Hello,
We're planning to upgrade our DICOM server from dcm4chee archive v2 to v5 and wanted to clarify how to map our current access control setup onto the new version.
We have set up several hundred projects, whose names are stored in the Study Description dicom attribute on the sending AEs (MRI consoles). Every project also has a corresponding dcm4chee DICOM role and Role Base Access Controls (RBAC) are assigned to incoming DICOM series using the Study Permission service (dcm4chee.archive:StudyPermission) Series Stored stylesheet. We use LDAP for authentication (both the dcm4chee-web3 interface and a QueryRetrieveScp authenticated with User Identity negotiation). The dcm4chee roles are mapped to LDAP groups using the JBoss LdapExtLoginModule. Fine-grained project-level access control is a must for our setup.
Access control is currently implemented in dcm4chee archive v5 using archive (source) AE titles. I can't think of a straightforward way to migrate our setup to use AET-based access control. My questions:
1. Is there anything already implemented in dcm4chee-arc-lite which will allow RBAC where roles are assigned based on DICOM attributes like Study Description, instead of AET only?
2. If not, would you be open to merging this functionality into the project? We can look into developing it ourselves, but don't want to maintain a fork. Is there anything about the design of dcm4chee-arc-lite which makes such an extension undesirable/difficult?
Thanks,
-Igor