Difference between revisions of "IHERO UseCase User Authentication"
| Line 21: | Line 21: | ||
All systems and applications inside and outside the Radiation Oncology domain. <br> | All systems and applications inside and outside the Radiation Oncology domain. <br> | ||
| − | IHE-IT [http://wiki.ihe.net/index.php?title=Enterprise_User_Authentication Enterprise User Authentication] (EUA) profile already in place. The [[http://openid.net/ OpenID | + | IHE-IT [http://wiki.ihe.net/index.php?title=Enterprise_User_Authentication Enterprise User Authentication] (EUA) profile already in place. The [[http://openid.net/ OpenID] concept for web logins may provide some additional ideas. |
==5. Discussion== | ==5. Discussion== | ||
Revision as of 16:30, 7 July 2009
1. Proposed Workitem: User Authentication and Authorization
- Proposal Editor: C.Field
- Editor: C.Field
- Date: N/A (Wiki keeps history)
- Version: N/A (Wiki keeps history)
- Domain: Radiation Oncology and IT
2. The Problem
User Authentication (e.g. username, password) is becoming increasingly difficult to manage both from a user perspective because of the requirement to have multiple usernames and passwords for a variety of systems and applications; and for administrators who must maintain these various systems and applications.
User Authorization would be granted depending upon the authenticated user, and the system or application access request.
3. Key Use Case
The problem: A radiation therapist comes in to work and turns on the treatment workstation computer, username1/password1 is required. Another general purpose computer is turned on: username2/password2 is required. A treatment application (e.g. scheduling, charting, …) is started up, username3/password3 is required. The first patient is treated and an interrupt occurs, username4/password4 is required to clear the interlock. The user switches to the general purpose computer to read email: usernname5/password5 is required. During the day, the therapist moves to another treatment unit to cover coffee breaks and must clear another interlock; username6/password6 is required.
The solution: The radiation therapist arrives at each workstation and either scans a fingerprint, iris, ID card, or provides a username/password and is identified by a centralized (or distributed?) user authentication/authorization system. This system either grants or denies the requested systems and applications access depending upon the authenticated user. Backup authentication/authorization systems are required in case the primary system failed, and/or to provide distributed support.
4. Standards & Systems
All systems and applications inside and outside the Radiation Oncology domain.
IHE-IT Enterprise User Authentication (EUA) profile already in place. The [OpenID concept for web logins may provide some additional ideas.
5. Discussion
All existing and new actors, transactions, profiles would authenticate/authorize with a common authentication/authorization system.
Should ID systems such as OpenID or PGP be incorporated?