Presentation is loading. Please wait.

Presentation is loading. Please wait.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Published bySpencer Roland Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1."— Presentation transcript:

1 An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1

2 Agenda »Overview NHIN Direct and XMPP Why XMPP ? »Mapping of the Abstract Model to XMPP implementation »Security Model of the XMPP implementation »XMPP implementation of the Content Container »HIE Interoperability using XMPP »Q & A / Demo

3 Overview 3 »NHIN Direct project will develop standards and services, which will allow organizations to deliver simple, direct, secure and scalable transport of health information over the Internet between known participants in support of Stage 1 meaningful use. »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on Internet and DNS, Many open source libraries to implement applications, user interfaces and integrate with existing systems and workflows. Direct – Realized using asynchronous message delivery, along with a publish-subscribe mechanism for specific events. Secure – Realized using TLS channel encryption, SASL authentication and authorization mechanisms, and extensive support for X509 based PKI infrastructure. Scalable – Realized using direct “Server Federation”, Clustering features of XMPP servers, A single XMPP server can support 1000’s of end points.

4 Overview Cont’d – Why XMPP 4 »As explained in the previous slide the XMPP protocol supports all the basic capabilities required to meet NHIN Direct goals. »In addition, XMPP can serve as the “Innovation Platform” providing capabilities for HISP’s to innovate and create the next generation healthcare applications using: Presence features Direct Server to Server federation, no intermediaries thus reducing the probability of attack on the internet. Out of band File Transfer features Service Discovery and negotiation features Publish-Subscribe services Collaboration services Protocol binding support for HTTP/S, SOAP etc. Real time communication features.

5 Abstract Model Mapping to XMPP Implementation 5 »NHIN Direct Backbone Protocol XMPP over TLS. »NHIN Direct HISP Address Directory The servers, and end points are discovered using DNS directories and DNS SRV lookups.

6 Abstract Model Mapping to XMPP Implementation Cont’d 6 »NHIN Direct Address XMPP uses addresses which are similar to email addresses Addresses come in two formats called the short address and the full address. –The short address is of the format user@domain.user@domain –The full address is of the format user@domain/resource.user@domain/resource For most practical applications the short address is sufficient. »NHIN Direct Message Mime Message carrying different payloads like xml data, documents and binary data wrapped in XMPP xml tags. The Mime Message can be signed and encrypted using PKI infrastructure. »NHIN Direct Source/Destination Edge Protocol XMPP provides flexible options for deployment and can interface with various protocols based on the deployment architecture. The following are the most widely used options for deployment. –XMPP with TLS. (Using standard XMPP ports). –XMPP over HTTP (HTTPS).

7 Security Model of the XMPP Implementation 7 Channel Security: »The client to server communication (Source/Destination to HISP) is encrypted using TLS based on X509 server certificates. »The clients are authenticated to the server using SASL mechanisms. SASL PLAIN uses (user + pwd) SASL External supports client certificates. »The Server to Server communication will be encrypted using TLS. »The Server to Server authentication/authorization is performed using SASL External mechanism. (X509 certificates)

8 Security Model of the XMPP Implementation Cont’d 8 Certificate Support: »Client Certificates are distinct from server certificates Client certificates can be at the individual level or at the organization level »Server Certificates are distinct from client certificates »Allows certificate chains and/or anchors for certificate validation. »Allows certificate revocation using OSCP and/or locally cached CRL’s. »Payload Signing and Encryption will be accomplished using NHIN-D JAgent.

9 Content Container Implementation 9 Content Package Metadata »XMPP uses “To”, and “From” to route the message from source to destination. »Header information as it is currently specified is sufficient for routing between HISP’s. Payload: »All attributes that are not part of the Header information are being packaged as part of the payload. »Once the Content Manifest is finalized and agreed upon, the XMPP implementation can be enhanced to support the required additional data. Note: This could inhibit adoption if the data is required to be entered manually vs being extracted from other payload information.

10 HIE Interoperability 10

11 HIE Interoperability Cont’d 11 Scenario4: Interacting with existing EHR/EMR systems

12 Prototype Instantiation and Configuration 12

13 Current Status of Prototype 13 »Establish XMPP servers in the cloud »Basic Client / Server and Server to Server Messaging Infrastructure in place. »Secure TLS Channels established between client and Servers, and Server to Servers Certificates from StartSSL were created and used with the prototype. »Directory Integration for user account management with LDAP »Simple User Interface to interact with the XMPP implementation and for account provisioning. »Ongoing Activities: (Not completed) Signing and Encrypting the MIME Message. Proof of concept for Interoperability between NHIN Exchange and NHIN Direct. Creating production level architecture and design documents.

14 Q & A 14

Download ppt "An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1."

Similar presentations

웹 서비스 개요.

웹 서비스 개요.
Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.

Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.
Data Transport Standard (DTS) for NCHELP Business Perspective.

Data Transport Standard (DTS) for NCHELP Business Perspective.
Siebel Web Services Siebel Web Services March, From

Siebel Web Services Siebel Web Services March, From
MITA Gateway 5010 Overview May 18th 2009.

MITA Gateway 5010 Overview May 18th 2009.
DIRECT TRANSPORT FOR QH 10/18-19 F2F NOTES (SPN).

DIRECT TRANSPORT FOR QH 10/18-19 F2F NOTES (SPN).
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
SOAP.

SOAP.
Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.

Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.
Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.

Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.
S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.

S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Supporting Meaningful Use Stage 2 Transition of Care Requirements

Supporting Meaningful Use Stage 2 Transition of Care Requirements
Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)

Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.

NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Understand Web Services

Understand Web Services
Query Health Technical WG 9/14/2011. Agenda TopicTime Allocation Administrative Stuff and Reminders11:05 – 11:10 am Summer Concert Series Patterns Discussion11:10.

Query Health Technical WG 9/14/2011. Agenda TopicTime Allocation Administrative Stuff and Reminders11:05 – 11:10 am Summer Concert Series Patterns Discussion11:10.

Similar presentations

Ads by Google