Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pepub edits for PCF 1.0.0-comment #22

Merged
merged 31 commits into from
May 2, 2023
Merged

Pepub edits for PCF 1.0.0-comment #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
1f95b41
punctuation updates, capitalization update, remove italic in one TOC …
MaryLJ May 1, 2023
8cd6055
updates to page and menu titles (not html files)
MaryLJ May 1, 2023
38d651f
add 1: (indicating Volume 1) in front of heading and figure numbers, …
MaryLJ May 1, 2023
a5d31c8
use-case to use case
MaryLJ May 1, 2023
18537b7
capitalization updates, punctuation updates, delete duplicate word, m…
MaryLJ May 1, 2023
e80f105
tweaks to titles (menu or page)
MaryLJ May 1, 2023
10ab3ae
capitalization updates, punctuation updates, added some additional he…
MaryLJ May 1, 2023
0571e03
corrected table reference number (3.2-1 to 1:53.2-1), added table tit…
MaryLJ May 2, 2023
755bb5d
capitalization updates, punctuation updates, remove "Actor" after act…
MaryLJ May 2, 2023
849fcc3
change use-case to use case
MaryLJ May 2, 2023
ee23073
punctuation updates, spacing updates, capitalization updates
MaryLJ May 2, 2023
d205de8
punctuation update
MaryLJ May 2, 2023
0de420c
punctuation updates
MaryLJ May 2, 2023
045568e
punctuation updates, capitalization updates, fix a typo, minor wordin…
MaryLJ May 2, 2023
9b72b72
punctuation updates
MaryLJ May 2, 2023
8844879
punctuation updates
MaryLJ May 2, 2023
9759943
removed extra space
MaryLJ May 2, 2023
06c1c6b
remove extra space, punctuation update
MaryLJ May 2, 2023
14c3e49
remove extra space, punctuation update
MaryLJ May 2, 2023
5b47ba2
remove extra space, punctuation updated
MaryLJ May 2, 2023
7fc48ff
punctuation update
MaryLJ May 2, 2023
990a118
remove extra space, punctuation updates
MaryLJ May 2, 2023
04c9efb
remove extra space, punctuation updates
MaryLJ May 2, 2023
b500cf8
remove extra space, punctuation updates
MaryLJ May 2, 2023
f221e68
remove extra space, punctuation updates
MaryLJ May 2, 2023
bb75e60
remove extra space, punctuation updates
MaryLJ May 2, 2023
d3a7867
remove extra space, punctuation updates
MaryLJ May 2, 2023
38ce48a
remove extra space, punctuation updates
MaryLJ May 2, 2023
669fdab
remove extra space, punctuation updates
MaryLJ May 2, 2023
aa118bc
remove extra space, punctuation updates
MaryLJ May 2, 2023
a9b1c0a
punctuation updates
MaryLJ May 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions input/pagecontent/Consent-ex-consent-advanced-normal-focused-psy-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. This case allows treatment access to normal data, and carves out mental health data as accessible only to [Practitioner](Practitioner-ex-practitioner.html). The oAuth token would be expressing a general permit for most users to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. This case allows treatment access to normal data, and carves out mental health data as accessible only to [Practitioner](Practitioner-ex-practitioner.html). The oAuth token would be expressing a general permit for most users to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

Expand All @@ -12,11 +12,11 @@ For Users that are not [Practitioner](Practitioner-ex-practitioner.html), the to
For the User [Practitioner](Practitioner-ex-practitioner.html), the token **result** will be:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to just normal data would need to be expressed:
- First as a forbid everything
- Second as a permit normal data
- Third is to permit Mental Health data
- Third is to permit Mental Health data

```json
"extensions" : {
Expand Down
8 changes: 4 additions & 4 deletions input/pagecontent/Consent-ex-consent-advanced-normal-focused-psy-or-sex-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,21 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. This case allows treatment access to normal data, and carves out mental health data and sexual health data as accessible only to [Practitioner](Practitioner-ex-practitioner.html). The oAuth token would be expressing a general permit for most users to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. This case allows treatment access to normal data, and carves out mental health data and sexual health data as accessible only to [Practitioner](Practitioner-ex-practitioner.html). The oAuth token would be expressing a general permit for most users to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

For Users that are not [Practitioner](Practitioner-ex-practitioner.html), the token **result** will be no different than consent to [allow NORMAL data access](Consent-ex-consent-advanced-normal.html)
For Users that are not [Practitioner](Practitioner-ex-practitioner.html), the token **result** will be no different than consent to [allow NORMAL data access](Consent-ex-consent-advanced-normal.html).
- ITI-71 [access token](Consent-ex-consent-advanced-normal.html#notes)

For the User [Practitioner](Practitioner-ex-practitioner.html), the token **result** will be:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to just normal data would need to be expressed:
- First as a forbid everything
- Second as a permit normal data
- Third is to permit Mental Health data and Sexual Health Data
- Third is to permit Mental Health data and Sexual Health Data

