Audit Trail and Node Authentication (ATNA) - IHE.ppt.ppt

June 28-29, 2005 Interoperability Strategy Workshop IT Infrastructure Security Profiles 2004 Consistent Time (CT) Enterprise User Authentication (EUA) 2005 Audit Trail and Note Authentication (ATNA) 2006 Cross-Enterprise User Authentication (XUA) Document Digital Signature (DSG) Assets being Protected All security systems exist to protect some asset. IHE follows the legal, regulatory, and medical ethics selection of assets: Patient and staff safety Patient and staff health Patient and staff privacy Consistent Time (CT) Network Time Protocol ( NTP) version 3 (RFC 1305) Actor must support manual configuration: Manual IP address or hostname for time server preferably 3 or more servers should be supported Automatic discovery and broadcast will not be tested Required accuracy: 1 second Optional Secure NTP may be tested Required for use of ATNA, EUA, XUA. All time tags must be time synchronized. See for extensive technical details on the protocol, and your vendor documentation for installation and configuration. Compatibility with RadiologyBasic Security “But, what if I already have systems that support Basic Security?” ATNA + Radiology Option is backward compatible with Basic Security Integration Statements should change support claim from “Basic Security” to “Radiology Option for ATNA” For some actors there will be scenario requirements for the connectathon. This emulates having a hospital security office setting a security policy. It is not an official recommendation that these requirements are universally applicable. ATNAIHE Goal IHE makes cross-node security management easy: Only a simple manual certificate installation is needed, although more sophisticated systems (LDAP, PKI) can be used. Implementations should separate the authentication, authorization, and accountability functions to accommodate the needs of different locations. Enforcement is driven by ‘a posteriori audits’ and real-time visibility, not detailed access controls. ATNANetwork Enviro