XDS Syslog testing requirements

From IHEWiki

Jump to: navigation, search

Contents

THIS PAGE IS OUT OF DATE AND IS NOT VALID FOR THE 2009 OR BEYOND TESTING SEASON

Audit log requirements for XDS at 2008 Connectathon

Below is a section for each actor for each transaction in XDS. Each section documents the minimum audit fields that will be expected at the 2008 Connectathon. Some important notes:

  • IP address, DNS name, and Endpoint can be used interchangeably


For detailed changes regarding ITI-41 see sections 3.41.4.1.4 Security Considerations (Doc Source) and 3.41.4.2.4 Security Considerations (Repository) of the XDS.b Supplement.

For detailed changes regarding ITI-42 see 3.42.4.1.5 Security Considerations (Repository) and 3.42.4.2.4 Security Considerations (Registry) of the XDS.b Supplement.

For detailed changes regarding ITI-43 see 3.43.4.1.4 Security Considerations (Consumer) and 3.43.4.2.4 Security Considerations (Repository)

ITI-14 (Register) Document Repository

EventIdentification

EventTypeCode = ITI-14
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID
ParticipantObjectTypeCodeRole = 20 (job)
ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

UserID = processID@IP OR just IP of Repository
RoleIDCode = 110153 (source)

ActiveParticipant

UserID = registry endpoint
RoleIDCode = 110152 (destination)

Example

<AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="healthcare-security-audit.xsd">
    <EventIdentification EventActionCode="R" EventDateTime="2007-12-31T20:04:43Z"
        EventOutcomeIndicator="0">
        <EventID code="110106" codeSystemName="DCM" displayName="Export"/>
        <EventTypeCode code="ITI-14" codeSystemName="IHE Transactions"
            displayName="Register Document Set"/>
    </EventIdentification>
    <ActiveParticipant NetworkAccessPointTypeCodeError="" UserID="192.168.253.23"
        UserIsRequestor="true">
        <RoleIDCode code="110153" codeSystemName="DCM" displayName="Source"/>
    </ActiveParticipant>
    <ActiveParticipant NetworkAccessPointTypeCodeError="" UserID="http://129.148.200.41:8080/xds"
        UserIsRequestor="false">
        <RoleIDCode code="110152" codeSystemName="DCM" displayName="Destination"/>
    </ActiveParticipant>
    <AuditSourceIdentification AuditSourceID="xds1"/>
    <ParticipantObjectIdentification ParticipantObjectID="129.6.58.91.13896"
        ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="3">
        <ParticipantObjectIDTypeCode code="9"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectID="129.6.58.91.13895"
        ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="3">
        <ParticipantObjectIDTypeCode code="9"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectID="1.23.1.2.3.34234556.231.1" ParticipantObjectTypeCode="2"
        ParticipantObjectTypeCodeRole="20">
        <ParticipantObjectIDTypeCode code="urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd"/>
    </ParticipantObjectIdentification>
</AuditMessage>

ITI-14 (Register) Registry

EventIdentification

EventTypeCode = ITI-14
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID
ParticipantObjectTypeCodeRole = 20 (job)
ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

RoleIDCode = 110153 (source)
NetworkAccessPointID = IP address of Repository

ActiveParticipant

UserID = registry endpoint
RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID
ParticipantObjectTypeCodeRole = 1 (patient)

ITI-15 (Provide and Register) Document Source

EventIdentification

EventTypeCode = ITI-15
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID
ParticipantObjectTypeCodeRole = 20 (job)
ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

UserID = processID@IP OR just IP of Document Source
RoleIDCode = 110153 (source)

ActiveParticipant

UserID = repository endpoint
RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID
ParticipantObjectTypeCodeRole = 1 (patient)

ITI-15 (Provide and Register) Repository

EventIdentification

EventTypeCode = ITI-15
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID
ParticipantObjectTypeCodeRole = 20 (job)
ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

RoleIDCode = 110153 (source)
NetworkAccessPointID = IP address of Document Source

ActiveParticipant

UserID = repository endpoint
RoleIDCode = 110152 (destination)

