Technical Straw-man

fortnecessityusefulSoftware and s/w Development

Dec 14, 2013 (3 years and 5 months ago)

75 views

Technical Straw
-
man

Western States Consortium

Face
-
to
-
Face Meeting

25 July 2012

(Technical) Issues to be Resolved…

1.
How do we define and manage
HISP

digital
certificates?


How do we identify the
HISPs

participating in
WSC
?


Is there a centralized
WSC

authority?

2.
How do we access directory services?


What interfaces are available?


What interface standards are used?


What data representation is used?


What assumptions can be made about results?

3.
How do we authorize access to directory services?


Is authorization required?


Is authorization granted to states, entities, or
individuals?


What standards are used for authorization?

1

Direct
Trust

Directory
Services

Directory
Trust

© 2012 Cal eConnect. All rights reserved.

Context: Objectives and Assumptions

Using directed messaging (Direct protocols) to exchange
clinical information between providers across state lines for
treatment purposes.


Pilot to provide feedback on the following:


Policies and
A
greements

required for interstate exchange.


Minimal
Business Processes

required for interstate exchange.


Minimal
Technical Capabilities

required for interstate
exchange.


Assumptions and constraints:


Exchange should be facilitated by statewide
HIE

programs.


Pilot will be limited to exchange for treatment purposes.


Demonstration will be conducted by a “production”
implementation.


Pilot will include PHI but will not include highly sensitive data.

2

© 2012 Cal eConnect. All rights reserved.

Context: Use Case

Using directed messaging (Direct protocols) to exchange
clinical information between providers across state lines for
treatment purposes.

Technical Assumptions:


Directory services are used to retrieve Direct address for an
individual provider.


A state should have a single entry point for all directory
services.


The structure of directory services should be hidden from the
user (or system).


Direct certificates are issued, managed, and discovered in
accordance with current Direct standards.


Directory services may not be necessary if Direct addresses
are known.


Organizational certificates are sufficient.

3

© 2012 Cal eConnect. All rights reserved.

Context:

User Stories “As Is”


Sender does not know recipient’s Direct address.


Sender sends a fax.


Sender knows recipient’s Direct address.

1.
Sender’s
HISP

and recipient’s
HISP

exchange trust anchors
.

2.
Sender’s
HISP

discovers digital certificates and establishes
trusted connection

with recipient’s
HISP
.

3.
Sender
uses Direct

to exchange PHI.

4

© 2012 Cal eConnect. All rights reserved.

Context:

User Stories “To Be”


Sender does not know recipient’s Direct address.

1.
Sender obtains
relevant (demographic) information

about
recipient.

2.
Sender
discovers

recipient’s Direct address (and other
information) using Directory Services.

3.
Sender makes
trust decision

whether to share information.

4.
Sender’s
HISP

discovers digital certificates and establishes
trusted connection

with recipient’s
HISP
.

5.
Sender
uses Direct

to exchange PHI.


Sender knows recipient’s Direct address.

1.
Sender’s
HISP

discovers digital certificates and establishes
trusted connection

with recipient’s
HISP
.

2.
Sender
uses Direct

to exchange PHI.

5

© 2012 Cal eConnect. All rights reserved.

Direct: Options


Certificate management:

1.
Continue to exchange trust anchors point to point

2.
Establish single CA for all
HISPs

(in
WSC

or nationwide)

3.
Establish
WSC

bridge or use Federal Bridge

Contemplate using a
WSC

OID

in certificates to identify
HISPs

that are compliant with
WSC

policies.


Exchange protocol:


No changes from current standards:
HISPs

use SMTP and
S/MIME or
XDR

6

© 2012 Cal eConnect. All rights reserved.

Direct: Option 1

Pros


“Simple” current process

Cons


Requires point
-
to
-
point
coordination

7


SMTP & S/MIME (and
XDR
) transport


DNS
and
LDAP

cert discovery


Each
HISP

has CA


WSC

OID

in certificate

© 2012 Cal eConnect. All rights reserved.

Direct: Option 2

Pros


Avoids point
-
to
-
point trust
anchor exchange

Cons


Requires CA for
WSC

(perhaps nation)

8


SMTP & S/MIME (and
XDR
) transport


DNS
and
LDAP

cert discovery


Single CA for all
HISPs


WSC

OID

in certificate

© 2012 Cal eConnect. All rights reserved.

Direct: Option 3

Pros


Avoids point
-
to
-
point trust
anchor exchange


Distributes CA load

Cons


Requires
WSC

bridge, or


Uses Federal Bridge with its
security requirements

9


SMTP & S/MIME (and
XDR
) transport


DNS
and
LDAP

cert discovery


HISPs

CAs

coordinated through bridge


WSC

OID

in certificate

© 2012 Cal eConnect. All rights reserved.

Directory Service: Options


Authorization:

1.
No authorization required

2.
Authorization of State directory services only

3.
Authorization of systems

4.
Authorization of individuals


Query interface:


Transport

1.
HTTP

2.

HTTPS (mutual TLS)


Web Services

1.
RESTful

web services

2.

SOAP web services


HPD

(or
HPDPlus
) data model


DSML

query language


ATNA

audit logs

10

© 2012 Cal eConnect. All rights reserved.

Other Directory Services

1.
Must have query/response for
Direct address discovery.

2.
Might support remote
management of directory
information.

3.
Might support remote access to
audit logs.

11

Required for
WSC

Demonstration

Save for another day

© 2012 Cal eConnect. All rights reserved.

Directory Service: Option 1

Pros


Simplest architecture

Cons


Does not protect
PII

from
“unauthorized access”

12


RESTful

web services over HTTP


HPD

and
DSML

query/response



ATNA
” audit logs

© 2012 Cal eConnect. All rights reserved.

Directory Service: Option 2

Pros


Secures
PII

during exchange


Controls authorization (but to
state service only)

Cons


Inflexible to query by other
entities


Does not log individual
access

13


RESTful

web services over HTTPS


HPD

and
DSML

query/response



ATNA
” audit logs

© 2012 Cal eConnect. All rights reserved.

Directory Service: Option 3

Pros


Secures
PII

during exchange


Controls (and logs) access to
authorized systems or
individuals

Cons


Requires
WSC

SAML

authority


Might be relaxed to
system
-
signed assertions

14


SOAP web services over HTTPS


SAML

and
XUA

authorization


HPD

and
DSML

query/response


ATNA

audit logs

© 2012 Cal eConnect. All rights reserved.

Directory Service: Option 4

Pros


Secures
PII

during exchange


Controls (and logs) access to
authorized individuals

Cons


Requires
WSC

OpenID

server


Really a
SSO

approach that
(might) require human action

15


RESTful

web services over HTTPS


OpenID

and
OAuth

authorization


HPD

and
DSML

query/response


ATNA

audit logs

© 2012 Cal eConnect. All rights reserved.

Straw
-
man Architecture?

16


SOAP web services over HTTPS


SAML

(and
XUA
) authorization


HPD

and
DSML

query/response


ATNA

audit logs


SMTP & S/MIME (and
XDR
) transport


DNS
and
LDAP

cert discovery


HISPs

CAs

coordinated through bridge


WSC

OID

in certificate

© 2012 Cal eConnect. All rights reserved.

CA Architecture (for

Demonstration)

17

© 2012 Cal eConnect. All rights reserved.

Come play with us…

http://
taskgroups.caleconnect.org/Directory+and+Trust+Services

18

© 2012 Cal eConnect. All rights reserved.