IHERO UseCase User Authentication

From IHE Wiki
Jump to navigation Jump to search


1. Proposed Workitem: User Authentication and Authorization

  • Proposal Editor: C.Field
  • Editor: C.Field
  • Date: N/A (Wiki keeps history)
  • Version: N/A (Wiki keeps history)
  • Domain: Radiation Oncology and IT

2. The Problem

User Authentication (e.g. username, password) is becoming increasingly difficult to manage both from a user perspective because of the requirement to have multiple usernames and passwords for a variety of systems and applications; and for administrators who must maintain these various systems and applications.
User Authorization would be granted depending upon the authenticated user, and the system or application access request.

3. Key Use Case

The problem: A radiation therapist comes in to work and turns on the treatment workstation computer, username1/password1 is required. Another general purpose computer is turned on: username2/password2 is required. A treatment application (e.g. scheduling, charting, …) is started up, username3/password3 is required. The first patient is treated and an interrupt occurs, username4/password4 is required to clear the interlock. The user switches to the general purpose computer to read email: usernname5/password5 is required. During the day, the therapist moves to another treatment unit to cover coffee breaks and must clear another interlock; username6/password6 is required.

The solution: The radiation therapist arrives at each workstation and either scans a fingerprint, iris, ID card, or provides a username/password and is identified by a centralized (or distributed?) user authentication/authorization system. This system either grants or denies the requested systems and applications access depending upon the authenticated user. Backup authentication/authorization systems are required in case the primary system failed, and/or to provide distributed support.

4. Standards & Systems

All systems and applications inside and outside the Radiation Oncology domain.
IHE-IT Enterprise User Authentication (EUA) profile already in place.

5. Discussion

All existing and new actors, transactions, profiles would authenticate/authorize with a common authentication/authorization system.

ID systems such as OpenID for web logins, and PGP and other similar products for encrypting and decrypting data, may provide additional ideas.

Retrieved from "http://wiki.ihe.net/index.php?title=IHERO_UseCase_User_Authentication&oldid=34454"