3.53 Document Metadata Notify [ITI-53]
This section corresponds to transaction [ITI-53] of the IHE IT Infrastructure Technical Framework. Transaction [ITI-53] is used by the Document Metadata Notification Recipient and the Document Metadata Notification Broker Actors.
3.53.1 Scope
This transaction delivers a notification from the Document Metadata Notification Broker to the Document Metadata Notification Recipient about an event which matches an existing subscription.
3.53.2 Use Case Roles
Actor: Document Metadata Notification Broker
Role: Sends notifications to subscribed Document Metadata Notification Recipients based on received Publish transactions
Actor: Document Metadata Notification Recipient
Role: Receives and processes notifications about events matching a set of filter expressions.
3.53.3 Referenced Standards
- OASIS Web Services Notification Family of Standards
- WS-BaseNotification 1.3 OASIS Standard
- WS-BrokeredNotification 1.3 OASIS Standard
- WS-Topics 1.3 OASIS Standard
- ITI TF-2: 3.43.4.2.2
- ITI TF-2: Appendix V
3.53.4 Messages
Figure 3.53.4-1: Document Metadata Notify Sequence
3.53.4.1 Notify Message
3.53.4.1.1 Trigger
When an event occurs where the topics of the event match the filter requirements of one or more existing subscriptions, the Document Metadata Notification Broker will trigger a Notification message to the corresponding Document Metadata Notification Recipient. The description of matching subscriptions to events can be found in Section 3.52.5.2.
3.53.4.1.2 Message Semantics
The Notify message shall comply with the requirements in the WS-BaseNotification standard. Note that the value of the WS-Addressing Action element is prescribed in the standard, and differs from the requirements of ITI TF-2: Appendix V .
The Notify message convey in the wsnt:Notify/wsnt:NotificationMessage/wsnt:Message the event that matched with a subscription. Depending on the event which triggered the notification, there may be one or more Document Entry Objects, Folder Objects, or SubmissionSet Objects whose metadata matches the filter conditions of any particular subscription. This transaction defines the following structures for conveying a Notify message:
A Full Notification , which shall be sent if the subscription request included the topic ihe:FullDocumentEntry (see Section 3.52.5.1). In this case, the notification shall consist of parts of the payload of a Register Document Set-b Transaction as defined in Section 3.42.4.1. The <lcm:SubmitObjectsRequest> element is the only child of the wsnt:Notify/wsnt:NotificationMessage/wsnt:Message element in this message. The <rim:RegistryObjectList> element shall be the only child of the <lcm:SubmitObjectsRequest> element. Only <rim:ExtrinsicObject> elements representing Document Entries shall be sent within the <rim:RegistryObjectList> element.
A Minimal Notification , which shall be sent if the subscription request included the topic ihe:MinimalDocumentEntry. In this case, the notification shall consist of parts of the payload of a Register Document Set-b transaction as defined in Section 3.42.4.1. The <lcm:SubmitObjectsRequest> element is the only child of the wsnt:Notify/wsnt:NotificationMessage/wsnt:Message element in this message. The <rim:RegistryObjectList> element shall be the only child of the <lcm:SubmitObjectsRequest> element. Only <rim:ObjectRef> elements representing Document Entries shall be sent within the <rim:RegistryObjectList> element.
A submissionSet Notification , which shall be sent if the subscription request included the topic ihe:SubmissionSetMetadata. In this case the response consists of parts of the payload of a Register Document Set-b Transaction as defined in Section 3.42.4.1. The <lcm:SubmitObjectsRequest> element is the only child of the wsnt:Notify/wsnt:NotificationMessage/wsnt:Message element in this message. The <rim:RegistryObjectList> element shall be the only child of the <lcm:SubmitObjectsRequest> element. Only one <rim:RegistryPackage> element representing the submissionSet object shall be sent within the <rim:RegistryObjectList> element and shall be characterized by classification scheme: classificationScheme="urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd" (that represents an object of submissionSet type).
