Google Site Search

Google
 

Saturday, April 12, 2008

Tests for the Oasis XACML Interoperability Event at RSA Conference 2008

Now that we have seen the Policy Set(s) for the interoperability tests, I would like to point out the tests that pass in requests and expect the desired result. Please note that these tests are just a reflection of the interaction that happened between the Health care application developed by the Department of Veterans Affairs (VA) and the PDPs of individual companies.

The JUnit Test Case is here: InteropUnitTestCases

The various request files used in this test case are available at:
OasisXACMLInteroperabilityEventAtRSAConferenceRequests


Pseudo-Code for the evaluation:

if ( ! (request.subject.locality == request.environment.locality) )
if ( ! ("hl7.pea-001" ==
any-of(request.subject.hl7.permission)) )
Result = Deny
else
Result = Permit
response.add(Obligation(emergency.override, ffon-permit))
end
end
if ( ! Result == Deny )
if (request.hl7.conf-code == "UBA")
if ( ! (request.subject.subject-id ==
any-of(request.resource.hl7.dissented-subject-id) ) )
Result = Permit
else
Result = Deny
response.add(Obligation(privacy.constraint, ffon-deny)
end
end
end
if ( ! (Result == Deny )
if (request.hl7.conf-code == "MA")
if (request.subject.subject-id ==
any-of(request.resource.hl7.object.1.dissented-subject-id) )
Result = Permit
response.add(Obligation(privacy.constraint.object.1, ffon-permit)
end
...
if (request.subject.subject-id ==
request.resource.hl7.object.n.dissented-subject-id)
Result = Permit
response.add(Obligation(privacy.constraint.object.n, ffon-permit)
end
end
end
if ( ! (Result == Deny))
if (request.resource.type == "resource.hl7.progress-note)
if (request.resource.progress-note.signed == false)
if ( ! (request.subject.subject-id ==
anyof(request.resource.progress-note.author-subject-id) ) )
Result = Deny
end
end
end
end
if ( ! (Result == Deny))
if (request.subject.role == role.hl7.physician)
check-vrole-permissions()
end
if ( ! (Result == Permit) )
if ( (hl7.prd-003 == subset-of(subject.hl7.permission[n-values]) &&
(hl7.prd-005 == subset-of(subject.hl7.permission[n-values]) &&
(hl7.prd-006 == subset-of(subject.hl7.permission[n-values]) &&
(hl7.prd-009 == subset-of(subject.hl7.permission[n-values]) &&
(hl7.prd-010 == subset-of(subject.hl7.permission[n-values]) &&
(hl7.prd-012 == subset-of(subject.hl7.permission[n-values]) &&
(hl7.prd-017 == subset-of(subject.hl7.permission[n-values]) )
check-vrole-permissions()
end
end
// need to add here a deny if no permit found
end

check-vrole-permissions()
if (request.resource.type == "hl7-medical-record")
if ( request.resource.hl7.permission[m-values] ==
subset-of(subject.hl7.permission[n-values] )
Result = Permit
end
end
return

No comments: