Page History
...
Ved at autentificere sig med et SOSI idkort (DGWS) har en sundhedsprofessionel mulighed for at fremsøge en borgers dokumenter via Dokumentdelingsservicen. Kaldet rammer fremsøgningslogikken som blev vist i forgående kapitel, og følgende information ender i auditloggen:TODO
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"time":"2021-10-13T14:04:07.387Z",
"category":"dk.sds.nsp.audit.log.dds",
"audit":{
"timestamp":"2021-10-13T16:04:06.861+02:00",
"components":[
{
"component":"DDS",
"contexts":[
{
"context":"documentRegistryAdhocQuery",
"information":[
{
"key":"patient-cpr",
"type":"RPI",
"value":"0106501010"
},
{
"key":"bruger-cpr",
"type":"RPI",
"value":"0804769723"
},
{
"key":"on-behalf-of-cpr",
"type":"RPI",
"value":"0804769723"
},
{
"key":"document_entry.0.homecommunityid",
"type":"SPI",
"value":""
},
{
"key":"document_entry.0.repositoryid",
"type":"SPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.0.documentid",
"type":"SPI",
"value":"0106501010.842938295.10000002"
},
{
"key":"document_entry.0.typecode",
"type":"SPI",
"value":"39289-4"
},
{
"key":"document_entry.1.homecommunityid",
"type":"SPI",
"value":""
},
{
"key":"document_entry.1.repositoryid",
"type":"SPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.1.documentid",
"type":"SPI",
"value":"0106501010.842938295.10000003"
},
{
"key":"document_entry.1.typecode",
"type":"SPI",
"value":"39289-4"
},
{
"key":"document_entry.2.homecommunityid",
"type":"SPI",
"value":""
},
{
"key":"document_entry.2.repositoryid",
"type":"SPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.2.documentid",
"type":"SPI",
"value":"0106501010.678401000016005.10000001"
},
{
"key":"document_entry.2.typecode",
"type":"SPI",
"value":"39289-4"
},
{
"key":"document_entry.3.homecommunityid",
"type":"SPI",
"value":"1.2.208.176.8.1.12"
},
{
"key":"document_entry.3.repositoryid",
"type":"SPI",
"value":"1.2.208.176.43210.8.10.12"
},
{
"key":"document_entry.3.documentid",
"type":"SPI",
"value":"1.2.208.176.43210.8.10.12^27434a41-cf20-4fb4-bdd7-c4bd7fc98cf2"
},
{
"key":"document_entry.3.typecode",
"type":"SPI",
"value":"52460-3"
},
{
"key":"document_entry.4.homecommunityid",
"type":"SPI",
"value":"1.2.208.176.8.1.12"
},
{
"key":"document_entry.4.repositoryid",
"type":"SPI",
"value":"1.2.208.176.43210.8.10.12"
},
{
"key":"document_entry.4.documentid",
"type":"SPI",
"value":"1.2.208.176.43210.8.10.12^fe950ffa-30e6-4f1d-b364-bd30e3b7a66b"
},
{
"key":"document_entry.4.typecode",
"type":"SPI",
"value":"PDC"
}
]
}
]
}
]
},
"access":{
"code":200,
"duration":489,
"httpHeaders":{
"Content-Type":"application/soap+xml; charset=UTF-8"
},
"httpHost":"localhost",
"idCardAttributes":{
"medcom:CareProviderID":"33257872",
"medcom:CareProviderName":"Sundhedsdatastyrelsen",
"medcom:ITSystemName":"Test",
"medcom:UserAuthorizationCode":"CBTH1",
"medcom:UserOccupation":"Læge",
"medcom:UserRole":"7170",
"sosi:AuthenticationLevel":"4",
"sosi:IDCardID":"ndbdsjE8LrtpFqHmzKL0Xw==",
"sosi:IDCardType":"user",
"sosi:IDCardVersion":"1.0.1"
},
"method":"POST",
"path":"/ddsregistry",
"query":"",
"port":9090,
"protocol":"http",
"reqSize":9626,
"resSize":33100,
"soapHeaders":{
"Issuer":"TEST2-NSP-STS",
"MessageID":"AAABfHn3qv7YTBlq290B5FNPU0k=",
"NameID":"SubjectDN={CN=Casper Rasmussen + SERIALNUMBER=CVR:33257872-RID:40718906, O=Sundhedsdatastyrelsen // CVR:33257872, C=DK},IssuerDN={CN=TRUST2408 Systemtest XXXIV CA, O=TRUST2408, C=DK},CertSerial={1604229135}",
"w3Action":"urn:ihe:iti:2007:RegistryStoredQuery",
"w3MessageID":"urn:uuid:07b2fb66-19c4-4bc7-8630-e427cebff032",
"w3To":"http://localhost:9090/ddsregistry"
},
"threadId":"default task-58",
"time":"2021-10-13T16:04:06.861+02:00",
"stats":{
"handlerDuration":33,
"RequestContentDuration":3,
"ResponseContentDuration":0,
"SecurityProtocolRequestDuration":18,
"SecurityProtocolResponseDuration":0,
"bufferAllocated":false,
"usedBuffers":2,
"activeBuffersInPool":2,
"idleBuffersInPool":4
}
}
} |
Som det ses ovenfor, så er auditloggen delt ind i forskellige sektioner. Det er kun den sektion, der hedder audit, som den anvendende komponent kan påvirke. Hvis man sammenligner indholdet af denne sektion med kodeeksemplet i forgående afsnit, så vil man kunne genkende de enkelte linjer.
Det er værd at bemærke, at NSP Audit API selv sørger for at logge soap headers, indhold fra det medsendte idkort samt diverse kvantitative metrikker vedr kaldet. Det behøver man således ikke selv at logge som anvender af API'et.
Driftsdokumentation for NSP komponenter, der anvender NSP Audit API
...
| Komponent | Kontekst | Type | Nøgle | Information |
|---|---|---|---|---|
| STS | SecurityTokenRequest | Ikke personlig | cvr | CVR nummeret for den kaldende organisation |
| STS | SecurityTokenRequest | Følsomme | cpr | CPR nummeret på den person der skal have udsted et id kort. |
Hvert kald til NSP Audit APIs addAuditInformation metode bør reflekteres i tabellen.