0..1

Narrative

Text summary of the resource, for human interpretation

contained

0..*

Resource

Contained, inline Resources

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!

0..*

Extension

Extensions that cannot be ignored

type

Σ

1..1

Coding

Type/identifier of event
Binding: AuditEventID (extensible): Type of event.

subtype

Σ

0..*

Coding

More specific type/id for the event
Binding: AuditEventSub-Type (extensible): Sub-type of event.

action

Σ

0..1

code

Type of action performed during the event
Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.

period

0..1

Period

When the activity occurred

recorded

Σ

1..1

instant

Time when the event was recorded

outcome

Σ

0..1

code

Whether the event succeeded or failed
Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.

outcomeDesc

Σ

0..1

string

Description of the event outcome

purposeOfEvent

Σ

0..*

CodeableConcept

The purposeOfUse of the event
Binding: PurposeOfUse (extensible): The reason the activity took place.

Slices for agent

1..*

BackboneElement

Actor involved in the event
Slice: Unordered, Open by value:type

agent:All Slices

Content/Rules for all slices

id

0..1

string

Unique id for inter-element referencing

Slices for extension

0..*

Extension

Extension
Slice: Unordered, Open by value:url

assuranceLevel

S

0..*

CodeableConcept

AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)

otherId

S

0..*

Identifier

AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

0..1

CodeableConcept

How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

role

0..*

CodeableConcept

Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.

who

Σ

0..1

Identifier of who

altId

0..1

string

Alternative User identity

name

0..1

string

Human friendly name for the agent

requestor

Σ

1..1

boolean

Whether user is initiator

location

0..1

Reference(Location)

Where

policy

0..*

uri

Policy that authorized event

media

0..1

Coding

Type of media
Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.

network

0..1

BackboneElement

Logical network location for application activity

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

address

0..1

string

Identifier for the network access point of the user device

type

0..1

code

The type of network access point
Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.

purposeOfUse

0..*

CodeableConcept

Reason given for this user
Binding: PurposeOfUse (extensible): The reason the activity took place.

agent:user

1..*

BackboneElement

Actor involved in the event

id

0..1

string

Unique id for inter-element referencing

Slices for extension

0..*

Extension

Extension
Slice: Unordered, Open by value:url

assuranceLevel

S

0..*

CodeableConcept

AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)

otherId

S

0..*

Identifier

AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

1..1

CodeableConcept

How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

Required Pattern: At least the following

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

coding

1..*

Coding

Code defined by a terminology system
Fixed Value: (complex)

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

system

1..1

uri

Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes

version

0..1

string

Version of the system - if relevant

code

1..1

code

Symbol in syntax defined by the system
Fixed Value: UserSamlAgent

display

0..1

string

Representation defined by the system

userSelected

0..1

boolean

If this coding was chosen directly by the user

text

0..1

string

Plain text representation of the concept

role

0..*

CodeableConcept

Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.

who

Σ

1..1

Identifier of who

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations
Slice: Unordered, Open by value:url

reference

ΣC

0..1

string

Literal reference, Relative, internal or absolute URL

type

Σ

0..1

uri

Type the reference refers to (e.g. "Patient")
Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).

identifier

Σ

0..1

Identifier

Logical reference, when literal reference is not known

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations
Slice: Unordered, Open by value:url

use

?!Σ

0..1

code

usual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

type

Σ

0..1

CodeableConcept

Description of identifier
Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.

system

SΣ

0..1

uri

SAML Issuer
Example General: http://www.acme.com/identifiers/patient

value

SΣ

1..1

string

SAML Subject.NameID
Example General: 123456

period

Σ

0..1

Period

Time period when id is/was valid for use

assigner

Σ

0..1

Reference(Organization)

Organization that issued id (may be just text)

display

Σ

0..1

string

Text alternative for the resource

altId

0..1

string

Alternative User identity

name

0..1

string

Human friendly name for the agent

requestor

Σ

1..1

boolean

Whether user is initiator
Required Pattern: true

location

0..1

Reference(Location)

Where

policy

S

1..1

uri

SAML token ID

purposeOfUse

S

0..*

CodeableConcept

SAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.

source

1..1

BackboneElement

Audit Event Reporter

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

site

0..1

string

Logical source location within the enterprise

observer

Σ

1..1

The identity of source detecting the event

type

0..*

Coding

The type of source where event originated
Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.

entity

C

0..*

BackboneElement

Data or objects used
sev-1: Either a name or a query (NOT both)

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

what

Σ

0..1

Reference(Resource)

Specific instance of resource

type

0..1

Coding

Type of entity involved
Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.

role

0..1

Coding

What role the entity played
Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.