ITI-16 (SQL Query) Document Consumer

EventIdentification

EventTypeCode = ITI-16
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest
ParticipantObjectTypeCodeRole = 24 (query)

ActiveParticipant

UserID = processID@IP OR just IP of Document Consumer
RoleIDCode = 110153 (source)

ActiveParticipant

UserID = registry endpoint
RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID
ParticipantObjectTypeCodeRole = 1 (patient)

ITI-16 (SQL Query) Registry

EventIdentification

EventTypeCode = ITI-16
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest
ParticipantObjectTypeCodeRole = 24 (query)

ActiveParticipant

RoleIDCode = 110153 (source)
NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = registry endpoint
RoleIDCode = 110152 (destination)


ITI-17 (Retrieve) Repository

EventIdentification

EventTypeCode = ITI-17
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)
ParticipantObjectId = Document URI

ActiveParticipant

RoleIDCode = 110153 (source)
NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = IP address of repository
RoleIDCode = 110152 (destination)

ITI-17 (Retrieve) Document Consumer

EventIdentification

EventTypeCode = ITI-17
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)
ParticipantObjectId = Document uniqueId

ActiveParticipant

UserID = processID@IP OR just IP of Document Consumer
RoleIDCode = 110153 (source)

ActiveParticipant

UserID = IP address or WS Endpoint of repository
RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID
ParticipantObjectTypeCodeRole = 1 (patient)

ActiveParticipant

UserID = identity of human
UserIsRequestor = TRUE

ITI-18 (Stored Query) Registry

EventIdentification

EventTypeCode = ITI-18
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest
ParticipantObjectTypeCodeRole = 24 (query)
ParticipantObjectId = Stored Query UUID

ActiveParticipant

RoleIDCode = 110153 (source)
NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = registry endpoint
RoleIDCode = 110152 (destination)

This is required only if the patient ID is present as a parameter to the stored query

ParticipantObjectIdentification

ParticipantObjectID = patientID
ParticipantObjectTypeCodeRole = 1 (patient)

ITI-18 (Stored Query) Document Consumer

EventIdentification

EventTypeCode = ITI-18
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest
ParticipantObjectTypeCodeRole = 24 (query)
ParticipantObjectId = Stored Query UUID

ActiveParticipant

RoleIDCode = 110153 (source)
NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = registry endpoint
RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID
ParticipantObjectTypeCodeRole = 1 (patient)

