-
Notifications
You must be signed in to change notification settings - Fork 2
/
ch-37.html
652 lines (644 loc) · 35.2 KB
/
ch-37.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
<!doctype html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en_US">
<head>
<meta xmlns="" charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title xmlns="">IHE ITI TF Vol1</title>
<link xmlns="" rel="stylesheet" href="../../../css/styles.css" />
<script type="text/javascript" src="https://www.googletagmanager.com/gtag/js?id=G-HLBNC861DJ" async> </script>
</head>
<body xmlns="">
<header>
<div class="title-bar" data-responsive-toggle="responsive-menu" data-hide-for="medium">
<button class="menu-icon" type="button" data-toggle="responsive-menu"></button>
<div class="title-bar-title">IHE ITI Technical Framework</div>
</div>
<div class="top-bar" id="responsive-menu">
<div class="top-bar-left">
<img src="../../../IHE_INTERNATIONAL.png" class="IHE logo hide-for-small-only" alt="IHE logo" />
<ul id="tf-small-menu" class="menu vertical show-for-small-only">
<li><a class="ihe-purple" href="https://ihe.net" target="_blank">About IHE</a></li>
<li class="menu-text">Sections
<ul id="tf-small-menu-list" class="nested vertical menu">
</ul>
</li>
</ul>
</div>
<div class="top-bar-right hide-for-small-only">
<ul class="menu">
<li class="menu-text tf-version">IHE IT Infrastructure (ITI) Technical Framework, Volume <span id="volumeNo"></span><br />Revision 20.0, August 4, 2023 – Final Text</li>
</ul>
<ul class="menu align-right">
<li><input id="ihe-search-field" type="search" placeholder="Search"></li>
<li><button id="ihe-search-button" type="button" class="button search">Search</button></li>
</ul>
</div>
</div>
</header>
<div class="navigation">
<nav aria-label="You are here:" role="navigation">
<ul class="breadcrumbs">
</ul>
</nav>
</div>
<div class="scroll-top-wrapper">
<span class="scroll-top-inner">
<i class="size-icon-lg fi-arrow-up"></i>
</span>
</div>
<div class="grid-container fluid">
<div class="grid-x grid-margin-x align-center">
<div class="cell medium-11">
<div class="callout warning">
The Final Text ITI Technical Framework is published here in HTML format and is no longer published as PDF. Trial Implementation supplements are available from the <a href=https://profiles.ihe.net/ITI/TF/Volume1/index.html>Volume 1 Table of Contents</a>.
</div>
</div>
</div>
<main>
<div class="grid-x grid-margin-x align-center">
<div class="hide-for-small-only cell medium-2 large-2" data-sticky-container>
<div id="section-menu" class="sticky" data-sticky data-anchor="main-top">
</div>
</div>
<div id="main-top" class="cell medium-10 large-10">
<h1 id="37">37 Document Digital Signature (DSG)</h1>
<p>
The Document Digital Signature (DSG) Profile defines general purpose methods
of digitally signing of documents for communication and persistence. Among other uses, these
methods can be used within an IHE <ins><a href="https://profiles.ihe.net/ITI/HIE-Whitepaper/index.html">Document Sharing</a></ins> <del>Document Sharing</del>
infrastructure <del>(e.g., XDS, XCA, XDM, XDR, and MHD)</del>. There are three methods of digital
signature defined here: Enveloping, Detached (manifest), and SubmissionSet.
</p>
<ul>
<li class="bullet-list1">An Enveloping Signature is a Digital Signature Document that contains
both the signature <del>block</del> and the content that is signed. Access to the contained content is
through removing the Enveloping - Digital Signature.
Among other uses, this method should not be used with Document Sharing infrastructure.</li>
<li class="bullet-list1">A Detached Signature is a Digital Signature Document that contains a
manifest that points at independently managed content. Detached signatures leave the signed
document or documents in the original form. Among other
uses, this method is recommended for use with a Document Sharing infrastructure to support
Digital Signatures, as this method does not modify the original Document Content. This method
uses the Document Sharing "SIGNS" relationship provides
linkage.</li>
<li class="bullet-list1">A SubmissionSet Signature is a Detached Signature Document that attests
to the content in a <del>SubmissionSet</del> <ins><a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-4.2.html#4.2.1.2">SubmissionSet</a></ins> by: containing a manifest of all the other Documents included
in the SubmissionSet, and a reference to the
SubmissionSet. The Document Sharing "SIGNS" relationship may be used but is not required.</li>
</ul>
<p>Ink-on-paper signatures have been a part of the documentation process in health care and have
traditionally been indicators of accountability. Reliable exchange and storage of electronic data
between disparate systems requires a standard that
implements equivalent non-repudiation to prevent document creators from denying authorship and
rejecting responsibility.</p>
<h2 id="37.1">37.1 DSG Actors/Transactions</h2>
<p>This section defines the actors, transactions, and/or content modules in this profile.
