Note |
---|
DRAFT VERSION! |
Section | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||
|
1. Emergency workflow
...
accordint to epSOS specifications
In this piece of the full PS workflow we can understand the following:
...
2.1. Portal Implementation
loremipsumIn the current Gnomon Portal implementation you have to select both the "Purpose of Use" and the "Previous Consent confirmation" options in order to proceed.
With this situation you cannot chose "EMERGENCY" and then go straight to the document search result, as the epSOS specifications state.
You can see that in the following picture:
2.1.1. Portuguese modified compliant version
In the Portuguese portal modified version we adapted the workflow to be more aligned with the specs. It has the following behaviour:
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<p:selectOneRadio id="customRadio" value="#{confirmationBean.purposeOfUse}" layout="custom"> <f:selectItem itemLabel=" EMERGENTE (não é possível obter o consentimento)" itemValue="EMERGENCY" /> itemValue="EMERGENCY" /> <f:selectItem itemLabel=" NÃO URGENTE" itemValue="TREATMENT" /> itemValue="TREATMENT" /> <p:ajax update="confirmationPanel"/> <</p:selectOneRadio> |
That will trigger the "hide and show" of the question that asks for the previous consent, together with the following tag:
...
Code Block | ||||
---|---|---|---|---|
| ||||
... <saml2:Attribute FriendlyName="XSPA Purpose Of Use" Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xmlns:xsi="xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">EMERGENCY</saml2:AttributeValue> </saml2:Attribute> |
...
... |
According to specifications, this action is correct and no action is required.
2.3. Audit message
In the current implementation there is no Audit Message
...
when the Emergency workflow is triggered;
The non-functional requirement NFR06 - Audit Trail, present int the document D3.2.2 "Final definition of functional service requirements" states the following:
"Extraordinary and/or emergency accesses must be specially marked in order to facilitate the local management of those."
Therefore an extra audit message needs to be triggered in this particular situations. loremipsum The main issue is that there is not any audit message specified for this particular situation.
3. Actions to be taken in OpenNCP
Task | Related Issues | Comments | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Adjust Portal implementation to match epSOS specs |
| The workflow of the portal has been adjusted to allow the specific consent final question. (To be asked to the patient). | ||||||||||
Specify Emergency triggered Audit Message | Nothing to do | Already supported by the security header, present in the produced assertions. | ||||||||||
Add functionality to send the specified audit message | Nothing to do | Already supported by the produced assertions. |
4. References
Attachments upload false old false sortBy name labels specifications