Security & Access Control
Description of security and how to use access control.
Last updated
Description of security and how to use access control.
Last updated
Journl Streamed prioritizes the security and privacy of healthcare data. This documentation outlines the key components and best practices to ensure secure data management within the platform.
We supports multiple authentication methods to verify the identity of users and systems accessing the platform. These include:
OAuth 2.0: A widely adopted authorization framework that enables third-party applications to obtain limited access to user accounts without exposing credentials. OAuth 2.0 is used to securely manage access tokens and permissions.
API Keys: Simple tokens that can be used for server-to-server interactions where user delegation is not required. API keys should be treated as sensitive information and securely stored.
Basic Authentication: A straightforward method using a username and password for client authentication. It is typically used for legacy systems or simple integrations.
With fine-grained access control we can ensure that users and applications can only access the resources they are permitted to. This is achieved through:
Role-Based Access Control (RBAC): Users are assigned roles that determine their permissions within the system. Each role has a set of allowed actions (e.g., read, write, delete) on specific resources.
Attribute-Based Access Control (ABAC): Access decisions are based on user attributes (e.g., department, job title) and resource attributes (e.g., sensitivity level). ABAC allows for more dynamic and context-aware access control policies.
If needed, sensitive data stored in Journl Streamed can be encrypted using industry-standard encryption algorithms. This protects data from unauthorized access even if the storage medium is compromised.
Communications between clients and the server are encrypted using TLS (Transport Layer Security). This ensures that data transmitted over the network remains confidential and tamper-proof.
Journl Streamed maintains detailed audit logs of all access and modification events. These logs include information about who accessed or modified data, what actions were performed, and when they occurred. Audit logs are crucial for monitoring, compliance, and forensic investigations.