There shall be a single wsnt:Notify/wsnt:NotificationMessage/wsnt:Message element in this transaction. If multiple objects need to be represented in a single notification, the WS-BaseNotification standard allows this to be done.
3.53.4.1.3 Expected Actions
The Document Metadata Notification Recipient shall accept the Notify message. The Notify message shall be processed according to the configuration and business logic of the actor. Possibilities include conveying the notification information to other systems and/or users.
The Document Metadata Notification Broker may send the filter conditions of the subscription, and/or the address (either a logical identifier or a service address url) of the Notification Broker that produces the notification. Both of these alternatives increase certain security risks, their use should be determined by local policy for security and confidentiality.
3.53.4.1.4 Examples
3.53.4.1.4.1 Full Notification Example (ihe:FullDocumentEntry)
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"
xmlns:lcm="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0"
xmlns:rim="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"
xsi:schemaLocation="http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2005/08/addressing http://www.w3.org/2005/08/addressing/ws-addr.xsd http://docs.oasis-open.org/wsn/b-2 http://docs.oasis-open.org/wsn/b-2.xsd urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0 ../schema/ebRS/rim.xsd" urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0 ../schema/ebRS/lcm.xsd">
<s:Header>
<a:Action>http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/Notify</a:Action>
<a:MessageID>382dcdca-8e87-9fdf-8446-48fd83bca93b</a:MessageID>
<a:To>https://NotificationRecipientServer/xdsBnotification</a:To>
</s:Header>
<s:Body>
<wsnt:Notify>
<wsnt:NotificationMessage>
<wsnt:SubscriptionReference>
<a:Address>https://NotificationBrokerServer/Subscription/382dcdc7-8e84-9fdc-8443-48fd83bca938</a:Address>
</wsnt:SubscriptionReference>
<wsnt:Topic Dialect="http://docs.oasis-open.org/wsn/t-1/TopicExpression/Simple">ihe:FullDocumentEntry</wsnt:Topic>
<wsnt:ProducerReference>
<a:Address>https://ProducerReference</a:Address>
</wsnt:ProducerReference>
<wsnt:Message>
<lcm:SubmitObjectsRequest>
<rim:RegistryObjectList>
<rim:ExtrinsicObject id="Document01" mimeType="text/xml" objectType="urn:uuid:7edca82f-054d-47f2-a032-9b2a5b5186c1">
...
<rim:Classification classificationScheme="urn:uuid:2c6b8cb7-8b2a-4051-b291-b1ae6a575ef4" classifiedObject="Document01" nodeRepresentation="44950">
<rim:Name>
<rim:LocalizedString value="Appendectomy"/>
</rim:Name>
<rim:Slot name="codingScheme">
<rim:ValueList>
<rim:Value>CPT codes</rim:Value>
</rim:ValueList>
</rim:Slot>
</rim:Classification>
...
<rim:ExternalIdentifier id="ei01" registryObject="Document01" identificationScheme="urn:uuid:58a6f841-87b3-4a3e-92fd-a8ffeff98427" value="'st3498702^^^&1.3.6.1.4.1.21367.2005.3.7&ISO'">
<rim:Name>
<rim:LocalizedString value="XDSDocumentEntry.patientId"/>
</rim:Name>
</rim:ExternalIdentifier>
...