</p>
<p>Figure 37.1-1 shows the actors directly involved in the DSG Profile and the direction that the
content is exchanged.</p>
<p>This profile defines only the capability for Document Digital Signature. This profile does not
include transport, workflow, or other content profiles. The grouping of the content module
described in this profile to specific actors is
described in more detail in the "Required Actor Groupings" section below.</p>
<div id="f37.1-1">
<img src="media/Figure_37.1-1.png" alt="DSG Actor Diagram" />
<p class="figureTitle">Figure 37.1-1: DSG Actor Diagram</p>
</div>
<p>Table 37.1-1 lists the content module(s) defined in the DSG Profile. <del>To claim support with this
profile, an actor shall support all required content modules (labeled "R") and may support
optional content modules (labeled "O").</del> <ins>The content module implemented will be indicated by the Options declared for the Actor. See section <a href="ch-37.html#37.2">37.2</a>.</ins></p>
<p id="t37.1-1" class="tableTitle">Table 37.1-1: DSG Profile - Actors and Content Modules</p>
<table cellspacing="0" cellpadding="0">
<thead>
<tr>
<td class="tableHeader">Actors</td>
<td class="tableHeader">Content Modules</td>
<td class="tableHeader">Optionality</td>
<td class="tableHeader">Reference</td>
</tr>
</thead>
<tbody>
<tr>
<td rowspan="2">Content Creator</td>
<td>Document Digital Signature</td>
<td><del>R</del><ins>O</ins></td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5">ITI TF-3: 5.5</a>
</td>
<tr>
<td><ins>Document Digital Signature in JSON</ins></td>
<td><ins>O</ins></td>
<td>
<ins> <a href="../Volume3/ch-5.10.html#5.10">ITI TF-3: 5.10</a></ins>
</td>
</tr>
</tr>
<tr>
<td rowspan="2">Content Consumer</td>
<td>Document Digital Signature</td>
<td><del>R</del><ins>O</ins></td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5">ITI TF-3: 5.5</a>
</td>
<tr>
<td><ins>Document Digital Signature in JSON</ins></td>
<td><ins>O</ins></td>
<td>
<ins><a href="../Volume3/ch-5.10.html#5.10">ITI TF-3: 5.10</a></ins>
</td>
</tr>
</tr>
</tbody>
</table>
<h3 id="37.1.1">37.1.1 Actor Descriptions and Actor Profile Requirements</h3>
<p>Most requirements are documented in Content Modules (Volume 3). This section documents any
additional requirements on profile’s actors.</p>
<p>A Content Creator that conforms to this profile shall have the capability to create a digital
signature document conforming to the Document Digital Signature content module using the
signature option(s) chosen.</p>
<p>A Content Consumer that conforms to this profile shall have the capability to verify signatures
using the signature option(s) chosen.</p>
<h2 id="37.2">37.2 DSG Actor Options</h2>
<p>Table 37.2-1 lists the option(s) defined in the DSG Profile.</p>
<p id="t37.2-1" class="tableTitle">Table 37.2-1: DSG Profile - Options</p>
<table cellspacing="0" cellpadding="0">
<thead>
<tr>
<td class="tableHeader">Actors</td>
<td class="tableHeader">Option</td>
<td class="tableHeader">Vol. & Section</td>
</tr>
</thead>
<tbody>
<tr>
<td rowspan="6">Content Creator (Note 1)</td>
<td>Detached Signature</td>
<td>
<a href="../Volume1/ch-37.html#37.2.1">ITI TF-1: 37.2.1</a>
</td>
</tr>
<tr>
<td>SubmissionSet Signature</td>
<td>
<a href="../Volume1/ch-37.html#37.2.1.1">ITI TF-1: 37.2.1.1</a>
</td>
</tr>
<tr>
<td>Enveloping Signature</td>
<td>
<a href="../Volume1/ch-37.html#37.2.2">ITI TF-1: 37.2.2</a>
</td>
</tr>
<tr>
<td><ins>JSON Detached Signature</ins></td>
<td>
<ins> <a href="../Volume1/ch-37.html#37.2.3">ITI TF-1: 37.2.3</a></ins>
