report: security and privacy ontology
TRANSCRIPT
Report:
Security and Privacy Ontology
Tony Weida
HL7 Working Group Meeting
January 2012
Introduction
• Project
– HL7 Security and Privacy Ontology
• Sponsor
– Security WG
• Co-sponsors
– CBCC, Vocabulary, SOA, EHR
• Scope
– Healthcare IT security, privacy, and their relationship
• Focus
– Currently on access control
2
Motivation
• Identify important concepts in HIT security and privacy – Standardize names
– Give clear, precise textual definitions
– Formally define as classes in OWL
– Organize in a unified, consistent, formal ontology (vocabulary) • Classify in a taxonomy
• Connect in other meaningful and useful ways
• Promote interoperability – Common vocabulary for access control, privacy protection, etc.
– Across organizations and across implementations
• Provide sound basis for e-Policies and e-Consents
• Support consistent and effective implementation – Concise authorizations at appropriate levels of abstraction
– Future proofing
3
OWL
• Web Ontology Language
• W3C recommendation
• De facto standard
• Based on Description Logic (DL)
• “Semantic Web”
• Web veneer
– Internationalized Resource Identifiers (IRIs)
– XML syntaxes
• Now OWL 2
Protégé
• “Ontology editor and knowledge based
framework”
• Stanford Biomedical Informatics Research
Center
• Now Protégé 4.1
• Protégé OWL Editor
– Protégé extension to support OWL
– OWL plug-ins
• Several OWL reasoners; currently ships with HermiT
• Visualization tabs
Protégé
Screenshot
6
• Class Hierarchy
• Annotations
•Description
Earlier Work
• Initial content focused on HL7 RBAC
• Established approach to modeling, naming
conventions, metadata, documentation …
• “Work in Progress” document balloted for
comments
• Feedback collected, discussed and addressed
7
Update Since Last WG Meeting
• Resumed work after hiatus
• Hosted Ontology Browser
• Extended modeling
– Increased coverage of CSP DAM
• Generalized security elements
• Added privacy elements
• Enhanced modularity
– More sub-ontologies
8
Hosted Browsing
• Ontology Browser software hosted by Apelon at http://216.47.173.3:8080/browser/
• Details on HL7 Wiki page for Security and Privacy Ontology – http://wiki.hl7.org/index.php?title=Security_and_Privacy_O
ntology
– Linked from Security WG page
• Facilitates review
• Good alternatives – OWLDoc (self contained HTML)
– Local software installation
• Ontology Browser (just needs Tomcat or similar)
• Protégé 4.1
9
Ontology Browser
10
SecurityAndPrivacy.owl
• Models core security and privacy concepts
– Based on ISO and HL7 standard specifications
• Intended to become normative
11
Sub-Ontologies for Modularity • Core
– SecurityAndPrivacy
• Auxiliary (normative / non-normative) – Role
– Operation
– Object
– Permission
– Confidentiality
– Sensitivity
– ClinicalCondition
– …
• Example (non-normative) – SomewhereHospital.owl
• Exemplifies local instantiation
• Imports and extends other sub-ontologies
• Models individuals exemplifying classes – _SomewhereHospital
– _DoctorWelby
– …
12
Logical Descriptions
• Reflect and formalize text definitions
• Clarify intent and foster appropriate consensus
• Generate class hierarchy
13
Example: Grantee
• Classification
– Neither above/nor below person
– Neither above/nor below organization
14
Provisional Example: Consenter
“A Consenter is a person who is an individual client of
healthcare services or a client delegate (Substitute Decision
Maker) that uses a computer system to manage client privacy
consent directives.” – CSP-DAM
15
Going Forward
• Meetings
• Work plan (for Tuesday discussion)
• HL7 Calendar
16
Event Date*
Notification of Intent to Ballot February 26
Initial Content Deadline (V3) – including topic and artifact placeholders.
March 4
V3 Preview for Ballot Opens – all material (even draft) required for ballot
March 11
Final Content Deadline – all content for this cycle must be complete by this date.
March 25
*Note: deadlines fall on Sundays
Discussion
17