ITI Access Control White Paper
Editorial Team
Authors
- Raik Kuhlisch (Fraunhofer ISST)
- Jörg Caumanns (Fraunhofer ISST)
- Oliver Pfaff (Siemens IT Solutions and Services)
- Markus Franke (Siemens IT Solutions and Services)
- Christof Strack (SUN Microsystems)
- Heiko Lemke (SUN Microsystems)
Supervisor
- Rob Horn (Agfa Healthcare)
IHE ITI Editorial Team
- John Moehrke (GE Healthcare)
- Lynn Felhofer (Mallinckrodt Institute of Radiology)
- Manuel Metz (GIP-DMP)
Schedule
| Date | Time (MEZ) | Location | Type (a) | Topic | Agenda | Minutes |
|---|---|---|---|---|---|---|
| 2009.01.09 | 1200-1400 | T-con ( Logistics ) | Discussion | Access Control White Paper | Agenda | Minutes |
| 2009.01.21 | 0900-1000 | T-con ( Logistics ) | Discussion | Access Control White Paper | Agenda | Minutes |
| 2009.01.26-29 | All day (b) | Chicago ( Logistics ) | Decision | Decide technical direction of profiles | TBD | TBD |
| 2009.05.04-08 | All day (b) | Chicago ( Logistics ) | Decision | Prepare profiles for public comments | TBD | TBD |
| 2009.07.13-17 | All day (b) | Chicago ( Logistics ) | Decision | Prepare profiles for trial implementation | TBD | TBD |
Storyline
- There is no “one-fits-all” solution for authorization
- policies, verifiable attributes, and attribute sources vary
- granularity of protected items varies
- deployment varies
- Therefore the WP provides a generic toolkit of deployable actors and a methodology to tailor this toolkit to a specific healthcare network’s needs and to identify the required transactions.
- The toolkits reflects the maximal set of attributes and policy sources in a maximally distributed scenario. The methodology helps system architects in selecting the required components and in designing the optimized flow of control.
- For each component and transaction appropriate standards are named. If possible they are mapped onto existing IHE ITI actors and transactions.
Outline
Standards and Specs to be considered
SAML
Any information on policies that is to be exchanged is encoded as a SAML 2.0 assertion. The respective profiling must be in line with the conventions defined for XUA. The use of WS Trust RST/RSTR is prefered for the SAML 2.0 protocol.
WS Trust
Issuing and validation of SAML-encoded security token is performed by WS Trust STS. The experiences made with the eCR implementations based on the SUN and Microsoft WS Trust frameworks should be considered in order to avoid WS Trust features that are not implemented in a compatible manner by these platforms.
XSPA
XSPA is the reference model with respect to the building blocks and the flow of control.
XACML
Anything specified in the white paper must be implementable using XACML encoded policies.