Editorial Team

Authors

• Raik Kuhlisch (Fraunhofer ISST)
• Jörg Caumanns (Fraunhofer ISST)
• Oliver Pfaff (Siemens IT Solutions and Services)
• Markus Franke (Siemens IT Solutions and Services)
• Christof Strack (SUN Microsystems)
• Heiko Lemke (SUN Microsystems)

Supervisor

• Rob Horn (Agfa Healthcare)

IHE ITI Editorial Team

• John Moehrke (GE Healthcare)
• Lynn Felhofer (Mallinckrodt Institute of Radiology)
• Manuel Metz (GIP-DMP)

Schedule

Storyline

• There is no “one-fits-all” solution for authorization
  • policies, verifiable attributes, and attribute sources vary
  • granularity of protected items varies
  • deployment varies
• Therefore the WP provides a generic toolkit of deployable actors and a methodology to tailor this toolkit to a specific healthcare network’s needs and to identify the required transactions.
• The toolkits reflects the maximal set of attributes and policy sources in a maximally distributed scenario. The methodology helps system architects in selecting the required components and in designing the optimized flow of control.
• For each component and transaction appropriate standards are named. If possible they are mapped onto existing IHE ITI actors and transactions.

Outline

1. Access Control: Motivation and State-of-the-Art
   1. Motivation

• • • Privacy and Data Security
    • Needs-to-Know Principle

1. 1. State of the Art

• • • Paradigms: DAC, MAC, RBAC, ...
    • Policy Based Access Control (PEP, PDP, ...)
    • Standards (SAML, WS*, XACML, XSPA, ...)

1. 1. Challenge

• • • Solution is driven by the characteristics of the policies: Which information is needed for policy selection/evaluation and how can this information be obtained in an efficient manner?
    • Multiple policy sources and specific workflow aspects add another layer of complexity
    • But: Things must be kept simple to be safe and efficient

1. 1. Generic Model for Access Control (based on XSPA)

• • • Access Control System within each domain
    • Attribute Management (Directories and Services)
    • Context Domain
      • Issuer of a request affecting a protected resource
      • Management of context attributes
      • control of the assertion/message flow
    • Subject Domain (in XSPA part of the issuing domain)
      • Subject authentication
      • Management of subject attributes
    • Resource Domain
      • management of protected resources (e. g. data base)
      • management of resource attributes
      • management of resource security policies
      • policy enforcement and policy decision

1. Specific Requirements of Federated Healthcare Networks
2. Generic Access Control Model for Federated Healthcare Networks
3. Methodology for Tailoring the Generic Model
4. Sample Adaptations of the Generic Model
5. Standards for Implementing the Actors and Transactions of the Generic Model
6. Appendix: Glossary of Terms
7. Appendix: Standards and Vocabularies for Attribute Names and Values

Standards and Specs to be considered

SAML

Any information on policies that is to be exchanged is encoded as a SAML 2.0 assertion. The respective profiling must be in line with the conventions defined for XUA. The use of WS Trust RST/RSTR is prefered for the SAML 2.0 protocol.

WS Trust

Issuing and validation of SAML-encoded security token is performed by WS Trust STS. The experiences made with the eCR implementations based on the SUN and Microsoft WS Trust frameworks should be considered in order to avoid WS Trust features that are not implemented in a compatible manner by these platforms.

XSPA

XSPA is the reference model with respect to the building blocks and the flow of control.

XACML

Anything specified in the white paper must be implementable using XACML encoded policies.

Detailed proposal

Access control white paper detailed proposal