Difference between revisions of "ITI XUA Extension"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
| Line 16: | Line 16: | ||
===Security Assessment=== | ===Security Assessment=== | ||
| + | |||
| + | =Plan= | ||
| + | |||
| + | *Evaluate the content of the Resources for how well they address the above Use-Cases | ||
| + | *Discover new vocabulary that may be used for the above Use-Cases | ||
| + | *Further develop the Use-Cases that can be resolved in the next few months, drop the use-cases that do not have mature standards available. | ||
| + | *Write up likely use-cases for review at First T-Con (TBD) | ||
| + | *Evaluate the use-cases and create logical groupings into Options | ||
| + | *Write up logical grouping Options with pointers to likely standards solutions | ||
| + | *Review at Second T-Con (TBD) | ||
| + | *Take action items from Second T-Con for Third T-Con (TBD) | ||
=Resources= | =Resources= | ||
| Line 26: | Line 37: | ||
NHIN [http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_910523_0_0_18/NHIN_MessagingPlatformProductionSpecification_v2.0.pdf Messaging Framework], [http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_910545_0_0_18/NHIN_AuthorizationFrameworkProductionSpecification_v2.0.pdf Authorization Framework] | NHIN [http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_910523_0_0_18/NHIN_MessagingPlatformProductionSpecification_v2.0.pdf Messaging Framework], [http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_910545_0_0_18/NHIN_AuthorizationFrameworkProductionSpecification_v2.0.pdf Authorization Framework] | ||
| − | |||
=Notes= | =Notes= | ||
Revision as of 13:04, 4 February 2010
History
Detailed proposal
XUA Extension detailed proposal November 20, 2009
Use Cases
- Role-Based-Access Control: Need to specify a fuller vocabulary of attributes needed for access control decisions.
- Consent/Authorization: Need to carry an indicator of BPPC document that is relevant to the transaction
- Level Of Assurance for (a) the authentication event, and/or (b) the provisioning of the account
- Extended Audit Logging: Support descriptive identifiers to support environments where post-processing doesn’t have access to directory for id translation into description.
- Purpose-of-Use: Carry in the assertion purpose-of-use, including support for Break-Glass / Emergency-Mode-Access
- Relationship-to-Patient: Carry the indicator of the patient, relationship to patient, location of patient
Supplement for Public Comment
Security Assessment
Plan
- Evaluate the content of the Resources for how well they address the above Use-Cases
- Discover new vocabulary that may be used for the above Use-Cases
- Further develop the Use-Cases that can be resolved in the next few months, drop the use-cases that do not have mature standards available.
- Write up likely use-cases for review at First T-Con (TBD)
- Evaluate the use-cases and create logical groupings into Options
- Write up logical grouping Options with pointers to likely standards solutions
- Review at Second T-Con (TBD)
- Take action items from Second T-Con for Third T-Con (TBD)
Resources
OASIS XSPA - SAML
OASIS SAML Assurance Profile Draft
epSOS Experience with XSPA
NHIN Messaging Framework, Authorization Framework
Notes
Current NHIN specifications Return to ITI Technical Committee