1 / 5

Cross-Enterprise User Authentication Year 2 March 16, 2006

Cross-Enterprise User Authentication Year 2 March 16, 2006. John F. Moehrke GE Healthcare IT Infrastructure Technical Committee. Cross-Enterprise User Authentication Value Proposition. Extend User Identity to Affinity Domain Users include Providers, Patients, Clerical, etc

eric-barber
Download Presentation

Cross-Enterprise User Authentication Year 2 March 16, 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT Infrastructure Technical Committee

  2. Cross-Enterprise User AuthenticationValue Proposition • Extend User Identity to Affinity Domain • Users include Providers, Patients, Clerical, etc • Must supports cross-enterprise transactions, can be used inside enterprise • Distributed or Centralized. • Provide information necessary so that receiving actors can make Access Control decisions • Does not include Access Control mechanism • Provide information necessary so that receiving actors can produce detailed and accurate Security Audit Trail ITI Technical Committee

  3. XUA – Circle of Trust (e.g. XDS Affinity Domain) XDS Patient ID Source Key: Original Transaction XUA modification Use-Case number ‘n’ St. Johns Auth Prov ID Prov n 1a HL7 v2 XDS Registry 0a 1b User auth HL7 v3 North Clinic Internal Exported Radiologist Reporting 4 XDS Query Auth Prov ID Prov 5 XDS Register 3 2a XDS Provide & Register 0b XDS Repository 6 Any DICOM XDS Retrieve Family Doctor PACS 2b Any DICOM LAB RID (Browser) 7 ITI Technical Committee

  4. Recommendation • Browsers – SAML v2.0 SSO and ECP profile (as is currently written) • DICOM – SAML v2.0 Assertions encoded using DICOM user identity mechanism (currently in progress in DICOM) • HL7 v2 – NOT SUPPORTED • HL7 v3 – Supported when bound to Web-Services • Web-Services – Next version of WS-I Basic Security Profile that includes WS-SX standard ITI Technical Committee

  5. Open Issues • XUA: Need all transactions where XUA is needed to support one method • XDS-Retrieve new option using Web-Services? • Provide/Register continues to not include XUA? • Query with XUA only with new stored query? • DICOM • DICOM standard support for SAML not yet done. • WADO: Not clear how to solve. Currently recommend Browser profile • PIX/PDQ • There is still times when user is not relevant, thus HL7 v2 is not invalid • Solution that doesn’t use SAML (Simple text user identity)? • What is the risk we are trying to mitigate? • Are the overrides appropriate mitigation vs the risk? • Assertion content (e.g. Specific attributes)? • Could include PWP attributes. • Likely need PWP updated first with clinical attributes from ISO. • Patient vs Provider? Do we have specific attributes that are required of patients? • Policy: The clinical user that is typically identified in the transaction is not likely to be a clinical user but rather a clerical individual. • Future could leverage SAML delegation as that mechanism matures ITI Technical Committee

More Related