</td>
</tr>
<tr>
<td><ins>JSON Submission Set Signature</ins></td>
<td>
<ins><a href="../Volume1/ch-37.html#37.2.3.1">ITI TF-1: 37.2.3.1</a></ins>
</td>
</tr>
<tr>
<td><ins>JSON Enveloping Signature</ins></td>
<td>
<ins><a href="../Volume1/ch-37.html#37.2.4">ITI TF-1: 37.2.4</a></ins>
</td>
</tr>
<tr>
<td rowspan="6">Content Consumer (Note 1)</td>
<td>Detached Signature</td>
<td>
<a href="../Volume1/ch-37.html#37.2.1">ITI TF-1: 37.2.1</a>
</td>
</tr>
<tr>
<td>SubmissionSet Signature</td>
<td>
<a href="../Volume1/ch-37.html#37.2.1.1">ITI TF-1: 37.2.1.1</a>
</td>
</tr>
<tr>
<td>Enveloping Signature</td>
<td>
<a href="../Volume1/ch-37.html#37.2.2">ITI TF-1: 37.2.2</a>
</td>
</tr>
<tr>
<td><ins>JSON Detached Signature</ins></td>
<td>
<ins><a href="../Volume1/ch-37.html#37.2.3">ITI TF-1: 37.2.3</a></ins>
</td>
</tr>
<tr>
<td><ins>JSON Submission Set Signature</ins></td>
<td>
<ins><a href="../Volume1/ch-37.html#37.2.3.1">ITI TF-1: 37.2.3.1</a></ins>
</td>
</tr>
<tr>
<td><ins>JSON Enveloping Signature</ins></td>
<td>
<ins><a href="../Volume1/ch-37.html#37.2.4">ITI TF-1: 37.2.4</a></ins>
</td>
</tr>
</tbody>
</table>
<p class="note">Note 1: Content Creator Actors and Content Consumer Actors <del>shall</del><ins>SHALL</ins> support at least one option.</p>
<h3 id="37.2.1">37.2.1 Detached Signature Option</h3>
<p>
Content Creators that support the Detached Signature Option shall have the capability to create a
Detached Signature document that is composed of the <ins>XML</ins> Signature block as specified in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.2">ITI TF-3: 5.5.2</a>
and <del>5.5.3</del><ins><a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.3">ITI TF-3: 5.5.3</a></ins>, and a manifest of references to the signed documents. The signature document does not include the content of the documents that are signed. The Detached Signature Option supports the
signing of multiple documents with one signature
document.
</p>
<p>
The digital signature document, when published using <ins><a href="https://profiles.ihe.net/ITI/HIE-Whitepaper/index.html">Document Sharing</a></ins> <del>Document Sharing</del> profiles <del>(e.g., XDS, XDR,
XDM, XCA, etc.)</del>, shall conform to the Document Sharing metadata rules identified in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.6">ITI TF-3: 5.5.6</a>.
</p>
<p>
Content Consumers that support the Detached Signature Option shall have the capability to perform
signature verification specified in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.5">ITI TF-3: 5.5.5</a>
for documents signed with a Detached Signature.
</p>
<h4 id="37.2.1.1">37.2.1.1 SubmissionSet Signature Option</h4>
<p>The SubmissionSet Signature Option is a variant on the Detached Signature Option</p>
<p>The Content Creator shall have the ability to create a Detached Signature document that includes
reference to all the documents included in the SubmissionSet, except for the Detached Signature
document itself; and a reference to the
SubmissionSet unique ID. This Detached Signature document is included in the SubmissionSet.</p>
<p>The SubmissionSet Signature Option requires the use of a Document Sharing Profile.</p>
<p>
Content Consumers that support the SubmissionSet Signature Option shall have the capability to
perform signature verification specified in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.5">ITI TF-3: 5.5.5</a>
for all the documents contained within the Detached Signature.
