AS ISO 17090.2-2003

Table of Contents

1 -  AS ISO 17090.2-2003 HEALTH INFORMATICS-PUBLIC KEY INFRASTRUCTURE - CERTIFICATE PROFILE
4 -  PREFACE
5 -  CONTENTS
6 -  INTRODUCTION
9 -  1 Scope
9 -  2 Normative references
9 -  3 Terms and definitions
10 -  4 Abbreviations
10 -  5 Healthcare CPs
10 -  5.1 Certificate types required for healthcare
10 -  5.2 CA certificates
10 -  5.2.1 Root CA certificates
10 -  5.2.2 Subordinate CA certificates
11 -  5.3 Cross/Bridge certificates
11 -  5.4 End entity certificates
11 -  5.4.1 Individual identity certificates
12 -  5.4.2 Organization identity certificate
12 -  5.4.3 Device identity certificate
12 -  5.4.4 Application certificate
12 -  5.4.5 AC
14 -  5.4.6 Role certificates
14 -  6 General certificate requirements
14 -  6.1 Certificate compliance
15 -  6.2 Common fields for each certificate type
16 -  6.3 Specifications for common fields
16 -  6.3.1 General
16 -  6.3.2 Signature
16 -  6.3.3 Validity
16 -  6.3.4 Subject public key information
17 -  6.3.5 Issuer name field
17 -  6.3.6 The subject name field
18 -  6.4 Requirements for each healthcare certificate type
18 -  6.4.1 Issuer fields
18 -  6.4.2 Subject fields
21 -  7 Use of certificate extensions
21 -  7.1 Introduction
21 -  7.2 General extensions
21 -  7.2.1 authorityKeyIdentifier
21 -  7.2.2 subjectKeyIdentifier
21 -  7.2.3 keyUsage
21 -  7.2.4 privateKeyUsagePeriod
21 -  7.2.5 certificatePolicies
21 -  7.2.6 subjectAltName
22 -  7.2.7 basicConstraints
22 -  7.2.8 CRLDistributionPoints
22 -  7.2.9 ExtKeyUsage
22 -  7.2.10 Authority information access
22 -  7.3 Special subject directory attributes
22 -  7.3.1 hcRole attribute
24 -  7.3.2 subjectDirectoryAttributes
24 -  7.4 Qualified certificate statements extension
24 -  7.5 Requirements for each health industry certificate type
24 -  7.5.1 Extension fields
26 -  Annex A - Certificate profile examples
26 -  A.1 Introduction
26 -  A.2 EXAMPLE 1: Consumer certificate profile
27 -  A.3 EXAMPLE 2: Non-regulated health professional certificate profile
28 -  A.4 EXAMPLE 3: Regulated health professional certificate profile
29 -  A.5 EXAMPLE 4: Sponsored healthcare provider certificate profile
29 -  A.6 EXAMPLE 5: Supporting organization employee certificate profile
30 -  A.7 EXAMPLE 6: Organization certificate profile
31 -  A.8 EXAMPLE 7: AC profile
31 -  A.9 EXAMPLE 8: CA certificate profile
32 -  A.10 EXAMPLE 9: Bridge certificate profile
33 -  Bibliography

Abstract

Specifies the certificate profiles required to interchange healthcare information within a single organization, between different organizations and across jurisdictional boundaries. It detials the use made of public key infrastyructure (PKI) digital certificates in the health industry and focuses, in particular, on specific healthcare issues relating to certificate profiles.

Scope

This part of ISO/TS 17090 specifies the certificate profiles required to interchange healthcare information within a single organization, between different organizations and across jurisdictional boundaries. It details the use made of public key infrastructure (PKI) digital certificates in the health industry and focuses, in particular, on specific healthcare issues relating to certificate profiles.

General Product Information

Published
Document Type	Standard
Status	Current
Publisher	Standards Australia
ProductNote	Pending Revision indicates that as a result of the Aged Standards review process, the document needs updating. If no project proposal, meeting the quality criteria, is received within the 12 month timeframe, the document shall be withdrawn.
Pages
ISBN
Committee	IT-014
Supersedes	DR 01183