From IHEWiki

Contents 1 THIS PAGE IS OUT OF DATE AND IS NOT VALID FOR THE 2009 TESTING SEASON 2 Audit log requirements for XDS at 2008 Connectathon 2.1 ITI-14 (Register) Document Repository 2.1.1 Example 2.2 ITI-14 (Register) Registry 2.3 ITI-15 (Provide and Register) Document Source 2.4 ITI-15 (Provide and Register) Repository 2.5 ITI-16 (SQL Query) Document Consumer 2.6 ITI-16 (SQL Query) Registry 2.7 ITI-17 (Retrieve) Repository 2.8 ITI-17 (Retrieve) Document Consumer 2.9 ITI-18 (Stored Query) Registry 2.10 ITI-18 (Stored Query) Document Consumer 2.10.1 Example 2.11 ITI-43 (Retrieve Document Set) Repository 2.12 ITI-17 (Retrieve Document Set) Document Consumer 2.13 Problems with XDS Syslog specifications

THIS PAGE IS OUT OF DATE AND IS NOT VALID FOR THE 2009 TESTING SEASON

Audit log requirements for XDS at 2008 Connectathon

Below is a section for each actor for each transaction in XDS. Each section documents the minimum audit fields that will be expected at the 2008 Connectathon. Some important notes:

• IP address, DNS name, and Endpoint can be used interchangeably

For detailed changes regarding ITI-41 see sections 3.41.4.1.4 Security Considerations (Doc Source) and 3.41.4.2.4 Security Considerations (Repository) of the XDS.b Supplement.

For detailed changes regarding ITI-42 see 3.42.4.1.5 Security Considerations (Repository) and 3.42.4.2.4 Security Considerations (Registry) of the XDS.b Supplement.

For detailed changes regarding ITI-43 see 3.43.4.1.4 Security Considerations (Consumer) and 3.43.4.2.4 Security Considerations (Repository)

ITI-14 (Register) Document Repository

EventIdentification

EventTypeCode = ITI-14

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID

ParticipantObjectTypeCodeRole = 20 (job)

ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

UserID = processID@IP OR just IP of Repository

RoleIDCode = 110153 (source)

ActiveParticipant

UserID = registry endpoint

RoleIDCode = 110152 (destination)

Example

<AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="healthcare-security-audit.xsd">
    <EventIdentification EventActionCode="R" EventDateTime="2007-12-31T20:04:43Z"
        EventOutcomeIndicator="0">
        <EventID code="110106" codeSystemName="DCM" displayName="Export"/>
        <EventTypeCode code="ITI-14" codeSystemName="IHE Transactions"
            displayName="Register Document Set"/>
    </EventIdentification>
    <ActiveParticipant NetworkAccessPointTypeCodeError="" UserID="192.168.253.23"
        UserIsRequestor="true">
        <RoleIDCode code="110153" codeSystemName="DCM" displayName="Source"/>
    </ActiveParticipant>
    <ActiveParticipant NetworkAccessPointTypeCodeError="" UserID="http://129.148.200.41:8080/xds"
        UserIsRequestor="false">
        <RoleIDCode code="110152" codeSystemName="DCM" displayName="Destination"/>
    </ActiveParticipant>
    <AuditSourceIdentification AuditSourceID="xds1"/>
    <ParticipantObjectIdentification ParticipantObjectID="129.6.58.91.13896"
        ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="3">
        <ParticipantObjectIDTypeCode code="9"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectID="129.6.58.91.13895"
        ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="3">
        <ParticipantObjectIDTypeCode code="9"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectID="1.23.1.2.3.34234556.231.1" ParticipantObjectTypeCode="2"
        ParticipantObjectTypeCodeRole="20">
        <ParticipantObjectIDTypeCode code="urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd"/>
    </ParticipantObjectIdentification>
</AuditMessage>

ITI-14 (Register) Registry

EventIdentification

EventTypeCode = ITI-14

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID

ParticipantObjectTypeCodeRole = 20 (job)

ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

RoleIDCode = 110153 (source)

NetworkAccessPointID = IP address of Repository

ActiveParticipant

UserID = registry endpoint

RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID

ParticipantObjectTypeCodeRole = 1 (patient)

ITI-15 (Provide and Register) Document Source

EventIdentification

EventTypeCode = ITI-15

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID

ParticipantObjectTypeCodeRole = 20 (job)

ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

UserID = processID@IP OR just IP of Document Source

RoleIDCode = 110153 (source)

ActiveParticipant

UserID = repository endpoint

RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID

ParticipantObjectTypeCodeRole = 1 (patient)

