Difference between revisions of "Cross-Enterprise User Assertion - Discussion"
JohnMoehrke (talk | contribs) |
|||
| Line 32: | Line 32: | ||
** Also at [http://www.srdc.metu.edu.tr/publications http://www.srdc.metu.edu.tr/publications] | ** Also at [http://www.srdc.metu.edu.tr/publications http://www.srdc.metu.edu.tr/publications] | ||
* Georgetown University - The meeting will be Tuesday, December 12, 2006, 8AM – 5 PM at Northwestern Radiology Imaging Informatics Lab, 448 East Ontario, Suite 300, Chicago, IL 60611. Coordinated by Dave Channen | * Georgetown University - The meeting will be Tuesday, December 12, 2006, 8AM – 5 PM at Northwestern Radiology Imaging Informatics Lab, 448 East Ontario, Suite 300, Chicago, IL 60611. Coordinated by Dave Channen | ||
| + | * Eclipse Open Healthcare Framework -- Don | ||
* GSA Pilot - Don and Lori | * GSA Pilot - Don and Lori | ||
* European Pilot -- Emmanuel | * European Pilot -- Emmanuel | ||
Revision as of 12:22, 6 December 2006
Introduction
IHE has defined a profile for Enterprise User Authentication (EUA) and Personnel White Pages (PWP) for use within an enterprise. The IHE is now defining transactions that cross enterprise boundaries, specifically the XDS profile and others that create an Affinity Domain. When transactions cross enterprise boundaries the mechanisms found in the EUA and PWP profile are insufficient and often nonfunctional. To provide accountability in these cross enterprise transactions there is a need to identify the requesting user in a way that the receiver can make access decisions and proper audit entries.
Cross-Enterprise User Authentication (XUA) profile will provide the user identity in transactions that cross enterprise boundaries. Enterprises may choose to have their own user directory and their own unique method of authenticating. To provide accountability in these cross enterprise transactions there is a need to identify the requesting user in a way that the receiver can make access decisions and proper audit entries.
Plan
- The use-cases need to be updated to be more clinical and less technical
- To better communicate what we are providing
- To better uncover the requirements for the transactions
- Maturity concerns
- There still is very limited support for SAML 2.0. The vendors are all working on it. The SAML community is all unified that 2.0 is the right one for future work. The problem appears to be vendors trying to get some revenue on existing development.
- WS-I and WS-SX appear to be maturing on target.
- decide scope
- are we only going to focus on web-services transactions? (no support for HL7 v2 MMLP or dicom or wado or RID)
- we should focus year one on XDS-Query with an assumed Affinity domain Policy.
- Strong (Charles) request to include XDS-Retrieve as well.
- Would likely need to have a WS version of Retrieve. Where the old HTTP-GET retrieve never supports user (XUA) identities, where the new one has support.
- HITSP Emergency Responder usecase – repository wants to know the user identity that it is handing over information to.
- There is evidence that the XDS-Query is more likely to be done by an automated process, where as the XDS-Retrieve is more likely to be attributable to a specific user.
- Produce a roadmap that shows how to get this done in multi-year.
References
- Cross-Enterprise User Authentication Draft September 12, 2006 : Tech Editor: John Moehrke
Pilot Projects
There are a few pilot projects that we are working with to gather lessons-learned so that the XUA profile can be better.
- Implementation Experiences On IHE XUA and BPPC December 5, 2006; Tuncay Namlı and Asuman Dogac, Software Research and Development Center, Middle East Technical University, Ankara, Turkey
- Georgetown University - The meeting will be Tuesday, December 12, 2006, 8AM – 5 PM at Northwestern Radiology Imaging Informatics Lab, 448 East Ontario, Suite 300, Chicago, IL 60611. Coordinated by Dave Channen
- Eclipse Open Healthcare Framework -- Don
- GSA Pilot - Don and Lori
- European Pilot -- Emmanuel