Background
Foundational IHE Profiles address critical interoperability issues such as user authorization (e.g., IUA), security node and audit records (e.g., ATNA) and consistent time (e.g., CT).
Assumption
Vendors and jurisdictions in the ecosystem can optionally choose to play the standardized actors and transactions listed in the Foundational Profiles to support implementation of the CA:FeX and to address authentication, auditing and security needs. Additional information and requirements for these Foundational Profiles can be found below. Vendors or jurisdictions may decide not to implement optional IHE profiles listed below, however it is highly recommended that areas pertaining to authentication, auditing and security are addressed using solutions that currently exist in their respective enterprise architecture.
IHE Profiles Profiles included: IUA, ATNA, CT
Legend
The following diagram is the legend for the sequence diagrams to help readers orient themselves with the diagrams.
IUA*
The IUA* (Internet User Authorization) provides support for authorization to access resources when using HTTP RESTful transports, by managing authorization tokens.
The Authorization Client must have a valid token that must be presented to resource server with every request:
- Get Access Token [ITI-71] – performed when Client does not yet have a token or when token is expired
- Incorporate Access Token [ITI-72] – the client must include the token with every request
- Introspect Token [ITI-102] – the resource server must introspect token at every request
ATNA*
ATNA* (Audit Trail and Node Authentication) provides support for ensuring that that the communicating systems have a level of trust in each other through node authentication, that communications between the different system components are encrypted (via TLS), and that system activity is audited.
- ATNA* Authenticate Node [ITI-19]
Before establishing secure communication, mutual authentication is performed between two secure nodes. A secure pipe will be established through which secure transactions will take place.
Secure Node also authenticates the identity of the user who requests access to the node.
- ATNA* Record Audit Event [ITI-20]
The Secure Node/App sends auditable events to an Audit Record Repository. The triggers for sending audit logs can vary and may be specified in other IHE profiles, local law or regulation, or local policy.
CT
CT (Consistent Time) ensures that the system clocks and time stamps of the many computers in a network are well synchronized. Synchronization with a median error less than 1 second is sufficient for most purposes.
