| DICOM PS3.15 2026a - Security and System Management Profiles |
|---|
The RoleIDCode is a multi-valued element.
One or more values identify the role(s) played by the active participant:
Initiator: the participating entity that initiates the handling of the information. The RoleIDCode will be (110156, DCM, "Initiator Role ID").
Source: the participating entity from which the information originates. The RoleIDCode will be (110153, DCM, "Source Role ID").
Destination: the participating entity to which the information is directed. The RoleIDCode will be (110152, DCM, "Destination Role ID").
Additional values identify the type of active participant in this event, differentiating types of media and endpoints to provide traceability of the imported, exported or transferred instances in relevant system logs.
Physical media: the participating entity is tangible storage with a unique persistent identity. E.g., a USB drive with a partition ID, a CDROM with a volume label, or printed film with a physical label. Include (110154, DCM, "Destination Media") or (110155, DCM, "Source Media") as a RoleIDCode value. The MediaType element will also be present.
Digital media: the participating entity is a digital resource with a unique persistent identity. E.g., an email message with [RFC 5322] Message-IDs, cloud storage objects with unique URIs, or network file shares with specific paths. Include (110154, DCM, "Destination Media") or (110155, DCM, "Source Media") as a RoleIDCode value. The MediaType element will also be present.
Network access points: the participating entity is a network endpoint with a unique identity. E.g., a DICOM Application Entity with an AE Title and/or an identifier for the network access point. Include (110153, DCM, "Source Role ID") or (110152, DCM, "Destination Role ID") as a RoleIDCode value. The MediaType, MediaIdentifier, and NetworkAccessPointID elements may also be present.
Applications: the participating entity is a service that cannot provide unique identification for individual transactions, messages, or media items. E.g., clipboard managers (which cannot uniquely identify clipboard contents), messaging systems that lack message-by-message tracking, and some email systems that do not provide Message-IDs. Include (110150, DCM, "Application") as a RoleIDCode value. Applications may be identified by values in other elements, e.g., mailto://person@example.com, process name, or service identifier.
Person: the participating entity is someone associated with a persistent identity provided by an organization. E.g., a physician with provider ID or a hospital staff member with a network login. Include (110153, DCM, "Source Role ID"), (110152, DCM, "Destination Role ID"), or (110156, DCM, "Initiator Role ID") as a RoleIDCode value. Person participants may be identified by values in other elements, e.g., UserID or AlternativeUserID.
Combined with identifiers in other elements, RoleIDCode facilitates:
Locating identifiable media. For example, email folders and databases can be searched for an email Message-ID; partition-ID in system device logs can be searched for system media mounts identifying a USB device.
Discovering other relevant system logs. For example, a transfer labeled as “to” or “from” “sms://123456789” can indicate that the SMS logs are pertinent.
Filtering transactions involving suspicious actors based on their type and role.
| DICOM PS3.15 2026a - Security and System Management Profiles |
|---|