SCI Group
XIP
Use Case Specification:
XIP Query DICOM Image
Version 1.2
Imaging Security Requirements Gathering Version: 1.2
Use Case Specification: Date: 14 Oct 2010
Revision History
Date Version Description Author
10/01/2010 1.0 Initial draft. Ashley Jacobs, SCI
10/04/2010 1.1 Feedback incorporated after imaging Ashley Jacobs, SCI
security reqs. meeting.
10/14/2010 1.2 Feedback incorporated after general Ashley Jacobs, SCI
Imaging Meeting
Confidential , 2011 Page 2
Imaging Security Requirements Gathering Version: 1.2
Use Case Specification: Date: 14 Oct 2010
Table of Contents
1. XIP Query DICOM Image Error! Bookmark not defined.4
1.1 Brief Description 4
2. Flow of Events 5
2.1 Basic Flow 5
2.2 Alternative Flows 5
2.2.1 User is not authorized to query for images in collection 5
3. Special Requirements 5
3.1 Existence of an Authentication System 5
3.2 Existence of an Authorization Management System 5
3.3 Existence of an Audit Service 5
3.4 Existence of a caGrid Data Service 5
4. Pre-conditions 5
4.1 The user has already authenticated himself or herself with the Authentication System
successfully for the XIP Host 5
5. Post-conditions 5
5.1 User is viewing DICOM images 5
5.2 Image retrieval from caGrid is recorded by the audit service 5
6. Extension Points 5
Confidential , 2011 Page 3
Imaging Security Requirements Gathering Version: 1.2
Use Case Specification: Date: 14 Oct 2010
Use Case Specification:
XIP Query DICOM Image
1. XIP Query DICOM Image
1.1 Brief Description
The user of an XIP Application (XIP Application must be a DICOM hosted application) running on an XIP
Host wishes to query for available DICOM images pertaining to a particular image collection, where the
image collection may reside at the same site as the user (local) or at different sites (remote) or both. This is
an example of a federated query. The XIP Host communicates via IVI Middleware (caGrid Access library)
to a caGrid data service hosting DICOM image files.
2. Flow of Events
2.1 Basic Flow
The user enters in the XIP Application the name of the DICOM image collection that he or she wishes to
retrieve. The user also enters that all available sites are to be included in the query.
The XIP Application sends the query request to the XIP Host.
The XIP Hosts sends the request to query the user selected image collections to the caBIG IVI Middleware
Library, which sends the request to the caGrid data service, along with an authentication token to identify
the user. The caGrid data service checks with the caGrid authorization service GAARDS to verify that the
user is authorized to query for the particular information.
caGrid will check access privileges for each collection.
Image collection security access privileges vary by granularity and increasing privilege thus (these
privileges are configured at each site):
a. User is allowed to know a collection exists, but is not allowed to know what resides within that
collection.
b. User is allowed to know a collection exists, and what is within that collection, but is not allowed to
access the data within that collection, outside of some general metadata.
c. User is allowed to know a collection exists and retrieve data from within that collection.
Please note that it is also configurable at each site for each collection whether or not the user performing
the query is notified that he or she has been “filtered out” from access as described in “a” through “c”.
Depending on the configuration, the user will, if rejected from access by the policies in “a” through “c”,
either see an explicit notice (“Access Denied”) or will simply see no results returned with the reason for
denial left silent.
After access privileges are determined, images will be queried at the allowed collections.
The caGrid data service performs the query at the caGrid nodes that might host the DICOM images of
interest and retrieves the images. The audit service records the successful image retrieval by the user along
with user id, time, etc. These images are then sent to caBIG IVI Middleware Library and then to the XIP
Host, which is responsible for passing the images to the XIP Application for viewing by the user or
notifying the user that the request was denied.
Confidential , 2011 Page 4
Imaging Security Requirements Gathering Version: 1.2
Use Case Specification: Date: 14 Oct 2010
2.2 Alternative Flows
2.2.1 User is not authorized to query for images in collection
The caGrid authorization system determines that the user lacks the required privileges to query for a
particular collection and the collection access privileges are configured to notify the user that he is denied
access. The audit service shall record the failed attempt.
3. Special Requirements
3.1 Existence of an Authentication System
This use case depends upon an authentication system that allows the user to prove his or her identity to the
caGrid. Examples include: A userid/password pair token, a SAML certificate, or Kerberos token.
3.2 Existence of an Authorization Management System
This use case depends upon an authorization management system that can associate users to defined
privileges that are required to perform operations upon resources, namely, the operation of querying a
particular collection of DICOM images.
3.3 Existence of an Audit Service
This use case depends upon an audit service that can record user actions pertaining to querying DICOM
images across the caGrid. The audit service records such details as type of action performed, user id of
user performing the action, when the action took place, etc. The audit service records actions both at each
collection site and at the client site where the XIP Host resides. This allows greater detail in the audit log,
as each location can send to the audit service informational details that are uniquely known to that location
only, due to information hiding.
3.4 Existence of a caGrid Data Service
This data service hosts DICOM images (and AIM Data) at multiple sites.
4. Pre-conditions
4.1 The user has already authenticated himself or herself with the Authentication System
successfully for the XIP Host.
5. Post-conditions
5.1 User is viewing DICOM images
The images of the desired collections are made available to the XIP Application. (XIP Application must be
a DICOM hosted application.)
5.2 Image retrieval from caGrid is recorded by the audit service
The retrieval is recorded by the audit service with details such as the user id, time, collection, sites, etc.
6. Extension Points
None.
Confidential , 2011 Page 5