You are being redirected because this document is part of your ASTM Compass® subscription.
    This document is part of your ASTM Compass® subscription.

    If you are an ASTM Compass Subscriber and this document is part of your subscription, you can access it for free at ASTM Compass
    ASTM E2595-07(2013)

    Standard Guide for Privilege Management Infrastructure (Withdrawn 2017)

    Withdrawn Standard: ASTM E2595-07(2013) | Developed by Subcommittee: E31.25

      Format Pages Price  
    PDF 31 $89.00   ADD TO CART

    Withdrawn Rationale:

    Formerly under the jurisdiction of E31 on Healthcare Informatics, this guide was withdrawn in March 2017. This standard is being withdrawn without replacement due to its limited use by industry.

    1. Scope

    1.1 This guide defines interoperable mechanisms to manage privileges in a distributed environment. This guide is oriented towards support of a distributed or service-oriented architecture (SOA) in which security services are themselves distributed and applications are consumers of distributed services.

    1.2 This guide incorporates privilege management mechanisms alluded to in a number of existing standards (for example, Guide E1986 and Specification E2084). The privilege mechanisms in this guide support policy-based access control (including role-, entity-, and contextual-based access control) including the application of policy constraints, patient-requested restrictions, and delegation. Finally, this guide supports hierarchical, enterprise-wide privilege management.

    1.3 The mechanisms defined in this guide may be used to support a privilege management infrastructure (PMI) using existing public key infrastructure (PKI) technology.

    1.4 This guide does not specifically support mechanisms based on secret-key cryptography. Mechanisms involving privilege credentials are specified in ISO 9594-8:2000 (attribute certificates) and Organization for the Advancement of Structured Information Standards (OASIS) Security Assertion Markup Language (SAML) (attribute assertions); however, this guide does not mandate or assume the use of such standards.

    1.5 Many current systems require only local privilege management functionality (on a single computer system). Such systems frequently use proprietary mechanisms. This guide does not address this type of functionality; rather, it addresses an environment in which privileges and capabilities (authorizations) shall be managed between computer systems across the enterprise and with business partners.

    1.6 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use.

    2. Referenced Documents (purchase separately) The documents listed below are referenced within the subject standard but are not provided as part of the standard.

    ASTM Standards

    E1762 Guide for Electronic Authentication of Health Care Information

    E1985 Guide for User Authentication and Authorization

    E1986 Guide for Information Access Privileges to Health Information

    E2084 Specification for Authentication of Healthcare Information Using Digital Signatures

    E2212 Practice for Healthcare Certificate Policy

    ANSI Standards

    INCITS 359 Role-Based Access Control

    X9.45 Enhanced Management Controls Using Digital Signatures and Attribute Certificates

    HL7 Standard

    Health Level 7 Context Management CCOW (Clinical Context Object Workgroup) Standard, Version 1.5

    Referencing This Standard
    Link Here
    Link to Active (This link will always route to the current Active version of the standard.)

    DOI: 10.1520/E2595-07R13

    Citation Format

    ASTM E2595-07(2013), Standard Guide for Privilege Management Infrastructure (Withdrawn 2017), ASTM International, West Conshohocken, PA, 2013,

    Back to Top