pushing task1 to repo

author: manuel <manuel@nc8430.lan> 2009-10-31 16:11:26 +0100
committer: manuel <manuel@nc8430.lan> 2009-10-31 16:11:26 +0100
commit: 1d8445b8461f558987067d870f0f11cdc84b4f35 (patch)
tree: 146d7d02dddf1a403392ac4b86c19bca4a3c6f75 /task1/ehr.ice
download: selinux-1d8445b8461f558987067d870f0f11cdc84b4f35.tar.gz
selinux-1d8445b8461f558987067d870f0f11cdc84b4f35.tar.bz2
selinux-1d8445b8461f558987067d870f0f11cdc84b4f35.zip
1 files changed, 302 insertions, 0 deletions
diff --git a/task1/ehr.ice b/task1/ehr.ice
new file mode 100644
index 0000000..aba39ee
--- /dev/null
+++ b/task1/ehr.ice
@@ -0,0 +1,302 @@
+//! SE/Linux EHR IDL file
+//! Author: SE/Linux team <se-linux@inso.tuwien.ac.at>
+module Ehr {
+        sequence<byte> ByteSeq;
+        //! Base class for exceptions
+        exception EhrException {
+                string what; //! Detailed error message.
+        };
+        //! The request could not be validated.
+        exception InvalidRequestException extends EhrException { };
+        //! An account specified in the request is invalid.
+        exception InvalidAccountException extends InvalidRequestException { };
+        //! The signature of the request could not be verified.
+        exception SignatureException extends EhrException { };
+        //! The requestor is not allowed to perform the request.
+        exception PermissionDeniedException extends EhrException { };
+        //! Identifies an account in the SEPM/Linux EHR system
+        struct AccountIdentifier {
+                string user; //! User part of account
+                string provider; //! Provider part of account
+        };
+        enum DocumentType { 
+                DOCANY, 
+                DOCPRESCRIPTION, 
+                DOCCONSUMEDPRESCRIPTION
+        };
+        //! The signature of a request.
+        //!
+        //! To calculate the signature of a request object, the request object is
+        //! serialized (converted to a byte stream) using the streaming interface.
+        //! See chapter 36.2 (Streaming Interface) of the ICE manual for details.
+        //!
+        //! Then, the SHA1 hash of the byte stream is calculated and encrypted using
+        //! the private key of the account that issued the request.
+        //! See EVP_SignInit(3SSL) for details.
+        //!
+        //! This signature logic is implemented in Security::sign
+        struct Signature { 
+                ByteSeq data;
+        };
+        struct Timestamp { 
+                //! The time since the Epoch (00:00:00 UTC, January 1, 1970), 
+                //! measured in milliseconds.
+                long msecs;
+        };
+        
+        struct Date {
+                byte day;
+                byte month;
+                short year;
+        };
+        enum AccessType {
+                ALLOW, //! Allow access
+                DENY //! Deny access
+        };
+        //! An envelope encrypted serialized document.
+        //!
+        //! The document is a class or structure serialized (converted to a byte stream)
+        //! using the ICE streaming interface.
+        //! See chapter 36.2 (Streaming Interface) of the ICE manual for details.
+        //!
+        //! The byte stream is encrypted using envolope encryption: it is encrypted with
+        //! a symetric cipher (AES) using a random key. This key is then encrypted with
+        //! the public key (RSA) of the owner.
+        //!
+        //! See EVP_SealInit(3) for details on envelope encryption.
+        //!
+        //! This encryption logic is also implemented in Security::encryptPublic.
+        struct EncryptedDocument { 
+                //! AES key encrypted with the RSA public key of the owner.
+                ByteSeq encryptedKey;
+                //! The initial vector for AES (aes_256_cbc).
+                ByteSeq initialVector;
+                //! Document encrypted with AES (aes_256_cbc).
+                ByteSeq encryptedData;
+        };
+        //! Base class for documents in the EHR.
+        class Document {
+                //! The document type.
+                DocumentType type;
+        };
+        //! The prescription document created by the physician.
