IHERO UseCase User Authentication: Difference between revisions
No edit summary |
|||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
==1. Proposed Workitem: ''User Authentication''== | ==1. Proposed Workitem: ''User Authentication and Authorization''== | ||
* Proposal Editor: ''C.Field'' | * Proposal Editor: ''C.Field'' | ||
| Line 10: | Line 10: | ||
==2. The Problem== | ==2. The Problem== | ||
'''User Authentication''' (e.g. username, password) is becoming increasingly difficult to manage both from a user perspective because of the requirement to have multiple usernames and passwords for a variety of systems and applications; and for administrators who must maintain these various systems and applications.<br> | |||
Authorization | '''User Authorization''' would be granted depending upon the authenticated user, and the system or application access request. | ||
==3. Key Use Case== | ==3. Key Use Case== | ||
''The problem:'' A radiation therapist comes in to work and turns on the treatment workstation computer, username1/password1 is required. Another general purpose computer is turned on: username2/password2 is required. A treatment application (e.g. scheduling, charting, …) is started up, username3/password3 is required. The first patient is treated and an interrupt occurs, username4/password4 is required to clear the interlock. The user switches to the general purpose computer to read email: usernname5/password5 is required. During the day, the therapist moves to another treatment unit to cover coffee breaks and must clear another interlock; username6/password6 is required. | ''The problem:'' A radiation therapist comes in to work and turns on the treatment workstation computer, username1/password1 is required. Another general purpose computer is turned on: username2/password2 is required. A treatment application (e.g. scheduling, charting, …) is started up, username3/password3 is required. The first patient is treated and an interrupt occurs, username4/password4 is required to clear the interlock. The user switches to the general purpose computer to read email: usernname5/password5 is required. During the day, the therapist moves to another treatment unit to cover coffee breaks and must clear another interlock; username6/password6 is required. | ||
''The solution:'' | ''The solution:'' The radiation therapist arrives at each workstation and either scans a finger print, iris, or ID card and is identified by a centralized user authentication system. This system also maintains authorization rights for the various systems and applications and either grants or denies the requested access. Backup authentication/authorization systems are required in case the primary system failed, and/or to provide distributed support. | ||
==4. Standards & Systems== | ==4. Standards & Systems== | ||
All systems and applications inside and | All systems and applications inside and outside the Radiation Oncology domain. | ||
IHE-IT profile already in place ? | |||
==5. Discussion== | ==5. Discussion== | ||
All existing and new actors, transactions, profiles would authenticate with a common authentication system. | All existing and new actors, transactions, profiles would authenticate/authorize with a common authentication/authorization system. | ||
Revision as of 17:01, 29 October 2007
1. Proposed Workitem: User Authentication and Authorization
- Proposal Editor: C.Field
- Editor: C.Field
- Date: N/A (Wiki keeps history)
- Version: N/A (Wiki keeps history)
- Domain: Radiation Oncology and IT
2. The Problem
User Authentication (e.g. username, password) is becoming increasingly difficult to manage both from a user perspective because of the requirement to have multiple usernames and passwords for a variety of systems and applications; and for administrators who must maintain these various systems and applications.
User Authorization would be granted depending upon the authenticated user, and the system or application access request.
3. Key Use Case
The problem: A radiation therapist comes in to work and turns on the treatment workstation computer, username1/password1 is required. Another general purpose computer is turned on: username2/password2 is required. A treatment application (e.g. scheduling, charting, …) is started up, username3/password3 is required. The first patient is treated and an interrupt occurs, username4/password4 is required to clear the interlock. The user switches to the general purpose computer to read email: usernname5/password5 is required. During the day, the therapist moves to another treatment unit to cover coffee breaks and must clear another interlock; username6/password6 is required.
The solution: The radiation therapist arrives at each workstation and either scans a finger print, iris, or ID card and is identified by a centralized user authentication system. This system also maintains authorization rights for the various systems and applications and either grants or denies the requested access. Backup authentication/authorization systems are required in case the primary system failed, and/or to provide distributed support.
4. Standards & Systems
All systems and applications inside and outside the Radiation Oncology domain. IHE-IT profile already in place ?
5. Discussion
All existing and new actors, transactions, profiles would authenticate/authorize with a common authentication/authorization system.