```json
"extensions" : {
Expand Down
6 changes: 3 additions & 3 deletions input/pagecontent/Consent-ex-consent-advanced-normal-not-restricted-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the restriction to normal data is at the root, it means that nothing BUT normal data is allowed. This case also has explicit deny on restricted data. This restriction would be implied, but here it is explicit, so we will show how to make it explicit in the oAuth token. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the restriction to normal data is at the root, it means that nothing BUT normal data is allowed. This case also has explicit deny on restricted data. This restriction would be implied, but here it is explicit, so we will show how to make it explicit in the oAuth token. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to just normal data would need to be expressed:
- First as a forbid everything
- Second as a permit normal data
- Third is a redundant forbid of restricted data
- Third is a redundant forbid of restricted data

```json
"extensions" : {
Expand Down
2 changes: 1 addition & 1 deletion input/pagecontent/Consent-ex-consent-advanced-normal-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the restriction to normal data is at the root, it means that nothing BUT normal data is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the restriction to normal data is at the root, it means that nothing BUT normal data is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

Expand Down
4 changes: 2 additions & 2 deletions input/pagecontent/Consent-ex-consent-advanced-normal-restricted-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the restriction to normal data is at the root, it means that nothing BUT normal data is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the restriction to normal data is at the root, it means that nothing BUT normal data is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to just normal data would need to be expressed:
- First as a forbid everything
- Second as a permit normal data
Expand Down
8 changes: 4 additions & 4 deletions input/pagecontent/Consent-ex-consent-basic-treat-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following PCF specific element to inform the **Consent Enforcement Point**.

In this case there is no residual, as the Consent expresses that authorization be given for a given purpose of use. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources. No token would be issued by ITI-71 for users not authorized, or requests beyond the set of purpose of use.
In this case there is no residual, as the Consent expresses that authorization be given for a given purpose of use. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources. No token would be issued by ITI-71 for users not authorized, or requests beyond the set of purpose of use.

- The restriction to the given purpose (FooBar) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The consent is indicated in the `ihe_pcf`.
- no `residual` element is provided, indicating that no residual rules need be enforced.
- The other `ihe_iua` extension parameters are not shown below
- The consent is indicated in the `ihe_pcf`
- no `residual` element is provided, indicating that no residual rules need be enforced

```json
"extensions" : {
Expand Down
2 changes: 1 addition & 1 deletion input/pagecontent/Consent-ex-consent-expired-treat-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
#### IUA Access Token

Provided an [ITI-71](other.html#updates-to-iti-71) is requested prior to expiration, then the resulting token would be the same as [Basic Consent to sharing for Treatment policy](Consent-ex-consent-basic-treat.html#notes). If the request is after expiration then [ITI-71] responds with an error response as defined in the OAuth 2.1 Authorization Framework [OAuth 2.1, Section 5.2].
Provided an [ITI-71](other.html#updates-to-iti-71) is requested prior to expiration, then the resulting token would be the same as [Basic Consent to sharing for Treatment policy](Consent-ex-consent-basic-treat.html#notes). If the request is after expiration, then [ITI-71] responds with an error response as defined in the OAuth 2.1 Authorization Framework [OAuth 2.1, Section 5.2].
4 changes: 2 additions & 2 deletions input/pagecontent/Consent-ex-consent-intermediate-authoredby-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the authored by filter is at the root, it means that nothing BUT the information authored by the given practitioner is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the authored by filter is at the root, it means that nothing BUT the information authored by the given practitioner is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to data authored by the given practitioner would need to be expressed:
- First as a forbid everything
- Second as a permit that which is authored by the given practitioner
Expand Down
4 changes: 2 additions & 2 deletions input/pagecontent/Consent-ex-consent-intermediate-data-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the data filter is at the root, it means that nothing BUT the data is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the data filter is at the root, it means that nothing BUT the data is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to the given set of data would need to be expressed:
- First as a forbid everything
- Second as a permit that specific data
Expand Down
4 changes: 2 additions & 2 deletions input/pagecontent/Consent-ex-consent-intermediate-encounter-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the encounter filter is at the root, it means that nothing BUT the information related to the encounter is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case, given that the encounter filter is at the root, it means that nothing BUT the information related to the encounter is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to data related to the encounter would need to be expressed:
- First as a forbid everything
- Second as a permit that data related to the encounter
Expand Down
4 changes: 2 additions & 2 deletions input/pagecontent/Consent-ex-consent-intermediate-not-authoredby-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case the oAuth token and scope will address a general permit, and thus the `residual` need only express the forbid to information authored by the given practitioner.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case the oAuth token and scope will address a general permit, and thus the `residual` need only express the forbid to information authored by the given practitioner.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to forbid data authored by the given practitioner would be expressed

```json
Expand Down
4 changes: 2 additions & 2 deletions input/pagecontent/Consent-ex-consent-intermediate-not-data-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

Provided an [ITI-71](other.html#updates-to-iti-71) results in a PERMIT access token issued. That token would have the following residual element to inform the **Consent Enforcement Point** that it needs to restrict the results.

Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case one resource should be forbidden. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
Given that the token will express the permit portion, the `residual` would need to express the refinement. In this case one resource should be forbidden. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.

The token would need to include an `ihe_pcf` extension to point at this consent, and that would include a `residual` to express the refinement. Shown as followed:

- The restriction to the given purpose (Treatment, Payment, and Operations) would be expressed in the `ihe_iua` extension
- The other `ihe_iua` extension parameters are not shown below.
- The other `ihe_iua` extension parameters are not shown below
- The restriction to the given one data resource would need to be expressed:

```json
Expand Down
Loading