<rim:ExtrinsicObject>
</rim:RegistryObjectList>
</lcm:SubmitObjectsRequest>
</wsnt:Message>
</wsnt:NotificationMessage>
</wsnt:Notify>
</s:Body>
</s:Envelope>
3.53.4.1.4.2 Minimal Notification Example (ihe:MinimalDocumentEntry)
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"
xmlns:xds="urn:ihe:iti:xds-b:2007"
xmlns:rim="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"
xsi:schemaLocation="http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2005/08/addressing http://www.w3.org/2005/08/addressing/ws-addr.xsd http://docs.oasis-open.org/wsn/b-2 http://docs.oasis-open.org/wsn/b-2.xsd urn:ihe:iti:xds-b:2007 ../../schema/IHE/XDS.b_DocumentRepository.xsd urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0 ../../schema/ebRS/rim.xsd">
<s:Header>
<a:Action>http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/Notify</a:Action>
<a:MessageID>382dcdca-8e87-9fdf-8446-48fd83bca93b</a:MessageID>
<a:To>https://NotificationRecipientServer/xdsBnotification</a:To>
</s:Header>
<s:Body>
<wsnt:Notify>
<wsnt:NotificationMessage>
<wsnt:SubscriptionReference>
<a:Address>https://NotificationBrokerServer/Subscription/382dcdc7-8e84-9fdc-8443-48fd83bca938</a:Address>
</wsnt:SubscriptionReference>
<wsnt:Topic Dialect="http://docs.oasis-open.org/wsn/t-1/TopicExpression/Simple">ihe:MinimalDocumentEntry</wsnt:Topic>
<wsnt:ProducerReference>
<a:Address>https://ProducerReference</a:Address>
</wsnt:ProducerReference>
<wsnt:Message>
<lcm:SubmitObjectsRequest>
<rim:RegistryObjectList>
<rim:ObjectRef id="urn:uuid:93606bcf-9494-43ec-9b4e-a7748d1a838d" />
</rim:RegistryObjectList>
</lcm:SubmitObjectsRequest>
</wsnt:Message>
</wsnt:NotificationMessage>
</wsnt:Notify>
</s:Body>
</s:Envelope>
3.53.4.1.4.3 SubmissionSet Notification Example (ihe:SubmissionSetMetadata)
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"
xmlns:lcm="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0"
xmlns:rim="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"
xsi:schemaLocation="http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2005/08/addressing http://www.w3.org/2005/08/addressing/ws-addr.xsd http://docs.oasis-open.org/wsn/b-2 http://docs.oasis-open.org/wsn/b-2.xsd urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0 ../schema/ebRS/rim.xsd" urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0 ../schema/ebRS/lcm.xsd">
<s:Header>
<a:Action>http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/Notify</a:Action>
<a:MessageID>382dcdca-8e87-9fdf-8446-48fd83bca93b</a:MessageID>
<a:To>https://NotificationRecipientServer/xdsBnotification</a:To>
</s:Header>
<s:Body>
<wsnt:Notify>
<wsnt:NotificationMessage>
<wsnt:SubscriptionReference>
<a:Address>https://NotificationBrokerServer/Subscription/382dcdc7-8e84-9fdc-8443-48fd83bca938</a:Address>
</wsnt:SubscriptionReference>
<wsnt:Topic Dialect="http://docs.oasis-open.org/wsn/t-1/TopicExpression/Simple"
>ihe:SubmissionSetMetadata</wsnt:Topic>
<wsnt:ProducerReference>
<a:Address>https://ProducerReference</a:Address>
</wsnt:ProducerReference>
<wsnt:Message>
<lcm:SubmitObjectsRequest
xsi:schemaLocation="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0 ../../schema/ebRS/lcm.xsd"
xmlns:lcm="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:rim="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"
xmlns:rs="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0">
<rim:RegistryObjectList>
<rim:RegistryPackage id="SubmissionSet01">
<!-- here all the SubmissionSet metadata -->
</rim:RegistryPackage>
<rim:Classification id="cl10" classifiedObject="SubmissionSet01"
classificationNode="urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd"/>
</rim:RegistryObjectList>
</lcm:SubmitObjectsRequest>
</wsnt:Message>
</wsnt:NotificationMessage>
</wsnt:Notify>
</s:Body>
</s:Envelope>
3.53.5 Security Considerations
The risk assessment for the Document Metadata Notify transaction is described in Table 1:26.5-1: DSUB risk assessment (see Section 1:26.5 DSUB Security Considerations). . The derived mitigations are as follows:
Document Metadata Notification Broker and Document Metadata Notification Recipients shall be grouped with a Secure Node or Secure Application in the Audit Trail and Node Authentication (ATNA) Profile.
