- MoH - This actor represents the authority that controls access to the HIE. This is likely a Ministry of Health or a Department of Health.
- PoS - The Point of Service application that is connecting to the HIE.
- IL Core - The Interoperability layer core component that provides a single entry point for message destined for systems within the HIE, it provides security, audit and logging capabilities.
- IL RBAC - The interoperability layer role-based authentication control (RBAC) component.
- IL Orchestrator - This is a message specific orchestrator that is able to process and orchestrate a particular message based on the messages contents.
- Some registry - This represents one of the other registry components of the HIE.
title Common message security workflow participant MoH participant PoS participant IL Core participant IL RBAC participant IL Orchestrator participant Some registry opt System registration occurs only once MoH->MoH:  The PoS application is approved (via the appropriate\n policy) to be able to communicate with the HIE alt if the PoS application DOES NOT have a certificate MoH->IL Core:  The IL is used to register the application and\n a certificate and key are generated for them IL Core->MoH:  The certificate and key are downloaded from the IL MoH->PoS:  The certificate and key are supplied to the PoS admin PoS->PoS:  The certificate and key are installed into the PoS application else if the PoS application HAS an existing certificate MoH->IL Core:  The IL is used to register the application and\n upload their existing certificate end end PoS->IL Core:  A message is sent over a secure connection using TLS\n mutual authentication IL Core->IL Core:  The client certificate is validated to authenticate the\n PoS application (handled at the transport layer) IL Core->IL RBAC:  Checks if the PoS has the authority to send this message\n on to the required registry alt If deep inspection of the message is required to determine authority (not done at present) IL Core->IL Orchestrator:  Message forwarded IL Orchestrator->IL Orchestrator:  Inspects message contents IL Orchestrator->IL RBAC:  Checks if the application has the\n required authority IL RBAC->IL Orchestrator:  Returns true if the application has\n the correct authority alt If the application has the correct authority IL Orchestrator->Some registry:  Message forwarded Some registry->IL Orchestrator:  Response returned end IL Orchestrator->IL Core:  Response returned IL Core->PoS:  Response returned else If deep inspection of the message is NOT required to determine authority IL Core->Some registry:  Message forwarded Some registry->IL Core:  Response returned IL Core->PoS:  Response returned end