Services Information University Project Sentinel Middleware & Identity Management for the Health Sciences Chad La Joie Georgetown University
University Information Services What is Sentinel Integration of biomedical applications in metro-DC to enhance regional detection and response to terrorism attacks (anthrax, ricin, 9/11) Allow inter-organizational access to integrated applications and their data, including Symptom Recording / Analysis Patient Data; while preserving privacy Geographic Information Systems Dramatically Improved Data Visualization Funded by National Library of Medicine grant
University Information Services Participants Georgetown University Hosts IdP components and Sentinel WAYF GU Medical Center – ISIS Hosts medical record viewer and ARGUS portal Consumes MonitorMan and Azyxxi data MedStar Washington and GU Hospitals Hosts MonitorMan and Azyxxi DC Department of Health Consumes MonitorMan, Azyxxi, ARGUS, and medical record viewer data
University Information Services Component View IdM (SunOne) ISIS IdP DC DOH IdP Sentinel WAYF MedStar IdP GU IdP Georgetown Univ. GU Network Internet MedStar Corp. IdM (AD) DC DOH IdM (?) MedStar GU Hospital Azyxxi PHI (RDBMS) SP IdM (AD) ARGUS Portal Record View Medical Center - ISIS PHI (RDBMS) SP Azyxxi Monitor Man MedStar GU Hospital PHI (RDBMS) SP
University Information Services Current Status Completed: Networking connections among participants Sentinel WAYF online GU and ISIS IdPs online MonitorMan Shibboleth-enabled In Progress: ISIS consolidated record viewer shibboleth-enabled ARGUS portal shibboleth-enabled Install DoH IdP Install MedStar IdP NLM sit visit: Sentinel Demo – June 9
University Information Services Lessons Learned Anonymous authentication is not always preferred in the medical community People want to log/audit who is using their application and view data and require knowledge of the user’s identity Medical institutions are not IT organizations No, or incomplete, central ID systems; most apps maintain their own user list and passwords Small IT staff already managing as much as they can Medical community has less trust of home organizations attributes and want more control of privilege granting How do they know attributes are assigned properly?
University Information Services The Future Shibboleth-enable client/server app Azyxxi Protect IdPs with multi-factor AuthN Create Sentinel Federation Document Policies and Practices Set up CA and metadata management Upgrade to Shibboleth 1.3 Provide tools for hospitals to grant privileges to remote users Look into Shibboleth/Grouper/Signet tool chain Look into Shibboleth/PERMIS tool chain
University Information Services The Future Grid-enable applications - maybe Provide OGSA-DIA interface to PHI databases Integrate Grouper/Signet with Globus CAS Enable Shibboleth to work in n-tier environment Hook visualization programs into Condor Continue to investigate the need for a MedPerson schema or data profile
University Information Services Chad La Joie Sentinel Website