+        class Prescription extends Document {
+                string originatorName;
+                string originatorProfession;
+                string originatorAddress;
+                Date creationDate;
+                string consumerName;
+                Date consumerDateOfBirth;
+                string drugDescription;
+                string form;
+                int dosage;
+                string measuringUnit;
+                Date validFrom;
+                Date expires;
+        };
+        //! The prescription consumption created by the pharmacist.
+        //! It contains a copy of the original prescription.
+        class ConsumedPrescription extends Prescription {
+                string dispenserName;
+                string dispenserProfession;
+                string dispenserAddress;
+                Date dispensingDate;
+        };
+        //! Base class for a request to a provider node.
+        class Request {
+                //! The account that issued the request.
+                AccountIdentifier requestor;
+                //! Timestamp when the request was issued.
+                //! A reasonable provider node validates the timestamp, for example:
+                //! (timestamp_last_request_from_requestor < when) && (when < now() + 1_min)
+                //! The first condition guarantees that requests can't be reused.
+                Timestamp when;
+        };
+        //! Base class for requests where two parties are involved, for example
+        //! a patient and a pharmacist.
+        class ThirdPartyRequest extends Request {
+                //! The account that owns the EHR (patient).
+                AccountIdentifier owner;
+        };
+        //! Request to creaete a prescription.
+        //! Issued by a physician and aproved by the patient.
+        class CreatePrescriptionRequest extends ThirdPartyRequest {
+                //! A serialized Prescription encrypted with the public key of the patient.
+                EncryptedDocument prescription;
+        };
+        //! Issued by a pharmacist and aproved by the patient.
+        class ConsumePrescriptionRequest extends ThirdPartyRequest {
+                //! Id of the prescription to consume
+                long prescriptionId;
+                //! The serialized ConsumePrescription encrypted with the public key of the patient.
+                EncryptedDocument consumedPrescription;
+        };
+        //! Request to list all documents in an EHR.
+        //! Issued by anyone.
+        //! Aproved by the patient.
+        class ListDocumentsRequest extends ThirdPartyRequest { 
+        };
+        //! Request to find documents in an EHR.
+        //! Issued by anyone.
+        //! Aproved by the patient.
+        class FindDocumentsRequest extends ThirdPartyRequest {
+                bool hasFrom; //! If true, the from field is valid.
+                Timestamp from; //! Search documents older than from.
+                bool hasTill; //! If true, the till field is valid.
+                Timestamp till; //! Search documents younger than till.
+                //! Search only documents of the given type.
+                //! Set to DOCANY if the document type does not matter.
+                DocumentType type;
+                //! Search only document with the giben ID.
+                //! Set to 0 if the ID does not matter.
+                long documentId;
+        };
+        //! Request to create a pemission on a document.
+        //! Issued by patient only.
+        class CreatePermissionRequest extends Request {
+                //! The id of the document.
+                long documentId;
+                //! The account the permission belongs to.
+                AccountIdentifier account;
+                //! The access type (ALLOW, DENY).
+                AccessType access;
+        };
+        //! Request to set the default permission on a docment.
+        //! The default permission determines, whether access is granted to an
+        //! account, for which there is no explicit permission available.
+        //! Issued by patient only.
+        class SetDefaultAccessRequest extends Request {
+                //! The id of the document.
+                long documentId;
+                //! The access type (ALLOW, DENY).
+                AccessType access;
+        };
+        //! Request to request the list of permissions on a document.
+        //! Issued by patient only.
+        class ListPermissionsRequest extends Request {
+                //! The id of the document.
+                long documentId;
+        };
+        //! Request to remove a permission form a document.
+        //! Issued by patient only.
+        class RemovePermissionRequest extends Request {
+                //! The id of the document.
+                long documentId;
+                //! The id of the permission to remove.
+                long permissionId;
+        };
+        //! Combines an encrypted document with an id.
+        struct DocumentListItem {
+                long id;
+                Timestamp created;
+                EncryptedDocument document;
+        };
+        sequence<DocumentListItem> DocumentList;
+        //! Combines a permission with an id.
+        struct AccessControlListItem {
+                long id;
+                AccountIdentifier account;
+                AccessType access;
+        };
+        sequence<AccessControlListItem> AccessControlList;
+        //! The permissions for a document.
+        struct Permissions {
+                //! Default permission, if there is no explicit permission in the acl.