The use of encrypted TLS is recommended when the transmission is not otherwise secured (e.g., transmission over a secure network)
Additionally, it is recommended that the Document Metadata Notify transaction be associated with a SAML assertion outlining authorizations to the notification content so that the Document Metadata Notification Recipient will be able to enforce these authorizations (for example, see the Cross-Enterprise User Assertion (XUA) Profile ITI TF-1:13 ). This recommendation is highly dependent on an XDS Affinity Domain managing roles for its users correctly as most of the authorizations will be based on roles.
3.53.5.1 Audit Record Considerations
The Document Metadata Notify transaction is an Export event, as defined in ITI TF-2: Table 3.20.4.1.1.1-1. The actors involved in the transaction shall create audit data in conformance with DICOM Part 15 “Data Export”/”Data Import”, with the following exceptions.
3.53.5.1.1 Document Metadata Notification Recipient audit message:
Field Name | Opt | Value Constraints | |
Event
AuditMessage/
|
EventID | M | EV(110107, DCM, “Import”) |
EventActionCode | M | “C” (Create) | |
EventDateTime | M | not specialized | |
EventOutcomeIndicator | M | not specialized | |
EventTypeCode | M | EV(“ITI-53”, “IHE Transactions”, “Document Metadata Notify”) | |
Source (Document Metadata Notification Broker) (1) | |||
Destination (Document Metadata Notification Recipient) (1) | |||
Human Requestor (0..n) | |||
Audit Source (Document Metadata Notification Recipient) (1) | |||
Patient (0..1) | |||
DocumentEntry/SubmissionSet (1..n) |
Where:
Source
AuditMessage/
|
UserID | M | When WS-Addressing is used: <From/> |
AlternativeUserID | U | not specialized | |
UserName | U | not specialized | |
UserIsRequestor | U | not specialized | |
RoleIDCode | M | EV(110153, DCM, "Source Role ID") | |
NetworkAccessPointTypeCode | M | “1” for machine (DNS) name, “2” for IP address | |
NetworkAccessPointID | M | The machine name or IP address |
Destination
AuditMessage/
|
UserID | U | not specialized |
AlternativeUserID | M | the process ID as used within the local operating system in the local system logs. | |
UserName | U | not specialized | |
UserIsRequestor | U | not specialized | |
RoleIDCode | M | EV(110152, DCM, "Destination Role ID") | |
NetworkAccessPointTypeCode | M | “1” for machine (DNS) name, “2” for IP address | |
NetworkAccessPointID | M | The machine name or IP address |
Human Requestor (if known)
AuditMessage/
|
UserID | M | Identity of the human that initiated the transaction. |
AlternativeUserID | U | not specialized | |
UserName | U | not specialized | |
UserIsRequestor | U | not specialized | |
RoleIDCode | U | Access Control role(s) the user holds that allows this transaction. | |
NetworkAccessPointTypeCode | U | not specialized | |
NetworkAccessPointID | U | not specialized |
Audit Source
AuditMessage/
|
AuditSourceID | U | not specialized |
AuditEnterpriseSiteID | U | not specialized | |
AuditSourceTypeCode | U | not specialized |
Patient (if-known)
(AuditMessage/
|
ParticipantObjectTypeCode | M | “1” (Person) |
ParticipantObjectTypeCodeRole | M | “1” (Patient) | |
ParticipantObjectDataLifeCycle | U | not specialized | |
ParticipantObjectIDTypeCode | M | not specialized | |
ParticipantObjectSensitivity | U | not specialized | |
ParticipantObjectID | M | The patient ID in HL7 CX format. | |
ParticipantObjectName | U | not specialized | |
ParticipantObjectQuery | U | not specialized | |
ParticipantObjectDetail | U | not specialized |
DocumentEntry SubmissionSet
(AuditMessage/
|
ParticipantObjectTypeCode | M | “2” (system object) |
ParticipantObjectTypeCodeRole | M | “3” (report) | |
ParticipantObjectDataLifeCycle | U | not specialized | |
ParticipantObjectIDTypeCode | M |
