Versions Compared

Old Version 6

changes.mady.by.user Unknown User (tim.hallgren@capgeminisogeti.dk)

Saved on

compared with

New Version Current

changes.mady.by.user Eva Troels

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SOAP body contains IHE Retrieve Document Set RetrieveDocumentSetRequestType and RetrieveDocumentSetResponseType in request and response respectively. IHE Retrieve Document Set is described in [ITI TF-2b] section 3.43.


Borgere kan forespørge på egne eller anden borgers dokumenter ved at medsende OIO IDWS token. I dette tilfælde ser en request således ud:

Gliffy Diagram
nameIDWS message (repository)
pagePin1

Attributes in HSUID header applied for user who is a citizen

...

The security of this Web service is based on the SOSI integration pattern in Den Gode Webservice (DGWS). Authentication is carried out by a trusted third party component on NSP (Security Token Service) and based on OCES digital certificates.
As a rule, the service requires authentication with the STS component based on employee signature (MOCES) corresponding to authentication level 4 for use by health professional users.
Highly trusted systems - initially the Health journal only - can during a transitional period gain access with level 3 based on company signature (VOCES).
The service enforces authentication level 3 for use by either user types.
Additional security aspects, including authorization, integrity, confidentiality, availability and privacy considerations are enforced to some extent by the technical service. The aspects that are not currently handled by the technical service will be handled in the service agreement, as specified by the data responsible authority (NSI), which users of the service must agree to.

Som en alternativ snitflade udbydes en OIO IDWS baseret snitflade for borgerforespørgler. Det medsendte OIO IDWS token validers af servicen.

Authentication and authorization

...

When STS' signature of the ID card or OIO IDWS token is validated successfully, the user has been authenticated.
Authorization of user system is performed using a whitelist in the Web service based on information in the system-part of the ID card.

...

Web Service Input Validation

For DGWS It is validated that:

  • Properly formatted HSUID header is included in the SOAP header, including the attributes that respectively may and must be present for a given user type as described in section 4.1.1 and 4.1.2. Furthermore, it is validated that attribute values ​​belong to established sample spaces and are not null or just whitespaces
  • ID card in security header is valid and signed by STS and that the additional conditions described in section 4.2 are met
  • Times of headers are given in Zulu time, as required by DGWS 1.0.1
  • Given authorization numbers are valid and exist in an authorization register corresponding to the Board of Health authorization register


For OIO IDWS valideres det:

  • Det medsendte OIO IDWS Token er validt og udstedt af STS.


There will be performed:

  • No XML Schema validation
  • No validation that given Social Security numbers are valid
  • No validation that a given ID for health professional organization is valid in given classification system, nor that there is consistency between the ID when multiple ID and classification systems are provided
  • No validation that a health care professional is affiliated with a given organization
  • No validation that the user is acting under responsibility of given health professional

...

  1. SOAP version 1.1
  2. Soap Fault version 1.1
  3. WS-I Basic Profile 1.1
  4. DGWS 1.0.1, with the exception of requirements regarding retransmission and control of reuse of message-ID as described in section 4.5, in addition to exception of structure used on errors as described in section 4.7.1.
  5. IHE ITI-43, see [ITI TF-2b]
  6. OIO IDWS


For the sake of compliance with IHE standard, the following is not met:

...