1 / 5

XUA Attribute Options

This presentation aims to extend the XUA profile by incorporating authorization attributes from the XSPA standard. It discusses the integration of XUA with PEP/PDP systems, role-based access control, consent management, audit logging, purpose-of-use, and patient relationship indicators. Proposed standards include SAML, XSPA, epSOS, NHIN Messaging, and WS-Trust frameworks.

murphy-moore
Download Presentation

XUA Attribute Options

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. XUA Attribute Options presented to the IT Infrastructure Technical Committee John Moehrke Feb 1, 2010

  2. The Goal • Ensure that XUA profile can be used in conjunction with PEP/PDP systems (cfr. Access Control Whitepaper) • Leverage the Oasis/XSPA efforts for standardizing authorization attributes in healthcare • Concrete : • Extend the SAML token (XUA profile) with authorization attributes (based on XSPA ) • A review of modifications needed (if any) for international use of the XSPA standard. XSPA has been initially driven by US needs. • Describe the integration of XUA with existing PEP/PDP systems (cookbook)

  3. Use Case • Role-Based-Access Control: Need to specify a fuller vocabulary of attributes needed for access control decisions. • Consent/Authorization: Need to carry an indicator of BPPC document that is relevant to the transaction • Level Of Assurance for (a) the authentication event, and/or (b) the provisioning of the account • Audit Logging: Support descriptive identifiers to support environments where post-processing doesn’t have access to directory for id translation into description. • Purpose-of-Use: Carry in the assertion purpose-of-use, including support for Break-Glass / Emergency-Mode-Access • Relationship-to-Patient: Carry the indicator of the patient, relationship to patient, location of patient

  4. Proposed Standards & Systems • SAML • XSPA (SAML, XACML, WS-Trust) • epSOS paper from Massimiliano • NHIN Messaging and Authorization Frameworks • WS-trust

  5. Discussion • What level of effort do you foresee in developing this profile? • Medium • Co-editor: John Moehrke – GE Medical, Joerg Caumanns – Fraunhofer.

More Related