Presentation is loading. Please wait.

Presentation is loading. Please wait.

OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

Published byKelly Turner Modified over 8 years ago

Similar presentations

Presentation on theme: "OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)"— Presentation transcript:

1 OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

2 Patient Care Coordination Planning Committee Problem to be solved The mHealth profile does not specify any security profile options. This allows it to cover a very wide variety of use cases, but means that each installation and deployment must resolve the security and privacy controls in a local site specific manner. OAuth is a widely used authentication and authorization system for consumer and commercial users. The mHealth profile should have an authorization option. Current market factors make the OAuth framework a leading candidate to profile, with options selected to be appropriate for the mHealth use. The initial effort will examine other RESTful authorization alternatives, although none appear to have the level of acceptance of OAuth.

3 Patient Care Coordination Planning Committee External Requirements Continua Requirements – –We have consumer devices (e.g. tablet, smart phone …) running personal health applications with corresponding requirements. – –Focus on on-the-wire protocols and compliance. – –We need an easy/interoperable method for obtaining authorization tokens. – –Leverage RESTful approach for sending measurement observations across the WAN IF. – –Leverage RESTful approach for retrieving measurement observation across the WAN-IF. – –(non-technical – but equally important) Choice of protocols and technologies that motivate 3rd party independent software vendors (e.g. Apple App Store, Google Play) Enterprise Healthcare Requirements – –Hospitals need to provide authorization services for RESTful access from Hospital controlled medical devices BYOD devices Other enterprise devices

4 Patient Care Coordination Planning Committee External Requirements Government agencies – –ONC and others are prototyping RESTful authorization services. In the case of ONC, the OAuth 2.0 framework is being prototyped. Commercial Providers – –Various commercial providers have emerged and are requiring that authorization services not be tied to the healthcare provider. The preference is making authorization service selection a patient/user selection.

5 Patient Care Coordination Planning Committee Assumptions – –Authorization services will not be centralized, national, or unified. – –Authorization services will be not be healthcare provider selected. A patient will have their preferred authorization server, A healthcare provider will have to be able to support multiple authorization servers, and these servers will not be under the control of the healthcare provider. – –The selection of authorization services will be a matter for negotiation among patient, authorization services, and healthcare providers. – –Healthcare services will need to adapt commonly used authorization services – –RESTful services will require authorization – –Other options may evolve. (This is why this should be an option rather than part of the base profile.)

6 Patient Care Coordination Planning Committee Available Frameworks OAuth 2.0 is the dominant available framework – –OAuth 1.x has been successfully deployed for commercial uses with web browsers. – –OAuth 2.0 is a subsequent authorization framework that is designed to be profiled for specific uses, and to fix problems found with OAuth 1.x Other alternatives (these have not received much support outside of the enterprise environment) – –Kerberos tokens – –LDAP authentication – –HTTP password – –HTTP SAML – –Various proprietary systems

7 Patient Care Coordination Planning Committee Use Case (OAuth example) Client Authorization Server Service Provider OAuth Auth Request Unspecified other traffic OAuth Auth Response OAuth Service Ticket In HTTP headers Use Case 1 Use case 2 OAuth specifically avoids specifying other traffic and coordination traffic so that different authorization methods can be employed. For example, some authorization servers use tokens and others use password traffic as part of the request process

8 Patient Care Coordination Planning Committee Proposed Standards & Systems The proposal is toThe proposal is to Evaluate the alternatives, and profile an authorization method.Evaluate the alternatives, and profile an authorization method. Assuming OAuth V.20 from the IETF.Assuming OAuth V.20 from the IETF. –The OAuth framework expects to be profiled with specific information to meet use case specific needs. As a framework, it does not specify all of the requirements for implementation and deployment. –Benefit: The IHE profile can consolidate healthcare specific input to the IETF and OAuth implementers in a manner that they expect to be used.

9 Patient Care Coordination Planning Committee Discussion What level of effort do you foresee in developing this profile?What level of effort do you foresee in developing this profile? –Moderate work effort. Is there someone who is willing to act as profile editor?Is there someone who is willing to act as profile editor? –Rob Horn (Agfa), with Brad Generaux (Agfa)

Download ppt "OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)"

Similar presentations

Real-Time Location Systems Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Ken Fuchs 01 October, 2009.

Real-Time Location Systems Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Ken Fuchs 01 October, 2009.
Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.

Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.
Enterprise -> Cloud Outline –Enterprises have many apps outside their control public cloud; business partner applications –Using standards-based SSO (SAML,

Enterprise -> Cloud Outline –Enterprises have many apps outside their control public cloud; business partner applications –Using standards-based SSO (SAML,
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Western Australian Emergency Medicine Research Online WAEMRO Dis-integrating healthcare information systems Professor Peter Sprivulis MBBS PhD FACEM FACHI.

Western Australian Emergency Medicine Research Online WAEMRO Dis-integrating healthcare information systems Professor Peter Sprivulis MBBS PhD FACEM FACHI.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Securing Insecure Prabath Siriwardena, WSO2 Twitter

Securing Insecure Prabath Siriwardena, WSO2 Twitter
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Brief Profile Proposal for 2012/13 presented to the Patient Care Coordination (PCC) Planning Committee.

Brief Profile Proposal for 2012/13 presented to the Patient Care Coordination (PCC) Planning Committee.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21, 2014 1.

SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,

Similar presentations

Ads by Google