Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT.

Published byHolly Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT."— Presentation transcript:

1 Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT Infrastructure Technical Committee

2 March 16, 2006ITI Technical Committee2 Cross-Enterprise User Authentication Value Proposition Extend User Identity to Affinity Domain –Users include Providers, Patients, Clerical, etc –Must supports cross-enterprise transactions, can be used inside enterprise –Distributed or Centralized. Provide information necessary so that receiving actors can make Access Control decisions –Does not include Access Control mechanism Provide information necessary so that receiving actors can produce detailed and accurate Security Audit Trail

3 March 16, 2006ITI Technical Committee3 Key: Original Transaction XUA Assertion TLS Protections EHR Patient Data XDS Consumer XDS Registry X-Service User user auth provider X-Identity Provider Cross-Enterprise User Authentication Implementation Example User Auth (ATNA Secure Node) Audit Log

4 March 16, 2006ITI Technical Committee4 XUA – Circle of Trust (e.g. XDS Affinity Domain) St. Johns North Clinic Auth Prov ID Prov Auth Prov ID Prov Radiologist Reporting PACS XDS Patient ID Source Family Doctor 0a 1a 2a 3 4 0b 5 6 1b Any DICOM HL7 v2 XDS Provide & Register XDS Register XDS Retrieve XDS Query HL7 v3 LAB 7 RID (Browser) 2b Any DICOM Key: Original Transaction XUA modification Use-Case number ‘n’ n Internal Exported XDS Repository User auth XDS Registry

5 March 16, 2006ITI Technical Committee5 Open Issues XUA: Need all transactions where XUA is needed to support one method –XDS-Retrieve new option using Web-Services? –Provide/Register continues to not include XUA? –Query with XUA only with new stored query? DICOM –DICOM standard support for SAML not yet done. –WADO: Not clear how to solve. Currently recommend Browser profile PIX/PDQ –There is still times when user is not relevant, thus HL7 v2 is not invalid Solution that doesn’t use SAML (Simple text user identity)? –What is the risk we are trying to mitigate? –Are the overrides appropriate mitigation vs the risk? Assertion content (e.g. Specific attributes)? –Could include PWP attributes. –Likely need PWP updated first with clinical attributes from ISO. Patient vs. Provider? Do we have specific attributes that are required of patients? What do we do when the Service User is not a ‘service’? –Continue to utilize ATNA: TLS: Certificates? –Utilize SAML’s ability to assert a service identity? –Possibly do this in an appendix Policy: The clinical user that is typically identified in the transaction is not likely to be a clinical user but rather a clerical individual. –Future could leverage SAML delegation as that mechanism matures Actor/Transaction –The actor and transaction layout for Browser SSO is different from the one we want to use for Web-Services/DICOM

6 March 16, 2006ITI Technical Committee6 Recommendation Browsers – SAML v2.0 SSO and ECP profile (as is currently written) DICOM – SAML v2.0 Assertions encoded using DICOM user identity mechanism (currently in progress in DICOM) HL7 v2 – NOT SUPPORTED HL7 v3 – Supported when bound to Web-Services Web-Services – Next version of WS-I Basic Security Profile that includes WS-SX standard

7 March 16, 2006ITI Technical Committee7 Cross-Enterprise User Authentication Three Year Plan 2005: defined the use-cases and identified standards gaps –Profiled solution for Browser sessions –Profiled solution for HL7 v2 (should we remove?) 2006: Set the stage (Work on non Web-Services parts) –Encourage XDS-Retrieve using Web-Service –Encourage XDS-Stored Query using Web-Services –Encourage PIX/PDQ with HL7 V3 using Web-Services –Update PWP with ASTM and ISO attributes so they can be available in SAML –Define attribute so that clinician, clerical, and patient are properly identified –Define SAML Assertion content, assurance levels. –Appendix to describe solution when ‘Service User’ is a ‘Service’ Late 2006: support Web-Services transactions –Endorse: WS-Security, WS-SX, WS-I Basic Security Profile. 2007: add other transactions –Profile DICOM transactions.

8 March 16, 2006ITI Technical Committee8 Meetings / Tcon 1.Update usecases, and Actor/Transaction layout. Add of Patient as user. Add of ‘service’ as user comment. April 17 at 11:30 – 1:30 Central 2.Work on Assertion content requirements. Work on PWP integration of ISO dataset, talk about Patient May 15 at 11:30 – 1:30 Central 3. Build section on Web-Services. Likely will duplicate much of what we expect in WS-I

Download ppt "Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT."

Similar presentations

XDS Security ITI Technical Committee May 27, 2006.

XDS Security ITI Technical Committee May 27, 2006.
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.

PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
IHE Profile Proposal: Dynamic Configuration Management October, 2013.

IHE Profile Proposal: Dynamic Configuration Management October, 2013.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
IHE Security and Privacy John Moehrke GE Healthcare IHE ITI Technical Committee Member March 6, 2011.

IHE Security and Privacy John Moehrke GE Healthcare IHE ITI Technical Committee Member March 6, 2011.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.

Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Healthcare Provider Directories 2011-Jan-24 Eric Heflin Dir of Standards and Interoperability/Medicity.

Healthcare Provider Directories 2011-Jan-24 Eric Heflin Dir of Standards and Interoperability/Medicity.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
IHE Radiology –2007What IHE Delivers 1 Christoph Dickmann IHE Technical Committee March 2007 Cross Domain Review PCC.

IHE Radiology –2007What IHE Delivers 1 Christoph Dickmann IHE Technical Committee March 2007 Cross Domain Review PCC.
Integrating the Healthcare Enterprise

Integrating the Healthcare Enterprise
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
Security and Privacy Overview Part 1 of 2 – Basic Security

Security and Privacy Overview Part 1 of 2 – Basic Security
What IHE Delivers Security and Privacy Overview & BPPC September 23, 2015 1 Chris Lindop – IHE Australia July 2011.

What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.

Similar presentations

Ads by Google