Skip to content

ATNA

Jump to bottom
Quentin Ligier edited this page Jan 18, 2022 · 3 revisions

Audit Trail and Node Authentication (ATNA)

This profile establishes security measures that, along with security policies and procedures, ensure patient data confidentiality, data integrity, and user accountability. In the Husky project, the ATNA profile is not been implemented directly. It uses the ATNA Auditing implementation of the IPF framework. For this reason, auditing only needs to be configured.

Configuration

An example for this configuration you can found in the integration tests of husky communication module. One class is called ConvenienceCommunicationAtnaAuditTest. The corresponding configuration file can be found here.

Swiss requirements

The Swiss requirements specify that, when a transaction is secured with XUA, the XUA subject and subject confirmation shall appear in the ATNA message.

Make sure to include org.openehealth.ipf.commons:ipf-commons-ihe-xua in your project, it configures a processor (org.openehealth.ipf.commons.ihe.xua.BasicXuaProcessor) that will do that automatically.

Tests

To easily test the audit messages generated by the application, a custom transmission implementation can be used:

/**
 * For testing only: an implementation that records the audit message strings in memory instead of sending them to some
 * destination. After some time, this will cause OutOfMemoryErrors.
 *
 * @author Christian Ohr
 * @since 3.5
 */
public class MemoryAuditMessageTransmission implements AuditTransmissionProtocol {
    private static final Logger log = LoggerFactory.getLogger(MemoryAuditMessageTransmission.class);

    private static final List<String> messages = new ArrayList<>();

    public MemoryAuditMessageTransmission(final TlsParameters tlsParameters) {
    }

    @Override
    public void send(final AuditContext auditContext,
                     final AuditMetadataProvider auditMetadataProvider,
                     final String auditMessage) {
        if (auditMessage != null) {
            log.info("Saving a new ATNA message");
            messages.add(auditMessage);
        }
    }

    @Override
    public void shutdown() {
    }

    @Override
    public String getTransportName() {
        return "RECORDER";
    }

    public List<String> getMessages() {
        return Collections.unmodifiableList(messages);
    }

    public void clear() {
        messages.clear();
    }
}

Specify it in the properties (see the documentation):

ipf:
  atna:
    audit-sender-class: ch.qligier.hug.pmp.transactions.camel.audit.MemoryAuditMessageTransmission
Clone this wiki locally