ITI-15 (Provide and Register) Repository

EventIdentification

EventTypeCode = ITI-15

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectID = XDSSubmissionSet.uniqueID

ParticipantObjectTypeCodeRole = 20 (job)

ParticipantObjectIDTypeCode = urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd

ActiveParticipant

RoleIDCode = 110153 (source)

NetworkAccessPointID = IP address of Document Source

ActiveParticipant

UserID = repository endpoint

RoleIDCode = 110152 (destination)

ITI-16 (SQL Query) Document Consumer

EventIdentification

EventTypeCode = ITI-16

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest

ParticipantObjectTypeCodeRole = 24 (query)

ActiveParticipant

UserID = processID@IP OR just IP of Document Consumer

RoleIDCode = 110153 (source)

ActiveParticipant

UserID = registry endpoint

RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID

ParticipantObjectTypeCodeRole = 1 (patient)

ITI-16 (SQL Query) Registry

EventIdentification

EventTypeCode = ITI-16

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest

ParticipantObjectTypeCodeRole = 24 (query)

ActiveParticipant

RoleIDCode = 110153 (source)

NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = registry endpoint

RoleIDCode = 110152 (destination)

ITI-17 (Retrieve) Repository

EventIdentification

EventTypeCode = ITI-17

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)

ParticipantObjectId = Document URI

ActiveParticipant

RoleIDCode = 110153 (source)

NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = IP address of repository

RoleIDCode = 110152 (destination)

ITI-17 (Retrieve) Document Consumer

EventIdentification

EventTypeCode = ITI-17

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)

ParticipantObjectId = Document uniqueId

ActiveParticipant

UserID = processID@IP OR just IP of Document Consumer

RoleIDCode = 110153 (source)

ActiveParticipant

UserID = IP address or WS Endpoint of repository

RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID

ParticipantObjectTypeCodeRole = 1 (patient)

ActiveParticipant

UserID = identity of human

UserIsRequestor = TRUE

ITI-18 (Stored Query) Registry

EventIdentification

EventTypeCode = ITI-18

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest

ParticipantObjectTypeCodeRole = 24 (query)

ParticipantObjectId = Stored Query UUID

ActiveParticipant

RoleIDCode = 110153 (source)

NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = registry endpoint

RoleIDCode = 110152 (destination)

This is required only if the patient ID is present as a parameter to the stored query

ParticipantObjectIdentification

ParticipantObjectID = patientID

ParticipantObjectTypeCodeRole = 1 (patient)

ITI-18 (Stored Query) Document Consumer

EventIdentification

EventTypeCode = ITI-18

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectQuery = base64 of AdhocQueryRequest

ParticipantObjectTypeCodeRole = 24 (query)

ParticipantObjectId = Stored Query UUID

ActiveParticipant

RoleIDCode = 110153 (source)

NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = registry endpoint

RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID

ParticipantObjectTypeCodeRole = 1 (patient)

