Revision as of 18:09, 3 February 2010

History

Role-Based-Access Control: Need to specify a fuller vocabulary of attributes needed for access control decisions.
Consent/Authorization: Need to carry an indicator of BPPC document that is relevant to the transaction
Level Of Assurance for (a) the authentication event, and/or (b) the provisioning of the account
Extended Audit Logging: Support descriptive identifiers to support environments where post-processing doesn’t have access to directory for id translation into description.
Purpose-of-Use: Carry in the assertion purpose-of-use, including support for Break-Glass / Emergency-Mode-Access
Relationship-to-Patient: Carry the indicator of the patient, relationship to patient, location of patient

@@ Line 16: / Line 16: @@
 ===Security Assessment===
+=Resources=
+OASIS [http://www.oasis-open.org/specs/#xspa-samlv1.0 XSPA - SAML]
+OASIS [ftp://iheyr2:interop@ftp.ihe.net/IT_Infrastructure/iheitiyr8-2010-2011/Technical_Cmte/Profile_Work/XUA-Extension/sstc-saml-assurance-profile-draft-01.pdf SAML Assurance Profile Draft]
+epSOS [ftp://iheyr2:interop@ftp.ihe.net/IT_Infrastructure/iheitiyr8-2010-2011/Technical_Cmte/Profile_Work/XUA-Extension/The%20epSOS%20experience%20on%20XUA%20-%20v0_2_1a.doc Experience with XSPA]
+NHIN [http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_910523_0_0_18/NHIN_MessagingPlatformProductionSpecification_v2.0.pdf Messaging Framework], [http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_910545_0_0_18/NHIN_AuthorizationFrameworkProductionSpecification_v2.0.pdf Authorization Framework]
 =Notes=
 [ftp://ftp.ihe.net/IT_Infrastructure/iheitiyr8-2010-2011/Technical_Cmte/Profile_Work/XUA-Extension/ FTP site for this project]
+[http://healthit.hhs.gov/portal/server.pt?open=512&objID=1194&parentname=CommunityPage&parentid=3&mode=2&in_hi_userid=10741&cached=true Current NHIN specifications]