lifecycle

0..1

Coding

Life-cycle stage for the entity
Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.

securityLabel

0..*

Coding

Security labels on the entity
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.

name

ΣC

0..1

string

Descriptor for entity

description

0..1

string

Descriptive text

query

ΣC

0..1

base64Binary

Query parameters

detail

0..*

BackboneElement

Additional Information about the entity

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

1..1

string

Name of the property

value[x]

1..1

Property value

valueString

string

valueBase64Binary

base64Binary

Documentation for this format

Terminology Bindings

Path Conformance ValueSet / Code URI

AuditEvent.language

preferred

CommonLanguages

Additional Bindings

Purpose

AllLanguages

Max Binding

http://hl7.org/fhir/ValueSet/languages

from the FHIR Standard

AuditEvent.type

extensible

AuditEventID

http://hl7.org/fhir/ValueSet/audit-event-type

from the FHIR Standard

AuditEvent.subtype

extensible

AuditEventSub-Type

http://hl7.org/fhir/ValueSet/audit-event-sub-type

from the FHIR Standard

AuditEvent.action

required

AuditEventAction

http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1

from the FHIR Standard

AuditEvent.outcome

required

AuditEventOutcome

http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1

from the FHIR Standard

AuditEvent.purposeOfEvent

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

AuditEvent.agent.type

extensible

ParticipationRoleType

http://hl7.org/fhir/ValueSet/participation-role-type

from the FHIR Standard

AuditEvent.agent.role

example

SecurityRoleType

http://hl7.org/fhir/ValueSet/security-role-type

from the FHIR Standard

AuditEvent.agent.media

extensible

MediaTypeCode

http://hl7.org/fhir/ValueSet/dicm-405-mediatype

from the FHIR Standard

AuditEvent.agent.network.type

required

AuditEventAgentNetworkType

http://hl7.org/fhir/ValueSet/network-type|4.0.1

from the FHIR Standard

AuditEvent.agent.purposeOfUse

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

AuditEvent.agent:user.type

extensible

Pattern: UserSamlAgent

http://hl7.org/fhir/ValueSet/participation-role-type

from the FHIR Standard

AuditEvent.agent:user.role

example

SecurityRoleType

http://hl7.org/fhir/ValueSet/security-role-type

from the FHIR Standard

AuditEvent.agent:user.who.type

extensible

ResourceType

http://hl7.org/fhir/ValueSet/resource-types

from the FHIR Standard

AuditEvent.agent:user.who.identifier.use

required

IdentifierUse

http://hl7.org/fhir/ValueSet/identifier-use|4.0.1

from the FHIR Standard

AuditEvent.agent:user.who.identifier.type

extensible

Identifier Type Codes

http://hl7.org/fhir/ValueSet/identifier-type

from the FHIR Standard

AuditEvent.agent:user.network.type

required

AuditEventAgentNetworkType

http://hl7.org/fhir/ValueSet/network-type|4.0.1

from the FHIR Standard

AuditEvent.agent:user.purposeOfUse

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

AuditEvent.source.type

extensible

AuditEventSourceType

http://hl7.org/fhir/ValueSet/audit-source-type

from the FHIR Standard

AuditEvent.entity.type

extensible

AuditEventEntityType

http://hl7.org/fhir/ValueSet/audit-entity-type

from the FHIR Standard

AuditEvent.entity.role

extensible

AuditEventEntityRole

http://hl7.org/fhir/ValueSet/object-role

from the FHIR Standard

AuditEvent.entity.lifecycle

extensible

ObjectLifecycleEvents

http://hl7.org/fhir/ValueSet/object-lifecycle-events

AuditEvent.entity.securityLabel

extensible

All Security Labels

http://hl7.org/fhir/ValueSet/security-labels

from the FHIR Standard

This structure is derived from AuditEvent

Summary

Mandatory: 4 elements(1 nested mandatory element)
Must-Support: 8 elements
Prohibited: 2 elements

Extensions

This structure refers to these extensions:

Slices

This structure defines the following Slices:

The element 1 is sliced based on the value of AuditEvent.agent

Differential View

This structure is derived from AuditEvent

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by value:type
agent:All Slices				Content/Rules for all slices
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
agent:user		1..*	BackboneElement	Actor involved in the event
Slices for extension				Content/Rules for all slices
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
type		1..1	CodeableConcept	How agent participated Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
code		1..1	code	Symbol in syntax defined by the system Fixed Value: UserSamlAgent
who		1..1	Reference(PractitionerRole \| Practitioner \| Organization \| Device \| Patient \| RelatedPerson)	Identifier of who
identifier
system	S	0..1	uri	SAML Issuer
value	S	1..1	string	SAML Subject.NameID
requestor		1..1	boolean	Whether user is initiator Required Pattern: true
policy	S	1..1	uri	SAML token ID
media		0..0
network		0..0
purposeOfUse	S	0..*	CodeableConcept	SAML subject:purposeofuse
Documentation for this format

