IHERO Detailed User Authentication

From IHE Wiki
Revision as of 17:08, 1 November 2009 by Cfield (talk | contribs)
Jump to navigation Jump to search


1. Proposed Profile: User Authentication and Authorization

  • Proposal Editor: C.Field
  • Profile Editor: C.Field
  • Domain: Radiation Oncology

Summary

<Many people find it easier to write this section last. Use simple declarative sentences. Avoid going into background. If it's more than a dozen lines, it's not a summary.>


<Summarize in one or two lines the existing problem . E.g. "It is difficult to monitor radiation dose for individual patients and almost impossible to assemble and compare such statistics for a site or a population.">

<Demonstrate in a line or two that the key integration features are available in existing standards. E.g. "DICOM has an SR format for radiation dose events and a protocol for exchanging them.">

<Summarize in a few lines how the problem could be solved. E.g. "A Radiation Dose profile could require compliant radiating devices to produce such reports and could define transactions to actors that collect, analyze and present such information.">

<Summarize in a line or two market interest & available resources. E.g. "Euratom and ACR have published guidelines requiring/encouraging dose tracking. Individuals from SFR are willing to participate in Profile development.">

<Summarize in a line or two why IHE would be a good venue to solve the problem. E.g. "The main challenges are dealing with the chicken-and-egg problem and avoiding inconsistent implementations.">

2. The Problem

User Authentication (e.g. username and password) is becoming increasingly difficult to manage both from a user perspective because of the requirement to have multiple usernames and passwords for a variety of systems and applications; and for administrators who must maintain these various systems and applications.
User Authorization is the assignment of privileges allowing the user to perform certain functions (e.g. calculate dose, override an interlock, generate a CT scan). The assigned privileges depend upon the authenticated user and the system or application being accessed. The granularity of these functions is very poorly defined and is not standardized across systems.


<Describe the integration problem: What doesn’t work, or what needs to work.>

<Now describe the Value Statement: what is the underlying cost incurred by the problem, what is to be gained by solving it. If possible provide quantifiable costs, or data to demonstrate the scale of the problem.>

3. Key Use Case

The problem: A radiation therapist comes in to work and turns on the treatment workstation computer, username1/password1 is required. Another general purpose computer is turned on: username2/password2 is required. A treatment application (e.g. scheduling, charting, …) is started up, username3/password3 is required. The first patient is treated and an interrupt occurs, username4/password4 is required to clear the interlock. The user switches to the general purpose computer to read email: usernname5/password5 is required. During the day, the therapist moves to another treatment unit to cover coffee breaks and must clear another interlock; username6/password6 is required.

The solution: The radiation therapist arrives at each workstation and either scans their fingerprint, face, iris, or ID card, or provides a username/password and is identified by a user authentication / authorization servers. This system either grants or denies the user the ability to perform specific tasks on requested systems and applications depending upon the authenticated user. Backup (or distributed) authentication / authorization servers are required in case the primary server fails.

4. Standards & Systems

The IHE-IT Enterprise User Authentication (EUA) profile already in place may provide some standards. All systems and applications inside and outside the Radiation Oncology domain could utilize the user authentication / authorization server.

All existing and new actors, transactions, profiles would authenticate / authorize with a common authentication / authorization server.


<List relevant standards, where possible giving current version numbers, level of support by system vendors, and references for obtaining detailed information.>

<List systems that could be involved/affected by the profile.>

5. Technical Approach

ID systems such as OpenID for web logins, and PGP and other similar products for encrypting and decrypting data, may provide additional ideas.

<This section can be very short but include as much detail as you like. The Technical Committee will flesh it out when doing the effort estimation.>

<Outline how the standards could be used/refined to solve the problems in the Use Cases. The Technical Committee will be responsible for the full design and may choose to take a different approach, but a sample design is a good indication of feasibility.>

<If a phased approach would make sense indicate some logical phases. This may be because standards are evolving, because the problem is too big to solve at once, or because there are unknowns that won’t be resolved soon.>


Existing actors

<Indicate what existing actors could be used or might be affected by the profile.>

New actors

<List possible new actors>


Existing transactions

<Indicate how existing transactions might be used or might need to be extended.>

New transactions (standards used)

<Describe possible new transactions (indicating what standards would likely be used for each. Transaction diagrams are very helpful here. Feel free to go into as much detail as seems useful.>


Impact on existing integration profiles

<Indicate how existing profiles might need to be modified.>

New integration profiles needed

<Indicate what new profile(s) might need to be created.>


Breakdown of tasks that need to be accomplished

<A list of tasks would be helpful for the technical committee who will have to estimate the effort required to design, review and implement the profile.>

6. Support & Resources

<List groups that have expressed support for the proposal and resources that would be available to accomplish the tasks listed above.>

7. Risks

<List technical or political risks that could impede successfully fielding the profile.>

8. Open Issues

<Point out any key issues or design problems. This will be helpful for estimating the amount of work and demonstrates thought has already gone into the candidate profile.>

<If there are no Open Issues at Evaluation Time, it is usually a sign that the proposal analysis and discussion has been incomplete.>

9. Tech Cmte Evaluation

<The technical committee will use this area to record details of the effort estimation, etc.>

Effort Evaluation (as a % of Tech Cmte Bandwidth):

  • 35% for ...

Responses to Issues:

See italics in Risk and Open Issue sections

Candidate Editor:

TBA
Retrieved from "http://wiki.ihe.net/index.php?title=IHERO_Detailed_User_Authentication&oldid=38066"