</p>
<h3 id="37.2.2">37.2.2 Enveloping Signature Option</h3>
<p>
Content Creators that support the Enveloping Signature Option shall have the capability to create
an Enveloping Signature document that is composed of the <ins>XML</ins> signature block as specified in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.2">ITI TF-3: 5.5.2</a>
and <del>5.5.4</del><ins><a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.4">5.5.4</a></ins>, and the document that is signed. The Enveloping Signature Option only supports one document per signature document.
</p>
<p>No guidance is given for use of Document Sharing with Enveloping Signatures. This is due to the
fact that one document contains both signature and content; so it is unclear what the metadata
should represent. XDS Affinity Domain or other
Policy Domain may provide the guidance.</p>
<p>
Content Consumers that support the Enveloping Signature Option shall have the capability to
perform signature verification specified in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.5">ITI TF-3: 5.5.5</a>
for documents signed with an Enveloping Signature.
</p>
<h3 id="37.2.3"><ins>37.2.3 JSON Detached Signature Option</ins></h3>
<p>
<ins>
Content Creators that support the JSON Detached Signature Option shall have the capability to create a
Detached Signature document that is composed of the JWS JSON object as specified in
<a href="../Volume3/ch-5.10.html#5.10.2">ITI TF-3: 5.10.2</a>
and <a href="../Volume3/ch-5.10.html#5.10.3"> ITI TF-3: 5.10.3</a>, and a manifest of references to the signed documents. The signature document does not
include the content of the documents that are signed. The JSON Detached Signature Option supports the
signing of multiple documents with one signature
document.
</ins>
</p>
<p>
<ins>
The digital signature document, when published using <ins><a href="https://profiles.ihe.net/ITI/HIE-Whitepaper/index.html">Document Sharing</a></ins> <del>Document Sharing</del> profiles <del>(e.g., XDS, XCA, XDM, XDR, and MHD)</del>, shall conform to the Document Sharing metadata rules identified in
<a href="../Volume3/ch-5.10.html#5.10.6">ITI TF-3: 5.10.6</a>
</ins>.
</p>
<p>
<ins>
Content Consumers that support the JSON Detached Signature Option shall have the capability to perform
signature verification specified in
<a href="../Volume3/ch-5.10.html#5.10.5">ITI TF-3: 5.10.5</a>
for documents signed with a Detached Signature.
</ins>
</p>
<h4 id="37.2.3.4"><ins>37.2.3.4 JSON SubmissionSet Signature Option</ins></h4>
<p><ins>The JSON SubmissionSet Signature Option is a variant on the JSON Detached Signature Option.</ins></p>
<p><ins>The Content Creator shall have the ability to create a Detached Signature document that includes
reference to all the documents included in the SubmissionSet, except for the Detached Signature
document itself; and a reference to the SubmissionSet unique ID. This Detached Signature document is included in the SubmissionSet.</ins></p>
<p><ins>The JSON SubmissionSet Signature Option requires the use of a Document Sharing Profile.</ins></p>
<p><ins>
Content Consumers that support the SubmissionSet Signature Option shall have the capability to
perform signature verification specified in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.10.html#5.10.5">ITI TF-3: 5.10.5</a>
for all the documents contained within the Detached Signature.</ins>
</p>
<h3 id="37.2.4"><ins>37.2.4 JSON Enveloping Signature Option</ins></h3>
<p>
<ins>
Content Creators that support the JSON Enveloping Signature Option shall have the capability to create
an Enveloping Signature document that is composed of the JWS JSON object as specified in
<a href="../Volume3/ch-5.10.html#5.10.2">ITI TF-3: 5.10.2</a>
and <a href="../Volume3/ch-5.10.html#5.10.4">5.10.4</a>, and the document that is signed. The JSON Enveloping Signature Option only supports one document per signature document.
</ins>
</p>
<p><ins>No guidance is given for use of Document Sharing with Enveloping Signatures. This is due to the
fact that one document contains both signature and content; so it is unclear what the metadata
should represent. XDS Affinity Domain or other
Policy Domain may provide the guidance.</ins></p>
<p>
<ins>
Content Consumers that support the JSON Enveloping Signature Option shall have the capability to
perform signature verification specified in
<a href="../Volume3/ch-5.10.html#5.10.5">ITI TF-3: 5.10.5</a>
for documents signed with an Enveloping Signature.