The Document Metadata Notification Recipient shall include one of the following values, depending on the specific object in the message: EV("urn:uuid:7edca82f-054d-47f2-a032-9b2a5b5186c1”, “IHE XDS Metadata”, “document entry object type”) EV(“urn:uuid:34268e47-fdf5-41a6-ba33-82133c465248”, “IHE XDS Metadata”, “on-demand document entry object type”) EV(“urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd”, “IHE XDS Metadata”, ”submission set classification node”) If the specific object type cannot be determined the Document Metadata Notification Recipient shall use: EV(“urn:ihe:iti:2017:ObjectRef”, “IHE XDS Metadata”, “registry object reference”) |
|
ParticipantObjectSensitivity | U | not specialized | |
ParticipantObjectID | M | The value of the object's EntryUUID attribute. | |
ParticipantObjectName | U | not specialized | |
ParticipantObjectQuery | U | not specialized | |
ParticipantObjectDetail | C |
This element is required, if known: Type: “urn:ihe:iti:xca:2010:homeCommunityId” (literal string) Value: value of the homeCommunityId |
3.53.5.1.2 Document Metadata Notification Broker audit message:
Field Name | Opt | Value Constraints | |
Event
AuditMessage/
|
EventID | M | EV(110106, DCM, “Export”) |
EventActionCode | M | “R” (Read) | |
EventDateTime | M | not specialized | |
EventOutcomeIndicator | M | not specialized | |
EventTypeCode | M | EV(“ITI-53”, “IHE Transactions”, “Document Metadata Notify”) | |
Source (Document Metadata Notification Broker) (1) | |||
Destination (Document Metadata Notification Recipient) (1) | |||
Audit Source (Document Metadata Notification Broker) (1) | |||
DocumentEntry/SubmissionSet (1..n) |
Where:
Source
AuditMessage/
|
UserID | M | When WS-Addressing is used: <From/> |
AlternativeUserID | M | the process ID as used within the local operating system in the local system logs. | |
UserName | U | not specialized | |
UserIsRequestor | U | not specialized | |
RoleIDCode | M | EV(110153, DCM, "Source Role ID") | |
NetworkAccessPointTypeCode | M | “1” for machine (DNS) name, “2” for IP address | |
NetworkAccessPointID | M | The machine name or IP address |
Destination
AuditMessage/
|
UserID | U | not specialized |
AlternativeUserID | U | not specialized | |
UserName | U | not specialized | |
UserIsRequestor | U | not specialized | |
RoleIDCode | M | EV(110152, DCM, "Destination Role ID") | |
NetworkAccessPointTypeCode | M | “1” for machine (DNS) name, “2” for IP address | |
NetworkAccessPointID | M | The machine name or IP address |
Audit Source
AuditMessage/
|
AuditSourceID | U | not specialized |
AuditEnterpriseSiteID | U | not specialized | |
AuditSourceTypeCode | U | not specialized |
DocumentEntry SubmissionSet
(AuditMessage/
|
ParticipantObjectTypeCode | M | “2” (system object) |
ParticipantObjectTypeCodeRole | M | “3” (report) | |
ParticipantObjectDataLifeCycle | U | not specialized | |
ParticipantObjectIDTypeCode | M |
The Document Metadata Notification Broker shall include one of the following values, depending on the specific object in the message: EV("urn:uuid:7edca82f-054d-47f2-a032-9b2a5b5186c1”, “IHE XDS Metadata”, “document entry object type”) EV(“urn:uuid:34268e47-fdf5-41a6-ba33-82133c465248”, “IHE XDS Metadata”, “on-demand document entry object type”) EV(urn:uuid:a54d6aa5-d40d-43f9-88c5-b4633d873bdd”, “IHE XDS Metadata”, ”submission set classification node”) |
|
ParticipantObjectSensitivity | U | not specialized | |
ParticipantObjectID | M | The value of the object's EntryUUID attribute. | |
ParticipantObjectName | U | not specialized | |
ParticipantObjectQuery | U | not specialized | |
ParticipantObjectDetail | C |
This element is required, if known: Type: “urn:ihe:iti:xca:2010:homeCommunityId” (literal string) Value: value of the homeCommunityId |