Introduction to the Audit Trail Plugin

The scope of the audit trail plugin is to enable the Generic Workflow Execution Service (GWES) to write RFC3881-compatible audit trails, which are used within the health care sector to enhance the data privacy protection and to protocol modifications and processing of data within clinical studies.

The audit trail plugin is being developed within the PneumoGRID project. In line with the PneumoGRID project funded by the BMBF (German Federal Ministry of Education and Research), a grid-based infrastructure and services supporting diagnostics and treatment of chronic obstructive pulmonary disease (COPD) are being developed within the scope of the grant program ”IKT 2020 – Research for innovation” in the field ”Grid services for economics and science”.

The project’s main focus is on grid-based analysis of medical signal and image data for the dynamic imaging of ventilation in healthy persons and patients with COPD. For this, middleware components and grid services are being developed and expanded that meet the legal requirements on data processing for multi-centric studies and clinical applications. The project aims at creating a system that offers established and innovative imaging procedures for lung ventilation testing in clinical studies and patient care to doctors, clinical test centers and companies regardless of location in a user-friendly and inexpensive fashion. Additionally, the middleware components and generic services developed within the scope of this project shall also be used in other clinical applications and studies of various medical fields.

Installation

  1. Purchase the audit trail plugin. For details please contact Fraunhofer FIRST.
  2. Install the Generic Workflow Execution Service (GWES). In the following we assume that the GWES is newer or equal version 2.1.1 and has been installed at the directory $GWES_HOME (e.g., $GWES_HOME=~/local/apache-tomcat/webapps/gwes).
  3. Unpack the binary distribution
    gwes-plugin-audit-trail-2.1.1.rc1-bin.tar.gz
  or
gwes-plugin-audit-trail-2.1.1.rc1-bin.zip
  4. Copy the java library gwes-plugin-audit-trail-2.1.1.rc1.jar to the directory $GWES_HOME/WEB-INF/lib/ (e.g., $GWES_HOME=~/local/apache-tomcat/webapps/gwes/WEB-INF/lib/)
  5. Configure the file gwes.properties:
    gwes.logger.class=de.fraunhofer.first.gwes.plugin.audittrail.AuditTrailLogger
gwes.audittrail.file=${catalina.base}/logs/gwes-rfc3881-audit-trail.xml
  6. (Re-)Start the GWES web service.

Audit Trail Events

The GWES logs the following events together with additional information about the active user, the process and the activity:

Event Identifier (refer to RFC3881, 5.1.1)Event Action (refer to RFC3881, 5.1.2)
GET_WORKFLOW_IDSRead/View/Print/Query
GET_WORKFLOW_STATUS_ARRAYRead/View/Print/Query
GET_AVAILABLE_RESOURCESRead/View/Print/Query
GET_RESOURCE_DESCRIPTIONRead/View/Print/Query
WORKFLOW_GET_WORKFLOW_DESCRIPTIONRead/View/Print/Query
WORKFLOW_GET_DATARead/View/Print/Query
WORKFLOW_GET_DESCRIPTIONRead/View/Print/Query
WORKFLOW_GET_PROPERTYRead/View/Print/Query
WORKFLOW_GET_PROPERTIESRead/View/Print/Query
WORKFLOW_GET_CHECKPOINTSRead/View/Print/Query
WORKFLOW_GET_ACTIVITY_STATUS_ARRAYRead/View/Print/Query
WORKFLOW_GET_STATUSRead/View/Print/Query
WORKFLOW_GET_MODIFICATIONS_FOR_UPDATERead/View/Print/Query
WORKFLOW_WAIT_FOR_STATUS_CHANGERead/View/Print/Query
GET_CREDENTIALRead/View/Print/Query
WORKFLOW_INITIATECreate
WORKFLOW_RESTARTCreate
WORKFLOW_RESTORECreate
ACTIVITY_CONSTRUCTCreate
ACTIVITY_INITIATECreate
ACTIVITY_RESTARTCreate
LOAD_CREDENTIALCreate
WORKFLOW_STARTExecute
ACTIVITY_STARTExecute
WORKFLOW_SUSPENDUpdate
WORKFLOW_RESUMEUpdate
WORKFLOW_STOREUpdate
WORKFLOW_MODIFICATION_COMMITUpdate
WORKFLOW_STATUS_CHANGEUpdate
WORKFLOW_SET_WORKFLOW_DESCRIPTIONUpdate
WORKFLOW_SET_DESCRIPTIONUpdate
WORKFLOW_SET_PROPERTYUpdate
ACTIVITY_STATUS_CHANGEUpdate
ACTIVITY_SUSPENDUpdate
ACTIVITY_RESUMEUpdate
SET_LOGGER_LEVELUpdate
SET_CREDENTIALUpdate
WORKFLOW_ABORTDelete
WORKFLOW_REMOVEDelete
ACTIVITY_ABORTDelete
ACTIVITY_CLEANDelete

