PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept. 2012

HL7 PASS Concept Diagram 0.1

Candidate Access Control Logical Architectures

Access Enforcement Policy Decision Service Access Coordination 9. Decision Factors8. Decision Rules 3. Return Authentication Token 2. Request Authentication Status 6. Request Resource 11. Request Resource 13. Resource (if Permit) 12. Resource Identity Provider 1. Request Resource 14. Resource 5. Return Project Credential 4. Request Project Credential hGrid 2.0 Project 10. Return Decision Token: Deny, or Permit, or Permit with Provisions 7. Resource Access Decision Requested Policy Enforcement Flow Information Flow Secure Message- hGrid profile of WS-Security SAML - hGrid profile of SAML WS-Trust - hGrid profile of WS-Trust Encryption - FIPS validated encryption XACML - hGrid profile of XACML HL7 PASS Access DSTU

2 1 Radiologist Workstation Audit Service – IMS Image Analysis Service (IMS) Image Data Service (IDS) Authentication Service Trust Message Infrastructure Trust Infrastructure 1 1c 1 Request Image/Data 1b Privacy Policies 1 1b Authorization Service – IDS 2 Authorization Policies Authorization Service – IMS 1b 2 1a SSO Log In 1a 1c b 1a 1b 1a 1b 1a 1b 1a 1 Access Privacy Access «PEP» Audit Service – IDS Request Image/Data Trust Token Flow 1a 1b 1c Authentication Trust Token Authentication Trust Token- Delegated Authorization Trust Token Audit Trust Token- Secure protocol Representitive Use Case

This sharing is, necessarily, highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs. A set of individuals and/or institutions defined by such sharing rules form what we call a virtual organization (VO). --Foster el al in The Anatomy of the Grid Security, Privacy and Grid Computing

Access Enforcement Resource Access Requirements Trusted Information Source requires Access Enforcement provides requires access toprotects is a kind of authorizes Access Policy drives Virtual HIN (vHIN) Resource Authority authenticates to managed by defines policy defines specifies uses is a kind of Access Decision Information Access Policy Decision Requestor Identity Provider Virtual Organization (VO) Security/Privacy FrameworkvHIN-based

6. Request 8. Resource (if Permit) Resource Decision Factor 2 5. Decision Decision Factor 1 Policy 1 Policy 2 Decision Factor n Policy m 2.Request Decision Policy Information Service «PIP» 3.Request Decision Information 4.Decision Information Policy Decision Service «PDP» Policy Enforcement Agent «PEP»«access» 7. Response 1. Request Resource Access Decision Policy Sources may include: Jurisdictions- National State Organization (custodial) hGrid 2.0 VO Consumer- Patient Delegate Patient- Privacy Preferences Access Decision Information Factors may include: Requestor- Identity Organization Role Purpose of request Time of request Privacy Preferences Policy Decisions (remote) Resource- Attributes Policy Decision Rules reference Decision Information Security, Privacy and Governance

6. Deliver CCD. Consent Not Granted RI State HIE Decision HIPAA RI Patient Request Decision Policy Information Service «PIP» Request Decision Information Decision Information Policy Decision Service «PDP» Direct Enforcement Agent «PEP» 1. CCD Submitted Access Decision Policy Sources may include: Jurisdictions- Federal State Organization (custodial) RIQI Consumer- Patient Patient- Privacy Preferences Access Decision Information Factors may include: Requestor- Identity Organization Role Purpose of request Time of request Privacy Preferences Policy Decisions (remote) Resource- Attributes Policy Decision Rules reference Decision Information Rhode Island Consent Gateway Identity Proofed to NIST Level 3 Covered Entity? RITC Membership? Patient Consented? Provider DSP Agreement Executed Provider BA Agreement Executed Consent Enforcement Agent «PEP» 2.Request Decision X.509 Cert

Intermediary Access Policy Enforcement hGrid 2.0 Monitor Grid Policy Enforcement Resource Policy Enforcement Proxy Governance Control Points hGrid 2.0 Service Request/Response Security, Privacy and Governance