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
AuditEvent		0..*	AuditEvent	Event record kept for security purposes
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	Coding	Type/identifier of event Binding: AuditEventID (extensible): Type of event.
recorded	Σ	1..1	instant	Time when the event was recorded
Slices for agent		1..*	BackboneElement	Actor involved in the event Slice: Unordered, Open by value:type
agent:All Slices				Content/Rules for all slices
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
requestor	Σ	1..1	boolean	Whether user is initiator
agent:user		1..*	BackboneElement	Actor involved in the event
Slices for extension				Content/Rules for all slices
assuranceLevel	S	0..*	CodeableConcept	AuditEvent.agent Assurance Level URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel Binding: SecurityTrustAssuranceObservationValue (preferred)
otherId	S	0..*	Identifier	AuditEvent.agent other identifiers URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type		1..1	CodeableConcept	How agent participated Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event. Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (complex)
system		1..1	uri	Identity of the terminology system Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes
code		1..1	code	Symbol in syntax defined by the system Fixed Value: UserSamlAgent
who	Σ	1..1	Reference(PractitionerRole \| Practitioner \| Organization \| Device \| Patient \| RelatedPerson)	Identifier of who
identifier	Σ	0..1	Identifier	Logical reference, when literal reference is not known
use	?!Σ	0..1	code	usual \| official \| temp \| secondary \| old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
system	SΣ	0..1	uri	SAML Issuer Example General: http://www.acme.com/identifiers/patient
value	SΣ	1..1	string	SAML Subject.NameID Example General: 123456
requestor	Σ	1..1	boolean	Whether user is initiator Required Pattern: true
policy	S	1..1	uri	SAML token ID
purposeOfUse	S	0..*	CodeableConcept	SAML subject:purposeofuse Binding: PurposeOfUse (extensible): The reason the activity took place.
source		1..1	BackboneElement	Audit Event Reporter
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
observer	Σ	1..1	Reference(PractitionerRole \| Practitioner \| Organization \| Device \| Patient \| RelatedPerson)	The identity of source detecting the event
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
AuditEvent.type	extensible	AuditEventID `http://hl7.org/fhir/ValueSet/audit-event-type` from the FHIR Standard
AuditEvent.agent:user.type	extensible	Pattern: UserSamlAgent `http://hl7.org/fhir/ValueSet/participation-role-type` from the FHIR Standard
AuditEvent.agent:user.who.identifier.use	required	IdentifierUse `http://hl7.org/fhir/ValueSet/identifier-use\|4.0.1` from the FHIR Standard
AuditEvent.agent:user.purposeOfUse	extensible	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse`

Snapshot View

Description & Constraints

AuditEvent

0..*

AuditEvent

Event record kept for security purposes

id

Σ

0..1

id

Logical id of this artifact

Meta

Metadata about the resource

implicitRules

?!Σ

0..1

uri

A set of rules under which this content was created

language

0..1

code

Language of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional Bindings

Purpose

AllLanguages

Max Binding

text

0..1

Narrative

Text summary of the resource, for human interpretation

contained

0..*

Resource

Contained, inline Resources

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!

0..*

Extension

Extensions that cannot be ignored

type

Σ

1..1

Coding

Type/identifier of event
Binding: AuditEventID (extensible): Type of event.

subtype

Σ

0..*

Coding

More specific type/id for the event
Binding: AuditEventSub-Type (extensible): Sub-type of event.

action

Σ

0..1

code

Type of action performed during the event
Binding: AuditEventAction (required): Indicator for type of action performed during the event that generated the event.

period

0..1

Period

When the activity occurred

recorded

Σ

1..1

instant

Time when the event was recorded

outcome

Σ

0..1

code

Whether the event succeeded or failed
Binding: AuditEventOutcome (required): Indicates whether the event succeeded or failed.

outcomeDesc

Σ

0..1

string

Description of the event outcome

purposeOfEvent

Σ

0..*

CodeableConcept

The purposeOfUse of the event
Binding: PurposeOfUse (extensible): The reason the activity took place.

