Changes between Version 27 and Version 28 of Archtectural Overview Security


Ignore:
Timestamp:
Mar 6, 2008, 9:48:33 PM (16 years ago)
Author:
KOBAYASHI, Shinji
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Archtectural Overview Security

    v27 v28  
    181181[[Image(securitya.gif)]]
    182182
     183バージョン管理システムでのデータの署名は,一貫性の確認(ダイジェストがこの役割を持つ)や,認証基準(署名がこの役割を持つ)や,拒否しない基準としての役割を持っている。バージョン管理された永続層自体をハッキングから防衛するためには,署名は信頼できる公証サービスに転送することもできる。デジタル書名を基盤とした十分に安全なシステムは,証明された公開鍵を必要とし,どのような環境でも利用することができるものもあれば,利用することができないこともある。デジタル署名を行うことの利点の一つは,局所的なリポジトリが破綻することに対してより回避するような一貫性を持ったアイテムであるEHRの大部分や全体に比べ手,EHR(単一バージョン)の比較的小さな部分である。
     184
    183185The signing of data in a versioning system acts as an integrity check (the digest performs this function), an authentication measure (the signature performs this function), and also a non-repudiation measure. To guard against hacking of the versioned persistence layer itself, signatures can be forwarded to a trusted notarisation service. A fully secure system based on digital signing also requires certified public keys, which may or may not be available in any given environment.  One of the benefits of digitally signing relatively small pieces of the EHR (single Versions) rather than the whole EHR or large sections of it is that the integrity of items is more immune to localised repository corruptions.
    184186
    185 7.3.4 Anonymity  As described above in section 6.1, one of the features of the openEHR EHR is a separation of EHR (clinical and administrative) information and demographic information. This mainly relates to references to the patient rather than to provider entities, since the latter are usually publicly known. A special kind of object known as PARTY_SELF in openEHR is used to refer to the subject in the EHR. The only information contained in a PARTY_SELF instance is an optional external reference. The openEHR EHR can be configured to provide 3 levels of separation by controlling whether and where this external identifier is actually set in PARTY_SELF instances, as follows:
     187=== 7.3.4 匿名性 ===
     188
     1897.3.4 Anonymity
     190
     191セクション6.1で示したように,openEHRにおけるEHRの特徴の一つは,EHR(臨床や管理)情報とデモグラフィック情報を分離していることである.
     192
     193As described above in section 6.1, one of the features of the openEHR EHR is a separation of EHR (clinical and administrative) information and demographic information. This mainly relates to references to the patient rather than to provider entities, since the latter are usually publicly known. A special kind of object known as PARTY_SELF in openEHR is used to refer to the subject in the EHR. The only information contained in a PARTY_SELF instance is an optional external reference. The openEHR EHR can be configured to provide 3 levels of separation by controlling whether and where this external identifier is actually set in PARTY_SELF instances, as follows:
    186194
    187195 * Nowhere in the EHR (i.e. every PARTY_SELF instance is a blank placeholder). This is the most secure approach, and means that the link between the EHR and the patient has to be done outside the EHR, by associating EHR.ehr_id and the subject identifier. This approach is more likely for more open environments.