Rob Horn – Agfa Healthcare

Slides:

Advertisements

Similar presentations

Purdue University is an Equal Opportunity/Equal Access institution. Getting To Compliance The goal is compliance, not punishment.

Advertisements

1 Exemption AdministrationTraining Related to Accepting Certificates Prepared by the Streamlined Sales Tax Governing Board Audit Committee Prepared January.

Data Exchange Standards in support of transaction processes 08 November 2004 Bonn, Germany Peggy Quarles Perrin Quarles Associates, Inc.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Developing an accessibility policy. In this talk we will discuss What is an accessibility policy Why do we need one? Getting started - steps to consult.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Sanzi-1 CSE5 810 CSE5810: Intro to Biomedical Informatics Dynamically Generated Adaptive Credentials for Health Information Exchange Eugene Sanzi.

The Theory and Practice of Results Based Grant Making Setting Targets & Measuring Results Jon Newkirk Western Center for Risk Management Education Washington.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Evolving Issues in Electronic Data Collection Workshop Interoperability Russ Savage Electronic Transactions Liaison Arizona Secretary of State Office.

Funded by the European Commission WHAT MAKES A GOOD PROPOSAL?

US CMS Elections Procedures Alexei Safonov (Texas A&M) Dick Loveless (Wisconsin)

INTERNAL CONTROLS What are they? Why should I care?

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

Research Ethics Office of Research Compliance. Responsible Conduct of Research (RCR) Covers 9 content areas –Animal Subjects (IACUC) –Human Subjects (IRB)

Charles University – Law Faculty October 2012 © Peter Kolker 2012 Class III

Meetings Dr. E. ElSherief

POST APPROVAL CHANGE MANAGEMENT PROTOCOLS IN THE EUROPEAN UNION

Trust Profiling for Adaptive Trust Negotiation

I-9 Instructions and FAQs

ID Tracker States: An Internet Draft’s Path Through the IESG

App-ID Ad-Hoc Technical Issues TP AppID R02

TITLE What should be in Objective, Method and Significant

PIDs and National PID Services

Problem 9-3, Page 473 Key Control, Control Test Evaluation

TLS Security Profiles Rob Horn WG-14: Security.

IT443 – Network Security Administration Instructor: Bo Sheng

Trust Anchor Management Problem Statement

The context of the question is a particular topic in education

Enterprise YANG Module Namespace

Sessions 1 & 3: Published Document Session Summary

Point-of-care Identity Management (PCIM)

Some Simple Definitions for Testing

By Dr. Abdulrahman H. Altalhi

Training Appendix for Adult Protective Services and Employment Supports June 2018.

Types of Academic Misconduct

Election Contracts, Joint Election Agreements & Leases For Equipment

Determine Applicability of Certificates by using standard CABF CP OIDs

Texas Secretary of State Elections Division

Texas Secretary of State Elections Division

Melanie Best Election Law Seminar December 2016

Election Contracts, Joint Election Agreements & Leases For Equipment

Stages of Succession October 6, 2005

Caroline Geppert Election Law Seminar December 2015

Professional Skepticism – Longer-Term Initiative

Staff Development EDAD 5399 By Dr. Harold Smith.

Information for Patients Please return to reception

Digital Certificates and X.509

APUR 101 Introduction to USCA Purchasing

Election Law Seminar December 2018

The control environment

Changes to SAE State Machine

A General Backtracking Algorithm

FAIRTRADE TRAINING GUIDE FOR SMALL FARMERS’ ORGANIZATIONS

Stephen Burke egi.eu EGI TF Prague September 20th 2012

District of Innovation

Statewide Accountability

Risk Assessment PMO Briefing 31st January 2018.

PLE Comment Resolution Update

District of Innovation

John C Klensin APNIC Beijing, 25 August 2009

2.4 Business Architecture For ESS Validation

Legal Entity Identifier Standard and Global LEI System Implementation

Exemption AdministrationTraining Related to Accepting Certificates

The devil is in the details

APUR 101 INTRODUCTION TO USC AIKEN PURCHASING.

Presentation transcript:

Rob Horn – Agfa Healthcare Unique IDs Rob Horn – Agfa Healthcare

Opaque Unique ID Fully Opaque These are a meaningless, structure-less, strings. Example: UUID There is no way to verify what the string means unless you already have a short list of candidate meanings based on context. In the context of an ITI SOAP transaction, you can check the short list of assigned IDs. Without context, you cannot tell whether a UUID identifies a partition on disk, a document, a signature, etc.

Structured Opaque Unique ID Structured but opaque These are semi-meaningless structured strings. Example: OID, URN The prefix will lead you to a person or organization that may then be able to assign a meaning OID: 2.25.xxxxxxxxxxx - nope, meaningless UUID OID: 1.2.840.113669 – Ask someone at Merge Technologies OID: 1.3.6.1.4.1.44525 – Ask Dr. LaNette Smith at Breast Surgery of Tulsa (assigned 1 October 2014) Enterprise OIDs are open to any organization, e.g., 1.3.6.1.4.1.44519 – US Railroad Retirement Board, rrb.gov URN: urn:isbn:xxxxxxxx – Ask the ISBN folks

Structured Unique ID Some of the URN’s are structured with fully defined or strongly defined structures. None of these are yet official. Example: urn:lex:fr:etat:loi:2004-05-15;106~art15;par3 The use of urn:lex: is still only proposed. There is no approved RFC yet for the creation of urn:lex: The administration of subordinate responsibilities within urn:lex: is not yet addressed, agreed or approved.

How to achieve Uniqueness Trust Magic “DICOM AE-titles shall be unique” Trust Algorithms UUID Trust Administrative Rules OID URN

Uniqueness Experience Magic doesn’t work. Merely asserting “shall be unique” does not work. People have good intentions, but good intentions are not enough. Algorithms can work. Strengths Algorithm code can be inspected, verified, and validated. Algorithm usage can be inspected, verified, and validated. Problems do happen, people do make mistakes, the level of failure has been acceptably low. Weakness All known algorithm approaches can only generate completely opaque IDs. This leads to problems in some situations.

Uniqueness Experience Administrative Uniqueness can work OID experience Minimal barrier to getting root authority. Currently takes hours to days As of 1 October 44,531 enterprise OIDs have been assigned. On 1 October, 8 more enterprise OIDs were assigned. Obtaining other OID roots takes longer Root authority is given great flexibility in chosing their own rules for assigning subordinate OIDs Rudimentary validation testing easy, only rarely are problems detected.

Administrative Uniqueness Administrative Uniqueness can work URN experience High barrier to getting root authority. Currently takes months to years Requires getting RFC approval Root authority is given modest flexibility (must comply with ITU rules, but these are not that bad for a reasonably mature organization) Rudimentary validation testing easy, and many problems are detected. A vast number of URNs are invalid, but people use them anyhow. IHE still has not performed the administrative steps needed to make urn:ihe a valid urn. (We’re not unique in this. Neither has DOI.) Draft minimal rfc and put it through the process Establish minimal compliance with ITU, e.g., have a staff data librarian function.

Considerations How much (if any) structure is needed for a particular use of a unique ID? What kind of administrative burden is acceptable?