</ins>
</p>
<h2 id="37.3">37.3 DSG Required Actor Groupings</h2>
<p>There are two actors in this profile, the Content Creator and the Content Consumer. Content is
created by a Content Creator and is to be consumed by a Content Consumer. The sharing or
transmission of content from one actor to the other is not
specifically addressed by this profile. This communication may be achieved by the Document
Sharing profiles, or by other means.</p>
<p>
When Digital Signature documents are stored using a Document Sharing profile, such as XDS, the
metadata rules are defined in
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.6">ITI TF-3: 5.5.6</a><ins> for XML and in <a href="../Volume3/ch-5.10.html#5.10.6">ITI TF-3: 5.10.6</a> for JSON.</ins>
</p>
<p>Content Creator and Content Consumer are grouped with CT Time Client as Digital Signatures
require a reliable date and time.</p>
<p>Content Creator and Content Consumer are grouped with ATNA Secure Node or Secure Application to
record an Audit Message when a signature is created or validated.</p>
<p id="t37.3-1" class="tableTitle">Table 37.3-1: DSG - Required Actor Groupings</p>
<table cellspacing="0" cellpadding="0">
<thead>
<tr>
<td class="tableHeader">DSG Actor</td>
<td class="tableHeader">Grouping Condition</td>
<td class="tableHeader">Actor(s) to be grouped with</td>
<td class="tableHeader">Reference</td>
<td class="tableHeader">Content Bindings Reference</td>
</tr>
</thead>
<tbody>
<tr style="height:16.6pt">
<td>Content Creator</td>
<td>Required</td>
<td>CT / Time Client</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-7.html#7.1">ITI TF-1: 7.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td rowspan="4">Content Creator</td>
<td rowspan="4">With the SubmissionSet Signature Option</td>
<td>XDS.b / Document Source (Note 1)</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-10.html#10.1">ITI TF-1: 10.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td>XDR / Document Source (Note 1)</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-15.html#15.1">ITI TF-1: 15.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td>XDM / Portable Media Creator (Note 1)</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-16.html#16.1">ITI TF-1: 16.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td><ins>MHD / Mobile Health Documents (Note 1)</ins></td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-33.html"><ins>ITI TF-1: 33</ins></a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td>Content Consumer</td>
<td>Required</td>
<td>CT / Time Client</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-7.html#7.1">ITI TF-1: 7.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td rowspan="4">Content Consumer</td>
<td rowspan="4">with the SubmissionSet Signature Option</td>
<td>XDS.b / Document Consumer (Note 1)</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-10.html#10.1">ITI TF-1: 10.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td>XDR / Document Recipient (Note 1)</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-15.html#15.1">ITI TF-1: 15.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:11.65pt">
<td>XDM / Portable Media Importer (Note 1)</td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-16.html#16.1">ITI TF-1: 16.1</a>
</td>
<td>--</td>
</tr>
<tr style="height:16.6pt">
<td><ins>MHD / Mobile Health Documents (Note 1)</ins></td>
<td>
<a href="https://profiles.ihe.net/ITI/TF/Volume1/ch-33.html"><ins>ITI TF-1: 33</ins></a>
</td>
<td>--</td>
</tr>
</tbody>
</table>
<p class="note">Note 1: One or more of the Document Sharing infrastructure groupings shall be
supported.</p>
<p>Section 37.5 describes some optional groupings that may be of interest for security
considerations and Section 37.6 describes some optional groupings in other related profiles.</p>
<h2 id="37.4">37.4 Document Digital Signatures Profile Overview</h2>
<p>The purpose of digital signatures in healthcare can vary greatly and it is important to
understand the distinct use cases. A Digital Signature is a standards-based method to assure
content integrity, authenticity, and authentication of the
identity of the signer. The identity of the signer is assured through use of Private Key and
Public Key management. Management of Private Key and Public Keys are not addressed by this
profile.
<ins>The date/time of when the signature happened is critical to proving the sequence of the data over time.
For a discussion on Private Key and Public Key management (PKI), and assurance of time, see the <a href="ch-37.html#37.5">Security Considerations</a> section.</ins></p>
<ins><p>The outcome is a new Document (the signature). The Metadata for the signature document
also has a <code>signs</code> relationship to the signed document(s).
