Last updated
Was this helpful?
Last updated
Was this helpful?
You should have Docker and Docker Compose installed before go further. To get it installed follow the .
To get the Aidbox License:
Go the Aidbox user portal
Login to the portal
Create new self-hosted Aidbox License or use the license that you already have
To create sample project run command below.
Populate the .env
file with the Aidbox License.
Populate the .env
file with the security labels ENVs.
Populate the .env
file with the AIDBOX_FHIR_VERSION
ENV variable.
To start Aidbox run the command in the aidbox-project
directory.
Currently we use a common secret to make the introspector works. In production installations it's better to switch to jwks_uri
instead.
This access policy allows FhirRead
and FhirSearch
operations for requesters having JWT with iss
claim value https://auth.example.com
.
There are two users and two JWTs that we will use:
Provider has access to the Patient because there is overlap between the Patient labels and the Provider labels.
Patient is labeled with:
Provider is allowed:
http://terminology.hl7.org/CodeSystem/v3-ActCode|PSY
http://terminology.hl7.org/CodeSystem/v3-ActCode|CTCOMPT
Provider has access to the Encounter because there is overlap between the Encounter labels and the Provider labels.
Encounter is labeled with:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
Provider is allowed:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|R
expands to:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|R
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|N
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|U
http://terminology.hl7.org/CodeSystem/v3-ActCode|PSY
http://terminology.hl7.org/CodeSystem/v3-ActCode|CTCOMPT
Provider has access to the Observation because there is overlap between the Observation labels and the Provider labels.
Observation is labeled with:
http://terminology.hl7.org/CodeSystem/v3-ActCode|PSY
Provider is allowed:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|R
expands to:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|R
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|N
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|U
http://terminology.hl7.org/CodeSystem/v3-ActCode|PSY
http://terminology.hl7.org/CodeSystem/v3-ActCode|CTCOMPT
Finance has access to the Patient because there is overlap between the Patient labels and the Finance labels.
Patient is labeled with:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
Finance is allowed:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
expands to:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|U
http://terminology.hl7.org/CodeSystem/v3-ActCode|RESCOMPT
Finance has access to the Encounter because there is overlap between the Encounter labels and the Finance labels.
Encounter is labeled with:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
Finance is allowed:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
expands to:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|U
http://terminology.hl7.org/CodeSystem/v3-ActCode|RESCOMPT
Finance does not have access to the Observation because there is no overlap between the Observation labels and the Finance labels.
Observation is labeled with:
http://terminology.hl7.org/CodeSystem/v3-ActCode|PSY
Finance is only allowed:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
http://terminology.hl7.org/CodeSystem/v3-ActCode|RESCOMPT
Provider has access to all the fields within the Encounter resource.
Encounter.subject
is labeled:
http://terminology.hl7.org/CodeSystem/v3-ActCode|CTCOMPT
Provider is allowed:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|R
expands to:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|R
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|N
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|U
http://terminology.hl7.org/CodeSystem/v3-ActCode|PSY
http://terminology.hl7.org/CodeSystem/v3-ActCode|CTCOMPT
Finance has access to all the fields within the Encounter resource but to the subject.
Encounter.subject
is labeled:
http://terminology.hl7.org/CodeSystem/v3-ActCode|CTCOMPT
Finance is allowed:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
expands to:
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|M
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|L
http://terminology.hl7.org/CodeSystem/v3-Confidentiality|U
http://terminology.hl7.org/CodeSystem/v3-ActCode|RESCOMPT
See more details related the
When Aidbox starts, navigate to the and sign in to the Aidbox UI using the credentials admin
/ password
.
To make Aidbox trust JWT
issued by external server token introspection is used, run the following request in the .
To create the access policy, run the following request in the .
To create the Patient, run the following request in the .
To create the Encounter, run the following request in the .
To create the Observation, run the following request in the .
To view the content of a JWT, copy and paste it to
This guide explains how security label access control can be enabled