Overview
The Audit Trail and Node Authentication (ATNA) Profile specifies the foundational elements needed by all forms of secure systems: node authentication, user authentication, event logging (audit), and telecommunications encryption. It is also used to indicate that other internal security properties such as access control, configuration control, and privilege restrictions are provided.
For details, see IHE Audit Trail and Node Authentication (ATNA) profile and RESTful ATNA Supplement.
Actors and Transactions
The following diagram provides an overview of the ATNA profile Actors, Transactions and their interactions.
The table below lists the transactions for each actor directly involved in the ATNA profile. To claim compliance with ATNA, an actor shall support all required transactions (labeled “R”) and may support the optional transactions (labeled “O”).
Actor | Transaction | Optionality |
Audit Record Repository | Record Audit Event [ITI-20] Retrieve ATNA Audit Event [ITI-81] Retrieve Syslog Event [ITI-82] | R O O |
Audit Consumer | Retrieve ATNA Audit Event [ITI-81] Retrieve Syslog Event [ITI-82] | O O |
Audit Record Forwarder | Record Audit Event [ITI-20] | R |
Secure Node | Authenticate Node [ITI-19] Record Audit Event [ITI-20] | R R |
Secure Application | Authenticate Node [ITI-19] Record Audit Event [ITI-20] | R R |
Transactions
- Authenticate Node [ITI-19] – In the Authenticate Node transaction, the local Secure Node presents its identity to a remote Secure Node and authenticates the identity of the remote node. After this mutual authentication, other secure transactions may take place through this secure pipe between the two nodes. Uses RFC5246 - Transport Layer Security (TLS) Protocol Version 1.2 and RFC3851 - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification protocols.
- Record Audit Event [ITI-20] – This transaction is used to report auditable events to an Audit Record Repository. Uses RFC5424 – Syslog over TLS 1.2 or UDP protocols.
- Retrieve ATNA Audit Event [ITI-81] – This transaction is used to search ATNA events recorded in an ATNA Audit Record Repository. The result is a FHIR bundle of AuditEvent Resources that match a set of search parameters.
- Retrieve Syslog Event [ITI-82] – This transaction is used to retrieve syslog messages from the Audit Record Repository subject to parameters that limit the retrieval.
Sequence Diagram
Canadian Implementation Guidance for ATNA - CA:Sec and CA:Aud
The ATNA profile addresses two main concerns: Security and Event Logging for the purpose of Auditing. Given the fact that Security and Auditing are tightly coupled, along with the multiple options offered for both aspects, ATNA is a complex profile with extensive documentation.
CA:Sec and CA:Aud implementation guidance were introduced to allow for a lightweight ATNA, bring improvements by decoupling the two main aspects of ATNA: Security and Audit, and focus on a few options for modern formats and technologies. This guidance is not replacing ATNA. An implementation that is already compliant with ATNA will be able to pass ATNA tests.
The following diagram presents how the Canadian implementation guidance has segmented the key components of ATNA.
The section below provides comparison tables between the full ATNA profile and the options selected for CA:Sec and CA:Aud.
The following notation definitions are used throughout this section:
Optionality notation is defined as:
R | Required |
O | Optional |
Transport Protocol notation is defined as:
STX prefix | Secure transport protocol |
ATX prefix | Audit transport protocol |
Actors/Transactions
ATNA
Actors | Transactions | Optionality |
Secure Node | Authenticate Node [ITI-19] | R |
Record Audit Event [ITI-20] | R | |
Secure Application | Authenticate Node [ITI-19] | R |
Record Audit Event [ITI-20] | R | |
Audit Record Repository | Record Audit Event [ITI-20] | R |
Retrieve ATNA Audit Event [ITI-81] | O | |
Retrieve Syslog Event [ITI-82] | O | |
Audit Consumer | Retrieve ATNA Audit Event [ITI-81] | O |
Retrieve Syslog Event [ITI-82] | O | |
Audit Record Forwarder | Record Audit Event [ITI-20] | R |
CA:Sec
Actors | Transactions | Optionality |
Secure Application | Authenticate Node [ITI-19] | R |
CA:Aud
Actors | Transactions | Optionality |
Audit Creator | Record Audit Event [ITI-20] | O (Note 1) |
Audit Record Repository | Record Audit Event [ITI-20] | O (Note 1) |
Retrieve ATNA Audit Event [ITI-81] | O (Note 2) | |
Audit Record Forwarder | Record Audit Event [ITI-20] | O (Note 1) |
Audit Consumer | Retrieve ATNA Audit Event [ITI-81] | R |
Note 1: The audit events must be recorded using the IHE Record Audit Event [ITI-20] with FHIR Feed option or other (IHE or non-IHE) methods.