+                AccessType defaultAccess;
+                //! Per account permissions.
+                AccessControlList acl;
+        };
+        //! The interface of a provider node for client software.
+        //!
+        //! Every method has the following arguments:
+        //!
+        //! - A request object.
+        //! - The signature of the request object by the requesting party.
+        //! - If the requetor is different form the owner of the EHR (for example
+        //!   a pharmacist), the signature of the owner of the EHR.
+        interface Provider {
+                void createPrescription(
+                        CreatePrescriptionRequest request,
+                        Signature requestorSignature, 
+                        Signature ownerSignature
+                ) throws EhrException;
+                void consumePrescription(
+                        ConsumePrescriptionRequest request,
+                        Signature requestorSignature,
+                        Signature ownerSignature
+                ) throws EhrException;
+                DocumentList listDocuments(
+                        ListDocumentsRequest request,
+                        Signature requestorSignature,
+                        Signature ownerSignature
+                ) throws EhrException;
+                DocumentList findDocuments(
+                        FindDocumentsRequest request,
+                        Signature requestorSignature,
+                        Signature ownerSignature
+                ) throws EhrException;
+                void setDefaultAccess(
+                        SetDefaultAccessRequest request,
+                        Signature requestorSignature
+                ) throws EhrException;
+        
+                void createPermission(
+                        CreatePermissionRequest request,
+                        Signature requestorSignature
+                ) throws EhrException;
+                Permissions listPermissions(
+                        ListPermissionsRequest request,
+                        Signature requestorSignature
+                ) throws EhrException;
+                void removePermission(
+                        RemovePermissionRequest request,
+                        Signature requestorSignature
+                ) throws EhrException;
+        };
+};
author	manuel <manuel@nc8430.lan>	2009-10-31 16:11:26 +0100
committer	manuel <manuel@nc8430.lan>	2009-10-31 16:11:26 +0100
commit	1d8445b8461f558987067d870f0f11cdc84b4f35 (patch)
tree	146d7d02dddf1a403392ac4b86c19bca4a3c6f75 /task1/ehr.ice
download	selinux-1d8445b8461f558987067d870f0f11cdc84b4f35.tar.gz selinux-1d8445b8461f558987067d870f0f11cdc84b4f35.tar.bz2 selinux-1d8445b8461f558987067d870f0f11cdc84b4f35.zip

diff --git a/task1/ehr.ice b/task1/ehr.ice new file mode 100644 index 0000000..aba39ee --- /dev/null +++ b/task1/ehr.ice
@@ -0,0 +1,302 @@
	1	//! SE/Linux EHR IDL file
	2	//! Author: SE/Linux team <se-linux@inso.tuwien.ac.at>
	3	module Ehr {
	4
	5	sequence<byte> ByteSeq;
	6
	7	//! Base class for exceptions
	8	exception EhrException {
	9	string what; //! Detailed error message.
	10	};
	11
	12	//! The request could not be validated.
	13	exception InvalidRequestException extends EhrException { };
	14	//! An account specified in the request is invalid.
	15	exception InvalidAccountException extends InvalidRequestException { };
	16	//! The signature of the request could not be verified.
	17	exception SignatureException extends EhrException { };
	18	//! The requestor is not allowed to perform the request.
	19	exception PermissionDeniedException extends EhrException { };
	20
	21	//! Identifies an account in the SEPM/Linux EHR system
	22	struct AccountIdentifier {
	23	string user; //! User part of account
	24	string provider; //! Provider part of account
	25	};
	26
	27	enum DocumentType {
	28	DOCANY,
	29	DOCPRESCRIPTION,
	30	DOCCONSUMEDPRESCRIPTION
	31	};
	32
	33	//! The signature of a request.
	34	//!
	35	//! To calculate the signature of a request object, the request object is
	36	//! serialized (converted to a byte stream) using the streaming interface.
	37	//! See chapter 36.2 (Streaming Interface) of the ICE manual for details.
	38	//!
	39	//! Then, the SHA1 hash of the byte stream is calculated and encrypted using
	40	//! the private key of the account that issued the request.
	41	//! See EVP_SignInit(3SSL) for details.
	42	//!
