Release 5

Publish-box (todo)

Example CodeSystem/permission-rule-combining (Turtle)

Security Work GroupMaturity Level: N/AStandards Status: Informative

Raw Turtle (+ also see Turtle/RDF Format Specification)

Definition for Code SystemPermissionRuleCombining

@prefix fhir: <http://hl7.org/fhir/> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .

# - resource -------------------------------------------------------------------

[] a fhir:CodeSystem ;
  fhir:id [ fhir:v "permission-rule-combining"] ;
  fhir:meta [
     fhir:lastUpdated [ fhir:v "2023-03-26T15:21:02.749+11:00" ] ;
     fhir:profile ( [ fhir:v "http://hl7.org/fhir/StructureDefinition/shareablecodesystem" ] )
  ] ;
  fhir:text [
     fhir:status [ fhir:v "generated" ]
  ] ;
  fhir:extension ( [
     fhir:url [ fhir:v "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg" ] ;
     fhir:value [ fhir:v "sec" ]
  ] [
     fhir:url [ fhir:v "http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status" ] ;
     fhir:value [ fhir:v "trial-use" ]
  ] [
     fhir:url [ fhir:v "http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm" ] ;
     fhir:value [ fhir:v "0" ]
  ] ) ;
  fhir:url [ fhir:v "http://hl7.org/fhir/permission-rule-combining"], [ fhir:v "http://hl7.org/fhir/permission-rule-combining"] ;
  fhir:identifier ( [
     fhir:system [ fhir:v "urn:ietf:rfc:3986" ] ;
     fhir:value [ fhir:v "urn:oid:2.16.840.1.113883.4.642.4.2070" ]
  ] [
     fhir:system [ fhir:v "urn:ietf:rfc:3986" ] ;
     fhir:value [ fhir:v "urn:oid:2.16.840.1.113883.4.642.4.2070" ]
  ] ) ;
  fhir:version [ fhir:v "5.0.0"], [ fhir:v "5.0.0"] ;
  fhir:name [ fhir:v "PermissionRuleCombining"], [ fhir:v "PermissionRuleCombining"] ;
  fhir:title [ fhir:v "Permission Rule Combining"], [ fhir:v "Permission Rule Combining"] ;
  fhir:status [ fhir:v "active"], [ fhir:v "active"] ;
  fhir:experimental [ fhir:v "false"], [ fhir:v "false"] ;
  fhir:date [ fhir:v "2022-08-05T10:01:24+11:00"], [ fhir:v "2022-08-05T10:01:24+11:00"] ;
  fhir:publisher [ fhir:v "HL7 (FHIR Project)"], [ fhir:v "HL7 (FHIR Project)"] ;
  fhir:contact ( [
     fhir:telecom ( [
       fhir:system [ fhir:v "url" ] ;
       fhir:value [ fhir:v "http://hl7.org/fhir" ]
     ] [
       fhir:system [ fhir:v "email" ] ;
       fhir:value [ fhir:v "fhir@lists.hl7.org" ]
     ] )
  ] [
     fhir:telecom ( [
       fhir:system [ fhir:v "url" ] ;
       fhir:value [ fhir:v "http://hl7.org/fhir" ]
     ] [
       fhir:system [ fhir:v "email" ] ;
       fhir:value [ fhir:v "fhir@lists.hl7.org" ]
     ] )
  ] ) ;
  fhir:description [ fhir:v "Codes identifying the rule combining. See XACML Combining algorithms  http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html"], [ fhir:v "Codes identifying the rule combining. See XACML Combining algorithms  http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html"] ;
  fhir:jurisdiction ( [
     fhir:coding ( [
       fhir:system [ fhir:v "http://unstats.un.org/unsd/methods/m49/m49.htm" ] ;
       fhir:code [ fhir:v "001" ] ;
       fhir:display [ fhir:v "World" ]
     ] )
  ] [
     fhir:coding ( [
       fhir:system [ fhir:v "http://unstats.un.org/unsd/methods/m49/m49.htm" ] ;
       fhir:code [ fhir:v "001" ] ;
       fhir:display [ fhir:v "World" ]
     ] )
  ] ) ;
  fhir:caseSensitive [ fhir:v "true"] ;
  fhir:content [ fhir:v "complete"] ;
  fhir:concept ( [
     fhir:code [ fhir:v "deny-overrides" ] ;
     fhir:display [ fhir:v "Deny-overrides" ] ;
     fhir:definition [ fhir:v "The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision." ]
  ] [
     fhir:code [ fhir:v "permit-overrides" ] ;
     fhir:display [ fhir:v "Permit-overrides" ] ;
     fhir:definition [ fhir:v "The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision." ]
  ] [
     fhir:code [ fhir:v "ordered-deny-overrides" ] ;
     fhir:display [ fhir:v "Ordered-deny-overrides" ] ;
     fhir:definition [ fhir:v "The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception.  The order in which the collection of rules is evaluated SHALL match the order as listed in the permission." ]
  ] [
     fhir:code [ fhir:v "ordered-permit-overrides" ] ;
     fhir:display [ fhir:v "Ordered-permit-overrides" ] ;
     fhir:definition [ fhir:v "The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception.  The order in which the collection of rules is evaluated SHALL match the order as listed in the permission." ]
  ] [
     fhir:code [ fhir:v "deny-unless-permit" ] ;
     fhir:display [ fhir:v "Deny-unless-permit" ] ;
     fhir:definition [ fhir:v "The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result." ]
  ] [
     fhir:code [ fhir:v "permit-unless-deny" ] ;
     fhir:display [ fhir:v "Permit-unless-deny" ] ;
     fhir:definition [ fhir:v "The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior." ]
  ] ) .

# -------------------------------------------------------------------------------------

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.