Figure 37.4-1 shows this relationship.</p>
<div id="f37.4-1">
<img src="media/Figure_37.4-1.png" alt="DSG Document and Signature Relationship" />
<p class="figureTitle">Figure 37.4-1: DSG Document and Signature Relationship</p>
</div>
</ins>
<h3 id="37.4.1">37.4.1 Verify Document Integrity</h3>
<p>One purpose of use of a Digital Signature is to verify that the document being used is the same
as the document that was signed and has not been modified by error or intent. This is called
establishing document integrity. Document signatures
may be used to establish document integrity; that is, to verify that the current document is the
same as the signed document, and it has not been modified by error or intent. Document signatures
may also be used to ascertain the identity of
the signer and the reason for signing.</p>
<p>For example, to confirm that a document is a true copy of a source medical document, the digital
signature is checked. If the signature is verified, then the document is a true copy. If the
signature does not verify, then the document has
been modified.</p>
<p>Another purpose of use is to verify the clinical content of a document. When a physician has
verified that a report is complete and correct, the physician signs the document with purpose of
signature being "verification". If there is ever a
need, the digital signature provides a mechanism to show that the "verification" was attested to
by the physician.</p>
<p>For example, a clinician who needs to rely on a document which was created by another clinician
may use a signature to ascertain that the version they are using has been verified.</p>
<h3 id="37.4.2">37.4.2 One Signature signing multiple documents</h3>
<p>The Detached Signature Option supports a single signature document that simultaneously signs
multiple documents. For example, when a doctor verifies and signs a diagnostic report, the
digital signature can also sign the source data that was
used to prepare the diagnostic report. The digital signature for a mammography diagnostic report
may sign:</p>
<ul>
<li class="bullet-list1">The examination procedure notes</li>
<li class="bullet-list1">The DICOM Mammography images that were read by the radiologist</li>
<li class="bullet-list1">The verified diagnostic report</li>
</ul>
<p>This signature indicates more than that the diagnostic report is complete and correct. It also
indicates the data that was examined and can detect whether that data is subsequently modified or
damaged. Further, it indicates the extent of the
data used. If there are also other reports in the XDS Document Registry, e.g., a later lab
report, the digital signature indicates that this other information not used to prepare the
report.</p>
<h4 id="37.4.2.1">37.4.2.1 Signing a SubmissionSet</h4>
<p>A variant of a Signature signing multiple documents is one where the group of documents being
signed is also defined by a Document Sharing SubmissionSet.</p>
<h3 id="37.4.3">37.4.3 Processing by <del>XDS</del> Document Consumer</h3>
<p>Among other uses, the Detached Signature Option supports use of <ins><a href="https://profiles.ihe.net/ITI/HIE-Whitepaper/index.html">Document Sharing</a></ins> <del>Document Sharing</del> infrastructure <del>(e.g., XDS, XDR, XDM, and XCA)</del>
. The following sections describe how common queries can be
performed in a Document Sharing environment where
document digital signatures are used. <ins>Additional details about the Document Sharing infrastructure are described in the <a href="https://profiles.ihe.net/ITI/HIE-Whitepaper/index.html">HIE Whitepaper</a></ins></p>
<ul>
<li class="bullet-list1">
Search for signatures, given a document
</li>
</ul>
<p class="indent">The signatures that apply to a specific document can be found by querying (e.g.,
the XDS Document Registry) to obtain the "SIGNS" association linkages to that specific document.
The "SIGNS" associations link the Digital Signature documents with the documents signed.</p>
<ul>
<li class="bullet-list1">
Search for documents, given a signature
</li>
</ul>
<p class="indent">The signature document itself contains a manifest that lists the document IDs for
all of the signed documents. It might also contain a SubmissionSet uniqueId for a submission set.
