Validator references

Revised Validator Reference Guide
FHIR Compartments & Custom Access Control Policies

---

Overview

This document provides a high-level reference for the validators used in our FHIR-based RBAC system. These validators combine official FHIR compartment definitions (e.g., Patient, Practitioner) with custom logic (e.g., Legitimate Interest, Organization Compartments) to enforce granular access controls. Each validator has a dedicated page in the ./validators/ directory for implementation details.

---

Key Design Principles

1. FHIR Compliance:
   • Built on FHIR R4 compartment definitions (Patient, Practitioner).
   • Supports FHIR references (subject, practitioner, encounter).
2. Extensibility:
   • Custom compartments (e.g., organization_compartment, legitimate_interest) address regulatory or organizational needs.
3. Zero-Trust:
   • Default deny-all (forbidden) with explicit allow rules.

---

Validator Types

1. Core FHIR Compartments

Validator	Scope	FHIR Compliant
patient_compartment	Patient-owned resources	Yes
practitioner_compartment	Practitioner-linked resources	Yes
relatedperson_compartment	RelatedPerson context	Yes
encounter_compartment	Encounter-ephemeral workflows	Yes

2. Policy-Driven Validators

Validator	Use Case
organization_compartment	Multi-tenant organization isolation
legitimate_interest	GDPR/regulatory compliance
general_practitioner	Patient-GP relationship enforcement

3. Special Cases

Validator	Behavior
allowed	Bypass all checks (use sparingly)
forbidden	Explicit deny rule (safety net)

---

Example Workflow

How validators interact in a request:

1. A Patient tries to create an Observation.
2. The patient_compartment validator:
   • Checks the Patient role.
   • Validates Observation.subject matches the patient’s ID.
3. If compliant, access is granted.

---

When to Use Which Validator

Scenario	Recommended Validator(s)
Patient accessing their lab results	patient_compartment
Practitioner updating a medication order	practitioner_compartment + organization_compartment
GDPR-compliant data sharing	legitimate_interest
IoT device submitting diagnostic data	device_compartment

---

Custom Compartment Implementation

For non-FHIR compartments (e.g., organization_compartment), we:

1. Tag resources with a custom extension:

   "extension": [{
     "url": "https://your-system.com/fhir/Extensions/organization-compartment",
     "valueReference": { "reference": "Organization/123" }
   }]
2. Use the organization_compartment validator to enforce access based on these tags.

---

Getting Started

1. Default Configuration:

   {
     "rbac": {
       "default_access": "forbidden",
       "validation_rules": [
         {
           "client_role": "Patient",
           "entity_name": "Observation",
           "operation": "read",
           "validator": "patient_compartment"
         }
       ]
     }
   }
2. Explore Detailed Guides:
   • Patient Compartment
   • Legitimate Interest

---

FHIR References

1. FHIR Compartments Guide
2. Patient Compartment Definition