# Security & Access Control Journl Streamed prioritizes the security and privacy of healthcare data. This documentation outlines the key components and best practices to ensure secure data management within the platform. ### Authentication & authorization We supports multiple authentication methods to verify the identity of users and systems accessing the platform. These include: * **OAuth 2.0:** A widely adopted authorization framework that enables third-party applications to obtain limited access to user accounts without exposing credentials. OAuth 2.0 is used to securely manage access tokens and permissions. * **API Keys:** Simple tokens that can be used for server-to-server interactions where user delegation is not required. API keys should be treated as sensitive information and securely stored. * **Basic Authentication:** A straightforward method using a username and password for client authentication. It is typically used for legacy systems or simple integrations. With fine-grained access control we can ensure that users and applications can only access the resources they are permitted to. This is achieved through: * **Role-Based Access Control (RBAC):** Users are assigned roles that determine their permissions within the system. Each role has a set of allowed actions (e.g., read, write, delete) on specific resources. * **Attribute-Based Access Control (ABAC):** Access decisions are based on user attributes (e.g., department, job title) and resource attributes (e.g., sensitivity level). ABAC allows for more dynamic and context-aware access control policies. ### Security Measures If needed, sensitive data stored in Journl Streamed can be encrypted using industry-standard encryption algorithms. This protects data from unauthorized access even if the storage medium is compromised. Communications between clients and the server are encrypted using TLS (Transport Layer Security). This ensures that data transmitted over the network remains confidential and tamper-proof. Journl Streamed maintains detailed audit logs of all access and modification events. These logs include information about who accessed or modified data, what actions were performed, and when they occurred. Audit logs are crucial for monitoring, compliance, and forensic investigations. {% hint style="info" %} Would like to know more about our security and how to use our access control? [Contact the Journl team](mailto:info@journl.dk) with any questions you might have. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.journl.dk/v1/services/security-and-access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.