The documents can be obtained through the Document Sharing system. It is possible that
authorization or other limits may prevent retrieval of some of these
documents.</p>
<ul>
<li class="bullet-list1">
Search for signatures
</li>
</ul>
<p class="indent">The signature documents are identified as a digital signature. This can be used
to query for digital signatures in a time range, for specific patient, etc. The signature purpose
codes can be used to limit these signatures. For example, a query may choose to eliminate data
integrity signatures and search only for clinician signatures.</p>
<ul>
<li class="bullet-list1">
Ignore signature documents in query
</li>
</ul>
<p class="indent">The digital signature type document can also be suppressed in queries that are
intended to retrieve only source documents. In an environment with extensive use of data
integrity, creation, verification, and other signatures there may be several signature documents
for each source document. If signature documents are not suppressed
then a query for clinical documents may also have distracting extra results returned for
signatures.</p>
<h3 id="37.4.4">37.4.4 Sign a document by Enveloping - Use Case Description</h3>
<p>When a clinician needs to bind both a document and the signature into one document (for example,
because there is no Document Sharing infrastructure to carry the document, the digital signature,
and the association), then the Enveloping
Signature Option needs to be used.</p>
<p>The Enveloping Signature method encapsulates the signed document inside of the digital signature
document. The result is one new document that is externally the signature document, and embedded
inside that document is the document that is
signed.</p>
<p>Since it is unclear whether (or which) metadata should refer to the signed document or to the
enveloping signature document, IHE does not specify metadata to be used for an Enveloping
Signature document in a Document Sharing infrastructure.</p>
<h3 id="37.4.5"><ins>37.4.5 Sign using both XML and JSON options</ins></h3>
<p><ins>When the signer does not know which signature technology stack the validator is using, then the signer can choose to sign with both options; or the validator support both options</ins></p>
<h2 id="37.5">37.5 Security Considerations</h2>
<p>Digital Signatures rely on a Private Key / Public Key Management Infrastructure (aka PKI) that
must exist and be configured. The definition and configuration of PKI is outside the scope of
this document content profile.
<ins>PKI binds public keys with the respective identities of entities (like people and organizations). This binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). </ins>
The PKI should adhere
to ISO TS-17090 standards for PKI in healthcare.</p>
<p>The Detached Signature Option allows for independent management of signature document and
content documents; thus, there is a risk they will be made unavailable through revision or access
control.</p>
<p>Content Creator and Content Consumer shall be grouped with CT Time Client as Digital Signatures
require a reliable date and time. There is a risk that the clock can be subverted, so operational
controls should be used to audit clock
modifications.</p>
<ins><p>Content Creator implementing the JSON Detached Signature or the JSON Enveloping Signature Options shall have access to a Time Stamping Authority (TSA) Service that meets the JSON Signature <code>tstVD</code> requirement and local policy requirements for Time Stamping Authority.</p></ins>
<p>Content Creator and Content Consumer should be grouped with ATNA Secure Node or Secure
Application to record an Audit Message when a signature is created or validated.</p>
<h2 id="37.6">37.6 Cross Profile Considerations</h2>
<p>When used with a <ins><a href="https://profiles.ihe.net/ITI/HIE-Whitepaper/index.html">Document Sharing</a></ins> <del>Document Sharing</del> infrastructure <del>(e.g., XDS, XDR, XDM, or XCA)</del>:</p>
<ul>
<li class="bullet-list1">
<a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.5.html#5.5.6">ITI TF-3: 5.5.6</a>
Document Sharing Metadata is used
</li>
<li class="bullet-list1">The "SIGNS" association type is used to indicate relationship between
signed documents and the signature document</li>
</ul>
<p>When no Document Sharing infrastructure is used, then the Enveloping Signature Option should be
used.</p>
</div>
</div>
</main>
</div>
<footer class="ihe-footer">
<div class="grid-container fluid">
<div class="grid-x grid-margin-x align-middle">
<div class="cell medium-9 small-order-2 medium-order-1 text-center medium-text-left">
© 2000 — <span id="current-year"></span> IHE International | TEL 1-630-481-1004 | 820 Jorie Boulevard,
Oak Brook, IL 60523
</div>
<div class="cell medium-3 small-order-1 medium-order-2 text-center medium-text-right ihe-footer-icons">
<a href="mailto:[email protected]"><i class="fi fi-mail"></i></a>
<a href="https://www.linkedin.com/company/iheintl"><i class="fi fi-social-linkedin"></i></a>
<a href="https://twitter.com/IHEIntl"><i class="fi fi-social-twitter" aria-hidden="true"></i></a>
<a href="https://www.youtube.com/user/IHEIntl"><i class="fi fi-social-youtube" aria-hidden="true"></i></a>
</div>
</div>
</div>
</footer>
<script src="../../../js/vendor/jquery.min.js"></script>
<script src="../../../js/vendor/motion-ui.min.js"></script>
<script src="../../../js/vendor/what-input.js"></script>
<script src="../../../js/vendor/foundation.min.js"></script>
<script src="../../../js/app.js"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-HLBNC861DJ');
</script>
</body>
</html>