MINUTES
Meeting:
Working Group 14 (Security)
of the DICOM Standards Committee
Place of Meeting:
Kyoto, Japan
Date:
Monday, April 2, 2001
Members Present
David Clunie
David Gobuty
Wolfgang Leetz
Eric Martin
Isao Ohbayashi
Charles Parisot
Hidenori Shinoda
Dwight Simon
Lawrence Tarbox
Hitoshi Yoshimura
Comview Corporation
Eastman Kodak
Siemens AG
Marconi Medical Systems
JIRA
GE Medical Systems
Toshiba
Merge Technologies
Siemens Medical Systems
Konica Medical Imaging, Inc.
Members Absent
Kees Smedema
Philips Medical Systems
Others Present
Emmanuel Cardonnier
Joel Chabriais
David Heaney
Minoru Hosoba
Kiyonari Inamura
Alan Rowberg
ETIAM
Societe Francaise de Radiologie
ALI Technologies
Shimadzu
JIRA
American College of Radiology
Presiding Officer:
Lawrence Tarbox, Chairman
44
WG 14 (Security)
of the DICOM Standards Committee
April 2, 2001
1. Approval of Previous Minutes
The minutes of the WG 14 meeting held on December 1, 2000 in Chicago were approved as
presented.
2. Supplement 31 (Security Enhancements One) and Supplement 41 (Security Enhancements Two)
Members reviewed experiences and lessons learned during the demonstrations on secure transport
and on digital signatures on structured reports that were held at RSNA and ECR. Members also
took account of previously received “public comments” and feedback from Working Group 6.
Topics that were discussed include:



How Structured Reports should refer to signed objects,
How Structured Reports should refer to objects that have not been signed,
Incompatibilities between the Japanese and European implementations.
Members decided that the first two topics should be handled in a new work item, instead of being
incorporated into Supplement 41.
Based upon these discussions, members agreed to the following strategy:




The ECR demo participants will investigate what caused the incompatibilities, and
propose resolutions;
Lawrence Tarbox will prepare a new draft of Supplement 41 that incorporates the results
of these discussions plus the results of investigations into the incompatibilities, and
circulate it to members of the working group;
The ECR demo participants will be asked to make appropriate revisions in their
demonstration code using the revised supplement and try again to exchange objects in
order to check interoperability;
Members will hold a telephone conference call to determine whether they agree that the
document is, indeed, ready for consideration by WG-06 with the goal of sending it out for
letter ballot.
3. Supplement 51 (Media Security)
Members reviewed public comments that had been received. Considerable attention was focused
on whether there was any need for providing DICOMSEC as a file ID and, more importantly, how
to manage encrypted media when one can’t read the encrypted files. Members agreed to eliminate
DICOMSEC as a file ID, and merely encrypt DICOMDIR, as suggested in the open items list at the
beginning of the supplement. This will significantly shorten the supplement. Additionally,
members agreed to ask Marco Eichelberg to make the necessary changes, circulate for review by
members of the group, and, if approved, forward to Working Group Six for its review with the goal
of sending the document to the DICOM Standards Committee for ballot. The group would like Mr.
45
WG 14 (Security)
of the DICOM Standards Committee
April 2, 2001
Eichelberg to add some text to the Foreword that will explain why CMS was chosen and the
constraints that this choice imposes.
4. Supplement 55 (Attribute Level Confidentiality)
Members participated in a line-by-line review of proposed revisions to Supplement 55. The editor
will be asked to change the document in compliance with the recommendations of the group. It
will then be circulated to members for a final review. Upon agreement of all parties, it can be
submitted to WG 6 with the goal of requesting public comments.
5. Japanese Laws on Digital Signatures and Electronic Storage of Clinical Records
No additional information was available on this topic.
6. White Paper on Security Structure
Eric Martin presented a partially completed document called “Sample Integration Profiles with
Enhanced Security” (dated March 21, 2001). He prepared this paper as a tutorial/introduction to
security procedures and nomenclature. While the technical experts on this working group may not
need the “training” provided by this document, it could be very helpful to standards writers who
want to show how to provide secure IHE profiles. The remainder of the paper began identifying
mechanisms that could be used to add security to IHE profiles. Much additional work (by the entire
group) will be required to develop a comprehensive paper on how one might treat security in IHE.
The goal is not to create a complete profile for IHE but, instead, to create a handful of examples of
how such a secure profile might look in order to identify and manage potential holes. Any holes
detected could lead to the consideration of new work items to fill those holes.
7. New Business
Members requested that the secretary ask NEMA to develop a listserv for the group’s use.
8. Agenda for Next Meeting
For the purpose of advancing Supplements 41, 51 and 55, members saw no need to plan any faceto-face meetings prior to the November 2001 RSNA meeting in Chicago. However, one or two
teleconferences will be scheduled to review revised versions of the three supplements. April 26 (8
AM on the east coast) was identified as a likely option for such a conference call. Two face-to-face
meetings were set for May 18, 2001 at NEMA and June 25 in Berlin. These meetings will be used
to explore what steps must be taken in order to provide for security in IHE.
46
WG 14 (Security)
of the DICOM Standards Committee
April 2, 2001
9. Adjournment
The meeting was adjourned at 6:15 PM.
Submitted by Howard E. Clark
Secretary WG-14
DICOM Standards Committee
April 11, 2001
Reviewed by Legal Counsel
WG-14 Min 10402
47
WG 14 (Security)
of the DICOM Standards Committee
April 2, 2001