	43	//! This signature logic is implemented in Security::sign
	44	struct Signature {
	45	ByteSeq data;
	46	};
	47
	48	struct Timestamp {
	49	//! The time since the Epoch (00:00:00 UTC, January 1, 1970),
	50	//! measured in milliseconds.
	51	long msecs;
	52	};
	53
	54	struct Date {
	55	byte day;
	56	byte month;
	57	short year;
	58	};
	59
	60	enum AccessType {
	61	ALLOW, //! Allow access
	62	DENY //! Deny access
	63	};
	64
	65	//! An envelope encrypted serialized document.
	66	//!
	67	//! The document is a class or structure serialized (converted to a byte stream)
	68	//! using the ICE streaming interface.
	69	//! See chapter 36.2 (Streaming Interface) of the ICE manual for details.
	70	//!
	71	//! The byte stream is encrypted using envolope encryption: it is encrypted with
	72	//! a symetric cipher (AES) using a random key. This key is then encrypted with
	73	//! the public key (RSA) of the owner.
	74	//!
	75	//! See EVP_SealInit(3) for details on envelope encryption.
	76	//!
	77	//! This encryption logic is also implemented in Security::encryptPublic.
	78	struct EncryptedDocument {
	79	//! AES key encrypted with the RSA public key of the owner.
	80	ByteSeq encryptedKey;
	81	//! The initial vector for AES (aes_256_cbc).
	82	ByteSeq initialVector;
	83	//! Document encrypted with AES (aes_256_cbc).
	84	ByteSeq encryptedData;
	85	};
	86
	87	//! Base class for documents in the EHR.
	88	class Document {
	89	//! The document type.
	90	DocumentType type;
	91	};
	92
	93	//! The prescription document created by the physician.
	94	class Prescription extends Document {
	95
	96	string originatorName;
	97	string originatorProfession;
	98	string originatorAddress;
	99
	100	Date creationDate;
	101
	102	string consumerName;
	103	Date consumerDateOfBirth;
	104
	105	string drugDescription;
	106	string form;
	107	int dosage;
	108	string measuringUnit;
	109
	110	Date validFrom;
	111	Date expires;
	112	};
	113
	114	//! The prescription consumption created by the pharmacist.
	115	//! It contains a copy of the original prescription.
	116	class ConsumedPrescription extends Prescription {
	117
	118	string dispenserName;
	119	string dispenserProfession;
	120	string dispenserAddress;
	121
	122	Date dispensingDate;
	123	};
	124
	125	//! Base class for a request to a provider node.
	126	class Request {
	127	//! The account that issued the request.
	128	AccountIdentifier requestor;
	129
	130	//! Timestamp when the request was issued.
	131	//! A reasonable provider node validates the timestamp, for example:
	132	//! (timestamp_last_request_from_requestor < when) && (when < now() + 1_min)
	133	//! The first condition guarantees that requests can't be reused.
	134	Timestamp when;
	135	};
	136
	137	//! Base class for requests where two parties are involved, for example
	138	//! a patient and a pharmacist.
	139	class ThirdPartyRequest extends Request {
	140	//! The account that owns the EHR (patient).
	141	AccountIdentifier owner;
	142	};
	143
	144	//! Request to creaete a prescription.
	145	//! Issued by a physician and aproved by the patient.
	146	class CreatePrescriptionRequest extends ThirdPartyRequest {
	147	//! A serialized Prescription encrypted with the public key of the patient.
	148	EncryptedDocument prescription;
	149	};
	150
	151	//! Issued by a pharmacist and aproved by the patient.
	152	class ConsumePrescriptionRequest extends ThirdPartyRequest {
	153	//! Id of the prescription to consume
	154	long prescriptionId;
	155	//! The serialized ConsumePrescription encrypted with the public key of the patient.
	156	EncryptedDocument consumedPrescription;
	157	};
	158
	159	//! Request to list all documents in an EHR.
	160	//! Issued by anyone.
	161	//! Aproved by the patient.
	162	class ListDocumentsRequest extends ThirdPartyRequest {
	163	};
	164
	165	//! Request to find documents in an EHR.
	166	//! Issued by anyone.
	167	//! Aproved by the patient.
