Manualshelf

Real Time Information Director User Documentation

ManualsBrandsHP ManualsServerHP NonStop G-Series
231232233234235236237238239240
RTID Security and Auditing
Hewlett-Packard Company 5 529618 - 002
The Director relies on its infrastructure--the NonStop Server or WLS--or on the client for
several of these functions. For example, the Director does not perform authentication: it
assumes that the user is who he says he is and that the connection between a client, such
as a portal, and the Director is secured as appropriate to the solution.
See the WLS documentation for information about security features of WLS.
The Director also relies on the source system or portal to provide the first level of
authorization of agents. For example, a portal could use a directory service to grant
rights to users to perform certain transactions, that is, to submit documents representing
those types of transactions. But the directory will not be able to manage the rights that
have been granted by the consumer. Rights granted by consumers are stored in the Real
Time Data Store and managed by the Director.
An example of this distinction is that a portal might allow all doctors to submit requests
for patients’ medical records, but the EHR system allows a patient to control who has
access to what data. For instance, a patient might give his personal physician access to
all his medical records but restrict other doctors’ access to certain laboratory test results.
Overview of Security Processing
Consumers may grant permission to agents through a variety of different models, called
Security Policies.
Policies can be applied in any combination to individual transactions. For example,
medical information pertaining to a patient might be accessible to the patient and the
patient’s personal physician but not to hospital administrative personnel, while the
patient’s billing records might be accessible to the patient and to hospital administrative
personnel but not to the patient’s personal physician.
When a document (whether a database update or a query) arrives in the system, the
Director
Determines which policy or policies apply, as specified in the metadata for the
document type
Applies the policy or policies
Decides whether to allow or refuse the transaction
Either performs the transaction or reports an error (to the client if the interface is
synchronous, or to a log if the interface is asynchronous).