GWES-specific Participant Object ID Type Codes

The GWES audit trail plugin provides additional syntax elements that are used, e.g., to identify workflows or specific activities. Here is the table of GWES-specific participant object ID type codes that extend the default code set as specified in RFC3881, 5.5.4:

CodeCode SystemCode System NameDisplay NameOriginal Text
100de.fraunhofer.first.gwesGWESWorkflow IDWorkflow ID
101de.fraunhofer.first.gwesGWESWorkflow Activity IDActivity ID
102de.fraunhofer.first.gwesGWESWorkflow Activity Operation NameoperationName
103de.fraunhofer.first.gwesGWESWorkflow Activity Resource NameresourceName
104de.fraunhofer.first.gwesGWESTransition Occurrence IdentifiertransitionOccurrence
105de.fraunhofer.first.gwesGWESResource IdentifierresourceUri
106de.fraunhofer.first.gwesGWESResource Class IdentifierofClass
107de.fraunhofer.first.gwesGWESMemory Level (1=memory, 2=database, 3=filesystem)level

Example

Here is an example audit message as provided by the GWES audit trail plugin:

<AuditMessage>
    <EventIdentification EventOutcomeIndicator="0" EventDateTime="2011-07-27T15:57:28.351+02:00" EventActionCode="E">
        <EventID code="ACTIVITY_START"/>
    </EventIdentification>
    <ActiveParticipant UserID="hoheisel"/>
    <AuditSourceIdentification AuditSourceID="http://poseidon.first.fraunhofer.de:8280/gwes">
        <AuditSourceTypeCode code="3"/>
    </AuditSourceIdentification>
    <ParticipantObjectIdentification ParticipantObjectTypeCode="2"
                             ParticipantObjectID="hoheisel_377605de-4985-4b33-9b6c-afb4b81de38e">
        <ParticipantObjectIDTypeCode codeSystemName="GWES" codeSystem="de.fraunhofer.first.gwes"
                             originalText="Workflow ID" displayName="Workflow ID" code="100"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectTypeCode="2"
                             ParticipantObjectID="hoheisel_377605de-4985-4b33-9b6c-afb4b81de38e_0000000002">
        <ParticipantObjectIDTypeCode codeSystemName="GWES" codeSystem="de.fraunhofer.first.gwes"
                             originalText="Activity ID" displayName="Workflow Activity ID" code="101"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectTypeCode="2"
                             ParticipantObjectID="sort">
        <ParticipantObjectIDTypeCode codeSystemName="GWES" codeSystem="de.fraunhofer.first.gwes"
                             originalText="operationName" displayName="Workflow Activity Operation Name" code="102"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectTypeCode="2"
                             ParticipantObjectID="http://fhrg.first.fraunhofer.de:8080/linuxtoolbox/services/Sort?wsdl">
        <ParticipantObjectIDTypeCode codeSystemName="GWES" codeSystem="de.fraunhofer.first.gwes"
                             originalText="resourceName" displayName="Workflow Activity Resource Name" code="103"/>
    </ParticipantObjectIdentification>
    <ParticipantObjectIdentification ParticipantObjectTypeCode="2" ParticipantObjectID="sort,i:d2,i:d4">
        <ParticipantObjectIDTypeCode codeSystemName="GWES" codeSystem="de.fraunhofer.first.gwes"
                             originalText="transitionOccurrence" displayName="Transition Occurrence Identifier"
                             code="104"/>
    </ParticipantObjectIdentification>
</AuditMessage>