	168	class FindDocumentsRequest extends ThirdPartyRequest {
	169	bool hasFrom; //! If true, the from field is valid.
	170	Timestamp from; //! Search documents older than from.
	171	bool hasTill; //! If true, the till field is valid.
	172	Timestamp till; //! Search documents younger than till.
	173
	174	//! Search only documents of the given type.
	175	//! Set to DOCANY if the document type does not matter.
	176	DocumentType type;
	177
	178	//! Search only document with the giben ID.
	179	//! Set to 0 if the ID does not matter.
	180	long documentId;
	181	};
	182
	183	//! Request to create a pemission on a document.
	184	//! Issued by patient only.
	185	class CreatePermissionRequest extends Request {
	186	//! The id of the document.
	187	long documentId;
	188	//! The account the permission belongs to.
	189	AccountIdentifier account;
	190	//! The access type (ALLOW, DENY).
	191	AccessType access;
	192	};
	193
	194	//! Request to set the default permission on a docment.
	195	//! The default permission determines, whether access is granted to an
	196	//! account, for which there is no explicit permission available.
	197	//! Issued by patient only.
	198	class SetDefaultAccessRequest extends Request {
	199	//! The id of the document.
	200	long documentId;
	201	//! The access type (ALLOW, DENY).
	202	AccessType access;
	203	};
	204
	205	//! Request to request the list of permissions on a document.
	206	//! Issued by patient only.
	207	class ListPermissionsRequest extends Request {
	208	//! The id of the document.
	209	long documentId;
	210	};
	211
	212	//! Request to remove a permission form a document.
	213	//! Issued by patient only.
	214	class RemovePermissionRequest extends Request {
	215	//! The id of the document.
	216	long documentId;
	217	//! The id of the permission to remove.
	218	long permissionId;
	219	};
	220
	221	//! Combines an encrypted document with an id.
	222	struct DocumentListItem {
	223	long id;
	224	Timestamp created;
	225	EncryptedDocument document;
	226	};
	227
	228	sequence<DocumentListItem> DocumentList;
	229
	230	//! Combines a permission with an id.
	231	struct AccessControlListItem {
	232	long id;
	233	AccountIdentifier account;
	234	AccessType access;
	235	};
	236
	237	sequence<AccessControlListItem> AccessControlList;
	238
	239	//! The permissions for a document.
	240	struct Permissions {
	241	//! Default permission, if there is no explicit permission in the acl.
	242	AccessType defaultAccess;
	243	//! Per account permissions.
	244	AccessControlList acl;
	245	};
	246
	247	//! The interface of a provider node for client software.
	248	//!
	249	//! Every method has the following arguments:
	250	//!
	251	//! - A request object.
	252	//! - The signature of the request object by the requesting party.
	253	//! - If the requetor is different form the owner of the EHR (for example
	254	//! a pharmacist), the signature of the owner of the EHR.
	255	interface Provider {
	256
	257	void createPrescription(
	258	CreatePrescriptionRequest request,
	259	Signature requestorSignature,
	260	Signature ownerSignature
	261	) throws EhrException;
	262
	263	void consumePrescription(
	264	ConsumePrescriptionRequest request,
	265	Signature requestorSignature,
	266	Signature ownerSignature
	267	) throws EhrException;
	268
	269	DocumentList listDocuments(
	270	ListDocumentsRequest request,
	271	Signature requestorSignature,
	272	Signature ownerSignature
	273	) throws EhrException;
	274
	275	DocumentList findDocuments(
	276	FindDocumentsRequest request,
	277	Signature requestorSignature,
	278	Signature ownerSignature
	279	) throws EhrException;
	280
	281	void setDefaultAccess(
	282	SetDefaultAccessRequest request,
	283	Signature requestorSignature
	284	) throws EhrException;
	285
	286	void createPermission(
	287	CreatePermissionRequest request,
	288	Signature requestorSignature
	289	) throws EhrException;
	290
	291	Permissions listPermissions(
	292	ListPermissionsRequest request,
	293	Signature requestorSignature
	294	) throws EhrException;
	295
	296	void removePermission(
	297	RemovePermissionRequest request,
	298	Signature requestorSignature
	299	) throws EhrException;
	300
	301	};
	302	};