Google Site Search

Google
 

Saturday, April 12, 2008

Tests for the Oasis XACML Interoperability Event at RSA Conference 2008

Now that we have seen the Policy Set(s) for the interoperability tests, I would like to point out the tests that pass in requests and expect the desired result. Please note that these tests are just a reflection of the interaction that happened between the Health care application developed by the Department of Veterans Affairs (VA) and the PDPs of individual companies.

The JUnit Test Case is here: InteropUnitTestCases

The various request files used in this test case are available at:
OasisXACMLInteroperabilityEventAtRSAConferenceRequests


Pseudo-Code for the evaluation:

if ( ! (request.subject.locality == request.environment.locality) )
    if ( ! ("hl7.pea-001" ==
            any-of(request.subject.hl7.permission)) )
      Result = Deny
    else
      Result = Permit
      response.add(Obligation(emergency.override, ffon-permit))
    end
  end
  if ( ! Result == Deny )
    if (request.hl7.conf-code == "UBA")
      if ( ! (request.subject.subject-id == 
              any-of(request.resource.hl7.dissented-subject-id) ) )
        Result = Permit
      else
        Result = Deny
        response.add(Obligation(privacy.constraint, ffon-deny)
      end
    end
  end
  if ( ! (Result == Deny )
    if (request.hl7.conf-code == "MA")
      if (request.subject.subject-id ==
          any-of(request.resource.hl7.object.1.dissented-subject-id) )
        Result = Permit
        response.add(Obligation(privacy.constraint.object.1, ffon-permit)
      end
        ...
      if (request.subject.subject-id ==
          request.resource.hl7.object.n.dissented-subject-id)
        Result = Permit
        response.add(Obligation(privacy.constraint.object.n, ffon-permit)
      end
    end
  end
  if ( ! (Result == Deny))
    if (request.resource.type == "resource.hl7.progress-note)
      if (request.resource.progress-note.signed == false)
        if ( ! (request.subject.subject-id == 
                anyof(request.resource.progress-note.author-subject-id) ) )
          Result = Deny
        end
      end
    end
  end
  if ( ! (Result == Deny))
    if (request.subject.role == role.hl7.physician)
      check-vrole-permissions()
    end
    if ( ! (Result == Permit) )
      if ( (hl7.prd-003 == subset-of(subject.hl7.permission[n-values]) &&
           (hl7.prd-005 == subset-of(subject.hl7.permission[n-values]) &&
           (hl7.prd-006 == subset-of(subject.hl7.permission[n-values]) &&
           (hl7.prd-009 == subset-of(subject.hl7.permission[n-values]) &&
           (hl7.prd-010 == subset-of(subject.hl7.permission[n-values]) &&
           (hl7.prd-012 == subset-of(subject.hl7.permission[n-values]) &&
           (hl7.prd-017 == subset-of(subject.hl7.permission[n-values]) )
        check-vrole-permissions()
      end
    end
    // need to add here a deny if no permit found
  end

  check-vrole-permissions()
    if (request.resource.type == "hl7-medical-record")
      if ( request.resource.hl7.permission[m-values] ==
           subset-of(subject.hl7.permission[n-values] )
         Result = Permit
      end
    end
  return
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)