ActiveParticipant

UserID = identity of human

UserIsRequestor = TRUE

Example

<AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="healthcare-security-audit.xsd">
    <EventIdentification EventActionCode="E" EventDateTime="2008-01-10T13:46:51.140-05:00"
        EventOutcomeIndicator="0">
        <EventID code="110112" codeSystemName="DCM" displayName="Query"/>
        <EventTypeCode code="ITI-18" codeSystemName="IHE Transactions"
            displayName="Registry Stored Query"/>
    </EventIdentification>
    <ActiveParticipant NetworkAccessPointTypeCodeError="" 
        UserID="XdsTester" UserIsRequestor="true" NetworkAccessPointID="192.168.254.16">
        <RoleIDCode code="110153" codeSystemName="DCM" displayName="Source"/>
    </ActiveParticipant>
    <ActiveParticipant NetworkAccessPointTypeCodeError=""
        UserID="http://129.6.24.109:9080/axis2/services/xdsregistryb" UserIsRequestor="false">
        <RoleIDCode code="110152" codeSystemName="DCM" displayName="Destination"/>
    </ActiveParticipant>
    <AuditSourceIdentification AuditSourceID="92.97.127.202"/>
    <ParticipantObjectIdentification
        ParticipantObjectID="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d"
        ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="24">
        <ParticipantObjectIDTypeCode code="ITI-18" codeSystemName="IHE Transactions"
            displayName="Registry Stored Query"/>
        <ParticipantObjectQuery>PHF1ZXJ5OkFkaG9jUXVlcnlSZXF1ZXN0CiAgICB4bWxuczpxdWVyeT0idXJuOm9hc2lzOm5hbWVz
            OnRjOmVieG1sLXJlZ3JlcDp4c2Q6cXVlcnk6My4wIiB4bWxuczpyaW09InVybjpvYXNpczpuYW1l
            czp0YzplYnhtbC1yZWdyZXA6eHNkOnJpbTozLjAiPgogICAgPHF1ZXJ5OlJlc3BvbnNlT3B0aW9u
            IHJldHVybkNvbXBvc2VkT2JqZWN0cz0idHJ1ZSIgcmV0dXJuVHlwZT0iTGVhZkNsYXNzIi8+CiAg
            ICA8cmltOkFkaG9jUXVlcnkgaWQ9InVybjp1dWlkOjE0ZDRkZWJmLThmOTctNDI1MS05YTc0LWE5
            MDAxNmIwYWYwZCI+CiAgICAgICAgPHJpbTpTbG90IG5hbWU9IiRYRFNEb2N1bWVudEVudHJ5U3Rh
            dHVzIj4KICAgICAgICAgICAgPHJpbTpWYWx1ZUxpc3Q+CiAgICAgICAgICAgICAgICA8cmltOlZh
            bHVlPigndXJuOm9hc2lzOm5hbWVzOnRjOmVieG1sLXJlZ3JlcDpTdGF0dXNUeXBlOkFwcHJvdmVk
            Jyk8L3JpbTpWYWx1ZT4KICAgICAgICAgICAgPC9yaW06VmFsdWVMaXN0PgogICAgICAgIDwvcmlt
            OlNsb3Q+CiAgICAgICAgPHJpbTpTbG90IG5hbWU9IiRYRFNEb2N1bWVudEVudHJ5UGF0aWVudElk
            Ij4KICAgICAgICAgICAgPHJpbTpWYWx1ZUxpc3Q+CiAgICAgICAgICAgICAgICA8cmltOlZhbHVl
            PicyNzBhNTlkN2E4YjE0NWJeXl4mYW1wOzEuMy42LjEuNC4xLjIxMzY3LjIwMDUuMy43JmFtcDtJ
            U08nPC9yaW06VmFsdWU+CiAgICAgICAgICAgIDwvcmltOlZhbHVlTGlzdD4KICAgICAgICA8L3Jp
            bTpTbG90PgogICAgPC9yaW06QWRob2NRdWVyeT4KPC9xdWVyeTpBZGhvY1F1ZXJ5UmVxdWVzdD4K
        </ParticipantObjectQuery>
    </ParticipantObjectIdentification>
</AuditMessage>

ITI-43 (Retrieve Document Set) Repository

EventIdentification

EventTypeCode = ITI-43

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)

ParticipantObjectId = Document uniqueId

ActiveParticipant

RoleIDCode = 110153 (source)

NetworkAccessPointID = IP address of Document Consumer

ActiveParticipant

UserID = IP address of repository

RoleIDCode = 110152 (destination)

ITI-17 (Retrieve Document Set) Document Consumer

EventIdentification

EventTypeCode = ITI-43

EventDateTime

EventOutcomeIndicator

ParticipantObjectIdentification

ParticipantObjectTypeCodeRole = 3 (report)

ParticipantObjectId = Document uniqueId

ActiveParticipant

UserID = processID@IP OR just IP of Document Consumer

RoleIDCode = 110153 (source)

ActiveParticipant

UserID = IP address of repository

RoleIDCode = 110152 (destination)

ParticipantObjectIdentification

ParticipantObjectID = patientID

ParticipantObjectTypeCodeRole = 1 (patient)

ActiveParticipant

UserID = identity of human

UserIsRequestor = TRUE

Problems with XDS Syslog specifications

In generating the above tables, I have found the following issues with the Syslog specifications within XDS. These comments will go into a CP at the end of the season. It is possible (and likely) that these have already been discussed.

1. AuditSourceIdentification/AuditSourceID indicates a process ID but an IP address would be more useful.
2. ITI-14 requires a Human Requestor/UserId but this transaction is unlikely to have a human behind it.
3. Human Requestor has no documented RoleID code so that it can be easily distinguished from other ActiveParticipants
4. ITI-16 - the registry is required to log the patient ID but this is not easy to extract from an SQL query.
5. We rely heavily on EventTypeCode but the Schema has minOccurs="0"
6. NetworkAccessPointID is labeled MC but need to be labled M in some cases where it is the only place to encode the IP of the station.

I have started a CP to formalize the discussion. It is available here.