| Oracle® Healthcare Master Person Index Working With IHE Profiles User's Guide Release 4.0.2 E88834-01 |
|
 Previous |
 Next |
| Oracle® Healthcare Master Person Index Working With IHE Profiles User's Guide Release 4.0.2 E88834-01 |
|
Previous |
Next |
The Audit Record Repository (ARR), which includes an audit server and an audit repository, is part of the Internet Protocol Suite that deals with the transmission of data. Specifically related to Oracle Healthcare Master Person Index (OHMPI) and the IHE Profiles Application, ARR provides secure transmission and auditing for healthcare application systems. The major components of the ARR include:
Audit Trail and Node Authentication (ATNA) Integration Profile
which is built on top of the following:
Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications
The Syslog Protocol
Transmission of Syslog Messages over Transport Layer Security (TLS)
Transmission of Syslog Messages over User Datagram Protocol (UDP)
|
Note: The preceding links open documents that deal with the Internet Protocol Suite, specifically Internet Official Protocol Standards (STD1) as related to ARR. They provide critical technical information about secure transmission of data over the internet, including node authentication and an audit trail. Oracle recommends that you read them. |
This chapter includes the following sections which are applicable from OHMPI 4.0.1 release onwards:
In order for the IHE Profiles Application to send audit records to the Audit Record Repository Server, you must configure an OHMPI audit client. The OHMPI audit client's configuration file is named by ohmpi-audit-client.properties. For the WebLogic application server, this property file is placed under domains\<domain_name>\lib.
IHE profile application supports two formats of audit messages: DICOM and RFC-3881. The wire protocol which is used for the client to transmit audit messages to the ARR repository can either use UDP or TLS protocol. You must configure properties properly depending on protocol to be used.
Table 6-1 lists the properties in ohmpi-audit-client.properties.
|
Note:
|
Table 6-1 Properties in ohmpi-audit-client.properties
| Property Name | Description |
|---|---|
|
auditHost |
The host name of the ARR server. The default value for auditHost is localhost, and it must match with the host where the ARR server is running. |
|
auditPort |
The port number of the ARR server. The default value for auditPort is 514, and it must match with the listening port used by the ARR server. |
|
auditMessageFormat |
The message format to be used. Valid values are DICOM or RFC3881. |
|
Protocol |
The wire protocol which Audit client will use for communicating with the ARR server. Valid values are UDP or TLS. The default protocol used will be UDP. |
|
keyStoreFileName |
This property is required only for the TLS protocol. It provides the path for keystore location. |
|
keyStoreType |
This property is required only for the TLS protocol. It indicates the type of keystore. |
|
ssl_protocol_versions |
This property is required only for the TLS protocol. Audit client will use this particular version of TLS protocol. You can provide multiple values separated by comma. For example, ssl_protocol_versions= TLSv1,TLSv2 |
|
ssl_user |
This is alias stored in keystore, used for reading the keyStore contents. |
|
ssl_credential_wallet_path |
Path of wallet storing credentials for alias. This is relative to the WebLogic domains config folder. for information on how to create wallet file, see . |
When you create a new IHE project, the following command line utilities are generated in the <IHE project>/<mpi> folder:
generate-credentials-wallet.bat
generate-credentials-wallet.sh
|
Note: In case of the HPD project, these script files are created in the <HPD Project> folder. |
Generate the wallet contents using the generate-credentials-wallet.bat (for Microsoft Windows) or generate-credentials-wallet.sh (for UNIX) utility file.
Pass the following command line arguments:
[WalletFileName] [userName] [password]
WalletFileName: Name of the wallet folder to be created. Do not use ohmpiWallet.
userName: Alias for keystore.
password: Password for the keystore alias.
The new wallet folder is created in the same folder.
Copy the complete wallet folder to the <app-server-domain-config-directory>/config folder (or any sub directory of the config folder).
|
Note: Oracle recommends that you copy the wallet folder to <app_server_domain>/config/ohmpi so that all configurations are at the same location. |
For TLS protocol, you must import the ARR server's certificate, alias depending on the ARR server's configuration. This can be done using Java's keytool commands. For information on different keytool commands, see http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html.