Slices for agent

1..*

BackboneElement

Actor involved in the event
Slice: Unordered, Open by value:type

agent:All Slices

Content/Rules for all slices

id

0..1

string

Unique id for inter-element referencing

Slices for extension

0..*

Extension

Extension
Slice: Unordered, Open by value:url

assuranceLevel

S

0..*

CodeableConcept

AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)

otherId

S

0..*

Identifier

AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

0..1

CodeableConcept

How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

role

0..*

CodeableConcept

Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.

who

Σ

0..1

Identifier of who

altId

0..1

string

Alternative User identity

name

0..1

string

Human friendly name for the agent

requestor

Σ

1..1

boolean

Whether user is initiator

location

0..1

Reference(Location)

Where

policy

0..*

uri

Policy that authorized event

media

0..1

Coding

Type of media
Binding: MediaTypeCode (extensible): Used when the event is about exporting/importing onto media.

network

0..1

BackboneElement

Logical network location for application activity

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

address

0..1

string

Identifier for the network access point of the user device

type

0..1

code

The type of network access point
Binding: AuditEventAgentNetworkType (required): The type of network access point of this agent in the audit event.

purposeOfUse

0..*

CodeableConcept

Reason given for this user
Binding: PurposeOfUse (extensible): The reason the activity took place.

agent:user

1..*

BackboneElement

Actor involved in the event

id

0..1

string

Unique id for inter-element referencing

Slices for extension

0..*

Extension

Extension
Slice: Unordered, Open by value:url

assuranceLevel

S

0..*

CodeableConcept

AuditEvent.agent Assurance Level
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-assuranceLevel
Binding: SecurityTrustAssuranceObservationValue (preferred)

otherId

S

0..*

Identifier

AuditEvent.agent other identifiers
URL: https://profiles.ihe.net/ITI/BALP/StructureDefinition/ihe-otherId

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

1..1

CodeableConcept

How agent participated
Binding: ParticipationRoleType (extensible): The Participation type of the agent to the event.

Required Pattern: At least the following

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

coding

1..*

Coding

Code defined by a terminology system
Fixed Value: (complex)

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

system

1..1

uri

Identity of the terminology system
Fixed Value: https://profiles.ihe.net/ITI/BALP/CodeSystem/UserAgentTypes

version

0..1

string

Version of the system - if relevant

code

1..1

code

Symbol in syntax defined by the system
Fixed Value: UserSamlAgent

display

0..1

string

Representation defined by the system

userSelected

0..1

boolean

If this coding was chosen directly by the user

text

0..1

string

Plain text representation of the concept

role

0..*

CodeableConcept

Agent role in the event
Binding: SecurityRoleType (example): What security role enabled the agent to participate in the event.

who

Σ

1..1

Identifier of who

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations
Slice: Unordered, Open by value:url

reference

ΣC

0..1

string

Literal reference, Relative, internal or absolute URL

type

Σ

0..1

uri

Type the reference refers to (e.g. "Patient")
Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model).

identifier

Σ

0..1

Identifier

Logical reference, when literal reference is not known

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations
Slice: Unordered, Open by value:url

use

?!Σ

0..1

code

usual | official | temp | secondary | old (If known)
Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .

type

Σ

0..1

CodeableConcept

Description of identifier
Binding: Identifier Type Codes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.

system

SΣ

0..1

uri

SAML Issuer
Example General: http://www.acme.com/identifiers/patient

value

SΣ

1..1

string

SAML Subject.NameID
Example General: 123456

period

Σ

0..1

Period

Time period when id is/was valid for use

assigner

Σ

0..1

Reference(Organization)

Organization that issued id (may be just text)

display

Σ

0..1

string

Text alternative for the resource

altId

0..1

string

Alternative User identity

name

0..1

string

Human friendly name for the agent

requestor

Σ

1..1

boolean

Whether user is initiator
Required Pattern: true

location

0..1

Reference(Location)

Where

policy

S

1..1

uri

SAML token ID

purposeOfUse

S

0..*

CodeableConcept

SAML subject:purposeofuse
Binding: PurposeOfUse (extensible): The reason the activity took place.

source

1..1

BackboneElement

Audit Event Reporter

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

site

0..1

string

Logical source location within the enterprise

observer

Σ

1..1

The identity of source detecting the event

type

0..*

Coding

The type of source where event originated
Binding: AuditEventSourceType (extensible): Code specifying the type of system that detected and recorded the event.

entity

C

0..*

BackboneElement

Data or objects used
sev-1: Either a name or a query (NOT both)

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

what

Σ

0..1

Reference(Resource)

Specific instance of resource

type

0..1

Coding

Type of entity involved
Binding: AuditEventEntityType (extensible): Code for the entity type involved in the audit event.

role

0..1

Coding

What role the entity played
Binding: AuditEventEntityRole (extensible): Code representing the role the entity played in the audit event.

