Download presentation
Presentation is loading. Please wait.
Published byTiffany Heath Modified over 9 years ago
1
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee
2
June 28-29, 2005Interoperability Strategy Workshop2 W W W. I H E. N E T Providers and Vendors Working Together to Deliver Interoperable Health Information Systems In the Enterprise and Across Care Settings
3
June 28-29, 2005Interoperability Strategy Workshop3 IT Infrastructure Profiles 2004 Patient Identifier Cross-referencing for MPI (PIX) Retrieve Information for Display (RID) Consistent Time (CT) Patient Synchronized Applications (PSA) Enterprise User Authentication (EUA) 2005 Patient Demographic Query (PDQ) Cross Enterprise Document Sharing (XDS) Audit Trail and Note Authentication (ATNA) Personnel White Pages (PWP) 2006 Cross-Enterprise User Authentication (XUA) Document Digital Signature (DSG) – Notification of Document Availability (NAV) Patient Administration/Management (PAM) Cross-Enterprise User Authentication (XUA) – User identify federation
4
June 28-29, 2005Interoperability Strategy Workshop4 Cross-Enterprise User Authentication Abstract/Scope Provide User Identity between Enterprises Provide Authentication strength knowledge Provide for optional contact information Mechanism to disclose User Identity is Profiled by IHE; controlled by Affinity Domain Policy
5
June 28-29, 2005Interoperability Strategy Workshop5 Cross-Enterprise User Authentication Value Proposition Extend User Identity to Affinity Domain –Supports any cross-enterprise transaction –Federated or Centralized Provide information necessary so that XDS actors can make Access Control decisions –Does not include Access Control mechanism Provide information necessary so that XDS actors can produce detailed and accurate Security Audit Trail
6
June 28-29, 2005Interoperability Strategy Workshop6 Cross-Enterprise User Authentication Transaction Diagram Identity Provider 2 Request Assertion (of who this user is) 1 XDS Retrieve 3 Request User ID 4 User Identity 5 Authentication Assertion Record Auditable Event ATNA Audit Repository XDS Repository
7
June 28-29, 2005Interoperability Strategy Workshop7 Cross-Enterprise User Authentication Standards Used Employs SAML 2.0 Profiles Specifies use of SAML Browser SSO Profile and Enhanced Client/Proxy Profile Specifies SAML Profile to use with XDS (ebXML Registry) –Consistent with ebXML 3.0 use of SAML Extends SAML 2.0 Profiles into HL7 –future DICOM
8
June 28-29, 2005Interoperability Strategy Workshop8 Cross-Enterprise User Authentication Actors User Authentication Provider – Not specified but required. Could be EUA or other authentication system X-Identity Provider – SAML Identity Provider X-Service User – Any IHE Actor that interacts with the user, has authenticated the user using the “User Authentication Provider” X-Service Provider – Any IHE Actor requiring XUA Dash Line – Existing Transactions Solid Line – XUA User Authentication Provider X-Identity Provider X-Service User X-Service Provider
9
June 28-29, 2005Interoperability Strategy Workshop9 Key: Original Transaction XUA Assertion TLS Protections EHR Patient Data XDS Consumer XDS Registry X-Service User user auth provider X-Identity Provider Cross-Enterprise User Authentication Implementation Example User Auth (ATNA Secure Node) Audit Log
10
June 28-29, 2005Interoperability Strategy Workshop10 Cross-Enterprise User Authentication SAML Resources OASIS Security Services (SAML) TC –http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=securityhttp://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security SAML V2.0 slides from Eve Maler (Sun) –http://www.oasis- open.org/committees/download.php/12958/SAMLV2.0-basics.pdfhttp://www.oasis- open.org/committees/download.php/12958/SAMLV2.0-basics.pdf SAML V2.0 slides from Prateek Mishra –http://lists.oasis-open.org/archives/security- services/200504/ppt00000.ppthttp://lists.oasis-open.org/archives/security- services/200504/ppt00000.ppt SAML V2.0 slides from Hal Lockhart –http://lists.oasis-open.org/archives/security- services/200506/msg00031.htmlhttp://lists.oasis-open.org/archives/security- services/200506/msg00031.html
11
June 28-29, 2005Interoperability Strategy Workshop11 More information…. IHE Web sites: www.ihe.net www.ihe.net Technical Frameworks, Supplements –Fill in relevant supplements and frameworks Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.