Cross-Enterprise Service Bus (XSB) Proposal: Difference between revisions

From IHE Wiki
Jump to navigation Jump to search
← Older editNewer edit →
No edit summary
No edit summary
Line 1: Line 1:
==1. Proposed Profile: ''Cross-Enterprise Service Bus (XSB)''==
==1. Proposed Profile: Cross-Enterprise Service Bus (XSB)==


* Proposal Editor: Don Jorgenson
* Proposal Editor: Don Jorgenson

Revision as of 19:20, 24 October 2007

1. Proposed Profile: Cross-Enterprise Service Bus (XSB)

  • Proposal Editor: Don Jorgenson
  • Profile Editor: Don Jorgenson, ...
  • Date: N/A (Wiki keeps history)
  • Version: N/A (Wiki keeps history)
  • Domain: ITI

Summary

The proposed Cross-Enterprise Service Bus (XSB) profile is intended to address the need for a message-based infrastructure or framework, compatible with Web Services, that is constrained to meet the security, privacy and interoperability requirements of healthcare documents/messages in transit.

HL7 WS*, WS-Security, WS-Addressing and related WS-* specifications, when appropriately constrained and applied, can meet the confidentiality and integrity requirements for IHE transactions. SOAP message headers can transport user identity, user role, user credentials and other relevent information that will facilitate both audit and access control decisions.

The proposed XSB addresses several outstanding issues identified in ATNA, XUA and Appendix V.

The HL7-SOA Privacy, Access and Security Services (PASS)-Functional Models are scheduled for ballot January, 2008. The IHE XSB profile would provide the constrained, real world technical specification anticipated in the illustrative Web Service-based use cases provided in the PASS functional specification.

An XSB is not an Enterprise Service Bus nor is it an SOA implementation.

2. The Problem

For the message-oriented Web Services environment, there is a need to profile security and privacy functionality similar to that provided by ATNA for connection-oriented, point-to-point environments.

The WS-I Basic Security Profile 1.0 provides this guidance: “Partners in a message exchange must agree which elements must be signed and/or encrypted and which elements may be signed and/or encrypted and which security tokens must be present and may be present.”

From the IHE supplement Web Services for IHE Transactions (ITI-V) : “IHE does not specify whether the Sender and Receiver should implement the HL7 WS Security Profile. The decision to implement the HL7 WS Security Profile is left to implementers. Each IHE transaction specifies its ATNA requirements for security and authentication. Currently this is the method to meet security requirements identified by IHE. With the publication of WS-Security 1.1 and when the WS-I Basic Security Profile 1.1 is released, it is expected that ATNA (or a different profile) may incorporate additional options for Web Services, and the HL7 WS Security Profile will be incorporated in this appendix.”

3. Key Use Case

Web Services for IHE Transactions (ITI-V) provides “the guidelines for specifying the use of SOAP-based Web Services as the messaging infrastructure and transport mechanism for IHE transactions.”

The XSB profile would allow the large class of healthcare use cases that require payload-neutral, message-based transport of documents/messages to be implemented with much of the required security and privacy functionality provided by implicit service invocations during message infrastructure processing.

4. Standards & Systems

There are Web Service stacks available for all major platforms. In addition to basic SOAP processors, they often include implementations of key WS-* processors such as WS-Addressing, WS-Security, WS-Trust and WS-ReliableMessaging.

Companies with commercial offerings include:

  • IBM
  • BEA
  • Oracle

Organizations with open source offerings include:

  • Apache
  • Eclipse
  • Sun

XSB uses, extends or constrains:

  • ATNA
  • XUA
  • SAML
  • HL7-SOA PASS
  • WS-Addressing
  • WS-Security
  • WS-Trust
  • WS-Federation

XSB supports or enables:

  • XDS
  • XCA
  • XDS.b
  • XACML-based Policy Engines

5. Technical Approach

Existing actors

  • X-Service User
  • X-Service Provider
  • Secure Node
  • Time Client

New actors

  • Service Consumer Access Node
  • Service Provider Access Node

Existing transactions

  • ITI-20: Record Audit Event
  • ITI-1: Maintain Time
  • ITI-19: Node Authentication

New transactions (standards used)

  • ITI-xx: Deliver Transaction Message

Impact on existing integration profiles

It may be necessary to update several profiles, including ATNA, XUA and ITI-V.

The proposed XSB could be considered a message-based extension or supplement to the connection-based ATNA profile. It also provides additional context for XUA and addresses the security issues anticipated by Appendix V.

New integration profiles needed

Breakdown of tasks that need to be accomplished

6. Support & Resources

Eclipse OHF

7. Risks

8. Open Issues

9. Tech Cmte Evaluation

<The technical committee will use this area to record details of the effort estimation, etc.>

Effort Evaluation (as a % of Tech Cmte Bandwidth):

  • 35% for ...

Responses to Issues:

See italics in Risk and Open Issue sections

Candidate Editor:

TBA
Retrieved from "http://wiki.ihe.net/index.php?title=Cross-Enterprise_Service_Bus_(XSB)_Proposal&oldid=10776"