lifecycle

0..1

Coding

Life-cycle stage for the entity
Binding: ObjectLifecycleEvents (extensible): Identifier for the data life-cycle stage for the entity.

securityLabel

0..*

Coding

Security labels on the entity
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.

name

ΣC

0..1

string

Descriptor for entity

description

0..1

string

Descriptive text

query

ΣC

0..1

base64Binary

Query parameters

detail

0..*

BackboneElement

Additional Information about the entity

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

1..1

string

Name of the property

value[x]

1..1

Property value

valueString

string

valueBase64Binary

base64Binary

Documentation for this format

Terminology Bindings

Path Conformance ValueSet / Code URI

AuditEvent.language

preferred

CommonLanguages

Additional Bindings

Purpose

AllLanguages

Max Binding

http://hl7.org/fhir/ValueSet/languages

from the FHIR Standard

AuditEvent.type

extensible

AuditEventID

http://hl7.org/fhir/ValueSet/audit-event-type

from the FHIR Standard

AuditEvent.subtype

extensible

AuditEventSub-Type

http://hl7.org/fhir/ValueSet/audit-event-sub-type

from the FHIR Standard

AuditEvent.action

required

AuditEventAction

http://hl7.org/fhir/ValueSet/audit-event-action|4.0.1

from the FHIR Standard

AuditEvent.outcome

required

AuditEventOutcome

http://hl7.org/fhir/ValueSet/audit-event-outcome|4.0.1

from the FHIR Standard

AuditEvent.purposeOfEvent

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

AuditEvent.agent.type

extensible

ParticipationRoleType

http://hl7.org/fhir/ValueSet/participation-role-type

from the FHIR Standard

AuditEvent.agent.role

example

SecurityRoleType

http://hl7.org/fhir/ValueSet/security-role-type

from the FHIR Standard

AuditEvent.agent.media

extensible

MediaTypeCode

http://hl7.org/fhir/ValueSet/dicm-405-mediatype

from the FHIR Standard

AuditEvent.agent.network.type

required

AuditEventAgentNetworkType

http://hl7.org/fhir/ValueSet/network-type|4.0.1

from the FHIR Standard

AuditEvent.agent.purposeOfUse

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

AuditEvent.agent:user.type

extensible

Pattern: UserSamlAgent

http://hl7.org/fhir/ValueSet/participation-role-type

from the FHIR Standard

AuditEvent.agent:user.role

example

SecurityRoleType

http://hl7.org/fhir/ValueSet/security-role-type

from the FHIR Standard

AuditEvent.agent:user.who.type

extensible

ResourceType

http://hl7.org/fhir/ValueSet/resource-types

from the FHIR Standard

AuditEvent.agent:user.who.identifier.use

required

IdentifierUse

http://hl7.org/fhir/ValueSet/identifier-use|4.0.1

from the FHIR Standard

AuditEvent.agent:user.who.identifier.type

extensible

Identifier Type Codes

http://hl7.org/fhir/ValueSet/identifier-type

from the FHIR Standard

AuditEvent.agent:user.network.type

required

AuditEventAgentNetworkType

http://hl7.org/fhir/ValueSet/network-type|4.0.1

from the FHIR Standard

AuditEvent.agent:user.purposeOfUse

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

AuditEvent.source.type

extensible

AuditEventSourceType

http://hl7.org/fhir/ValueSet/audit-source-type

from the FHIR Standard

AuditEvent.entity.type

extensible

AuditEventEntityType

http://hl7.org/fhir/ValueSet/audit-entity-type

from the FHIR Standard

AuditEvent.entity.role

extensible

AuditEventEntityRole

http://hl7.org/fhir/ValueSet/object-role

from the FHIR Standard

AuditEvent.entity.lifecycle

extensible

ObjectLifecycleEvents

http://hl7.org/fhir/ValueSet/object-lifecycle-events

AuditEvent.entity.securityLabel

extensible

All Security Labels

http://hl7.org/fhir/ValueSet/security-labels

from the FHIR Standard

This structure is derived from AuditEvent

Summary

Mandatory: 4 elements(1 nested mandatory element)
Must-Support: 8 elements
Prohibited: 2 elements

Extensions

This structure refers to these extensions:

Slices

This structure defines the following Slices:

The element 1 is sliced based on the value of AuditEvent.agent

Other representations of profile: CSV, Excel, Schematron

<prev

top

next>

IG © 2022+ IHE IT Infrastructure Technical Committee. Package ihe.iti.balp#1.1.4-current based on FHIR 4.0.1. Generated 2024-11-14
Links: Table of Contents | QA Report | New Issue | Issues Version History | | Propose a change external