Cross-Enterprise User Authentication Year 2

1. Cross-Enterprise User Authentication Year 2 John F. Moehrke GE Healthcare IT Infrastructure Technical Committee

2. Cross-Enterprise User AuthenticationValue Proposition • Extend User Identity to Affinity Domain • Users include Providers, Patients, Clerical, etc • Supports cross-enterprise transactions • Distributed or Centralized. • Provide information necessary so that XDS actors can make Access Control decisions • Does not include Access Control mechanism • Provide information necessary so that XDS actors can produce detailed and accurate Security Audit Trail Interoperability Strategy Workshop

3. Cross-Enterprise User Authentication Three Year Plan • 2005: defined the use-cases and identified standards gaps • 2006: support simple user identity that could be used in the case where the SAML infrastructure is not available (Emergency Mode, Disaster, etc) • Likely use WS-Security username/password with blank password • Likely use HTTP Auth-Basic with blank password • Recommend all actors support noting that local policy may disable. • Drive our requirements inside OASIS committees • 2007: support Web-Services transactions • Likely to use WS-Security, WS-*, WS-I 2.0 Basic Profile. • Employ SAML 2.0 Authentication Assertions and Attribute Assertions. • Requires New XDS transactions to utilize the Web-Services (XDS-Retrieve) • Requires use of Web-Services with HL7 V3 based PIX and PDQ • Update PWP with ASTM and ISO attributes so they can be available in SAML • Define Attribute so that clinician, clerical, and patient are properly identified • Future may extend to DICOM transactions. Interoperability Strategy Workshop

4. (ATNA Secure Node) (ATNA Secure Node) X-Service User user auth provider X-Identity Provider Key: Original Transaction XUA Assertion TLS Protections User Auth Audit Log Cross-Enterprise User AuthenticationImplementation Example EHR XDS Consumer XDS Registry Patient Data Interoperability Strategy Workshop