ITI XUA Extension

From IHE Wiki
Jump to navigation Jump to search

History

Detailed proposal

XUA Extension detailed proposal November 20, 2009

Use Cases

  1. Role-Based-Access Control: Need to specify a fuller vocabulary of attributes needed for access control decisions.
  2. Consent/Authorization: Need to carry an indicator of BPPC document that is relevant to the transaction
  3. Level Of Assurance for (a) the authentication event, and/or (b) the provisioning of the account
  4. Extended Audit Logging: Support descriptive identifiers to support environments where post-processing doesn’t have access to directory for id translation into description.
  5. Purpose-of-Use: Carry in the assertion purpose-of-use, including support for Break-Glass / Emergency-Mode-Access
  6. Relationship-to-Patient: Carry the indicator of the patient, relationship to patient, location of patient

Supplement for Public Comment

Security Assessment

Plan

  • Evaluate the content of the Resources for how well they address the above Use-Cases
  • Discover new vocabulary that may be used for the above Use-Cases
  • Further develop the Use-Cases that can be resolved in the next few months, drop the use-cases that do not have mature standards available.
  • Write up likely use-cases for review at First T-Con (TBD)
  • Evaluate the use-cases and create logical groupings into Options
  • Write up logical grouping Options with pointers to likely standards solutions
  • Review at Second T-Con (TBD)
  • Take action items from Second T-Con for Third T-Con (TBD)

Resources

OASIS XSPA - SAML

OASIS SAML Assurance Profile Draft

epSOS Experience with XSPA

NHIN Messaging Framework, Authorization Framework

Notes

FTP site for this project

Current NHIN specifications Return to ITI Technical Committee

Retrieved from "http://wiki.ihe.net/index.php?title=ITI_XUA_Extension&oldid=40016"