ActiveParticipant

UserID = identity of human
UserIsRequestor = TRUE

Example

<AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="healthcare-security-audit.xsd">
    <EventIdentification EventActionCode="E" EventDateTime="2008-01-10T13:46:51.140-05:00"
        EventOutcomeIndicator="0">
        <EventID code="110112" codeSystemName="DCM" displayName="Query"/>
        <EventTypeCode code="ITI-18" codeSystemName="IHE Transactions"
            displayName="Registry Stored Query"/>
    </EventIdentification>
    <ActiveParticipant NetworkAccessPointTypeCodeError="" 
        UserID="XdsTester" UserIsRequestor="true" NetworkAccessPointID="192.168.254.16">
        <RoleIDCode code="110153" codeSystemName="DCM" displayName="Source"/>
    </ActiveParticipant>
    <ActiveParticipant NetworkAccessPointTypeCodeError=""
        UserID="http://129.6.24.109:9080/axis2/services/xdsregistryb" UserIsRequestor="false">
        <RoleIDCode code="110152" codeSystemName="DCM" displayName="Destination"/>
    </ActiveParticipant>
    <AuditSourceIdentification AuditSourceID="92.97.127.202"/>
    <ParticipantObjectIdentification
        ParticipantObjectID="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d"
        ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="24">
        <ParticipantObjectIDTypeCode code="ITI-18" codeSystemName="IHE Transactions"
            displayName="Registry Stored Query"/>
        <ParticipantObjectQuery>PHF1ZXJ5OkFkaG9jUXVlcnlSZXF1ZXN0CiAgICB4bWxuczpxdWVyeT0idXJuOm9hc2lzOm5hbWVz
            OnRjOmVieG1sLXJlZ3JlcDp4c2Q6cXVlcnk6My4wIiB4bWxuczpyaW09InVybjpvYXNpczpuYW1l
            czp0YzplYnhtbC1yZWdyZXA6eHNkOnJpbTozLjAiPgogICAgPHF1ZXJ5OlJlc3BvbnNlT3B0aW9u
            IHJldHVybkNvbXBvc2VkT2JqZWN0cz0idHJ1ZSIgcmV0dXJuVHlwZT0iTGVhZkNsYXNzIi8+CiAg
            ICA8cmltOkFkaG9jUXVlcnkgaWQ9InVybjp1dWlkOjE0ZDRkZWJmLThmOTctNDI1MS05YTc0LWE5
            MDAxNmIwYWYwZCI+CiAgICAgICAgPHJpbTpTbG90IG5hbWU9IiRYRFNEb2N1bWVudEVudHJ5U3Rh
            dHVzIj4KICAgICAgICAgICAgPHJpbTpWYWx1ZUxpc3Q+CiAgICAgICAgICAgICAgICA8cmltOlZh
            bHVlPigndXJuOm9hc2lzOm5hbWVzOnRjOmVieG1sLXJlZ3JlcDpTdGF0dXNUeXBlOkFwcHJvdmVk
            Jyk8L3JpbTpWYWx1ZT4KICAgICAgICAgICAgPC9yaW06VmFsdWVMaXN0PgogICAgICAgIDwvcmlt
            OlNsb3Q+CiAgICAgICAgPHJpbTpTbG90IG5hbWU9IiRYRFNEb2N1bWVudEVudHJ5UGF0aWVudElk
            Ij4KICAgICAgICAgICAgPHJpbTpWYWx1ZUxpc3Q+CiAgICAgICAgICAgICAgICA8cmltOlZhbHVl
            PicyNzBhNTlkN2E4YjE0NWJeXl4mYW1wOzEuMy42LjEuNC4xLjIxMzY3LjIwMDUuMy43JmFtcDtJ
            U08nPC9yaW06VmFsdWU+CiAgICAgICAgICAgIDwvcmltOlZhbHVlTGlzdD4KICAgICAgICA8L3Jp
            bTpTbG90PgogICAgPC9yaW06QWRob2NRdWVyeT4KPC9xdWVyeTpBZGhvY1F1ZXJ5UmVxdWVzdD4K
        </ParticipantObjectQuery>
    </ParticipantObjectIdentification>
</AuditMessage>

ITI-43 (Retrieve Document Set) Repository

EventIdentification

EventTypeCode = ITI-43
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)
ParticipantObjectId = Document uniqueId

ActiveParticipant

RoleIDCode = 110153 (source)
NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = IP address of repository
RoleIDCode = 110152 (destination)

ITI-17 (Retrieve Document Set) Document Consumer

EventIdentification

EventTypeCode = ITI-43
EventDateTime
EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)
ParticipantObjectId = Document uniqueId

ActiveParticipant

UserID = processID@IP OR just IP of Document Consumer
RoleIDCode = 110153 (source)

ActiveParticipant

UserID = IP address of repository
RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID
ParticipantObjectTypeCodeRole = 1 (patient)

ActiveParticipant

UserID = identity of human
UserIsRequestor = TRUE

Problems with XDS Syslog specifications

In generating the above tables, I have found the following issues with the Syslog specifications within XDS. These comments will go into a CP at the end of the season. It is possible (and likely) that these have already been discussed.

  1. AuditSourceIdentification/AuditSourceID indicates a process ID but an IP address would be more useful.
  2. ITI-14 requires a Human Requestor/UserId but this transaction is unlikely to have a human behind it.
  3. Human Requestor has no documented RoleID code so that it can be easily distinguished from other ActiveParticipants
  4. ITI-16 - the registry is required to log the patient ID but this is not easy to extract from an SQL query.
  5. We rely heavily on EventTypeCode but the Schema has minOccurs="0"
  6. NetworkAccessPointID is labeled MC but need to be labled M in some cases where it is the only place to encode the IP of the station.

I have started a CP to formalize the discussion. It is available here.

Personal tools