Note 2: This transaction is required if the Audit Record Repository is central.
Notes
ATNA defines two actors with similar role: Secure Node and Secure Application, that fulfill roles in both Security and Audit aspects via mandatory transaction requirements. This causes Security and Audit to be tightly coupled, meaning that to exchange secure communication, auditing also must be implemented as defined by ATNA.
The audit messages must be recorded by means defined by ATNA.
- CA:Sec defines a single actor and a single transaction for secure communication.
CA:Aud defines actors that are responsible for auditing only. Secure communication is recommended to be achieved via actor grouping with the CA:Sec actor.
The audit messages can be recorded by any means, using either IHE transaction ITI-20 with FHIR option or any other (IHE or non-IHE) methods. The messages must be made available for retrieval in FHIR format via IHE transaction ITI-81.
Actor Options
ATNA
Actor | Options |
Audit Record Repository | Retrieve Audit Message |
Retrieve Syslog Message | |
ATX: FHIR Feed | |
ATX: TLS Syslog | |
ATX: UDP Syslog | |
Audit Consumer | Retrieve Audit Message |
Retrieve Syslog Message | |
Audit Record Forwarder | ATX: FHIR Feed |
ATX: TLS Syslog | |
ATX: UDP Syslog | |
Secure Node | Radiology Audit Trail |
FQDN Validation of Server Certificate | |
STX: No Secure Transport | |
STX: TLS 1.2 Floor using BCP195 | |
STX: S/MIME | |
STX: WS-Security | |
STX: HTTPS IUA | |
ATX: FHIR Feed | |
ATX: TLS Syslog | |
ATX: UDP Syslog | |
Secure Application | Radiology Audit Trail |
FQDN Validation of Server Certificate | |
STX: No Secure Transport | |
STX: TLS 1.2 Floor using BCP195 | |
STX: S/MIME | |
STX: WS-Security | |
STX: HTTPS IUA | |
ATX: FHIR Feed | |
ATX: TLS Syslog | |
ATX: UDP Syslog |
CA:Sec
Actor | Options | Optionality |
Secure Application | Mutual TLS | O (Note 1) |
Server-side TLS | O (Note 1) | |
FQDN Validation of Server Certificate | R |
Note 1: The Secure Application shall support one of the following options: Mutual TLS or Server-side TLS.
CA:Aud
Actor | Options | Optionality |
Audit Creator | FHIR Feed | O (Note 1) |
Audit Record Repository | FHIR Feed | O (Note 1) |
Retrieve Audit Message | O (Note 2) | |
Audit Record Forwarder | FHIR Feed | O (Note 1) |
Audit Consumer | Retrieve Audit Message | R |
Note 1: The audit events must be recorded using the IHE Record Audit Event [ITI-20] with FHIR Feed option or other (IHE or non-IHE) methods.
Note 2: This transaction is required if the Audit Record Repository is central.
Notes:
- ATNA offers many actor options
- CA:Sec and CA:Aud are focusing on a small subset of the ATNA options.
- CA:Sec options also improve security with recommendations for higher versions of TLS protocol and stronger cipher suites
Required Actor Groupings
ATNA
ATNA Actor | Actor(s) to be grouped with |
Audit Record Repository | Consistent Time / Time Client |
ATNA / Secure Node or Secure Application | |
Audit Consumer | ATNA / Secure Node or Secure Application |
Audit Record Forwarder | Consistent Time / Time Client |
ATNA / Secure Node or Secure Application | |
ATNA / Audit Record Repository | |
Secure Node | Consistent Time / Time Client |
Secure Application | Consistent Time / Time Client |
CA:Sec and CA:Aud
None
Notes:
- ATNA requires multiple mandatory actor groupings.
CA:Sec and CA:Aud do not require mandatory actor groupings.
Actor grouping is optional and is recommended to achieve additional functionality such as System Time Synchronization or Security and Auditing.