Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee.

Published byAllison Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee."— Presentation transcript:

1 Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee

2 Sept 13-15, 2004IHE Interoperability Workshop 2 IHE IT Infrastructure 2004-2005 Enterprise User Authentication Provide users a single name and centralized authentication process across all systems Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Synchronize multiple applications on a desktop to the same patient Patient Synchronized Applications Consistent Time Coordinate time across networked systems Audit Trail & Node Authentication Centralized privacy audit trail and node to node authentication to create a secured domain. New Patient Demographics Query New Personnel White Page Access to workforce contact information New Cross-Enterprise Document Sharing Registration, distribution and access across health enterprises of clinical documents forming a patient electronic health record New

3 Sept 13-15, 2004IHE Interoperability Workshop 3 IHE IT Infrastructure 2004-2005 Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Synchronize multiple applications on a desktop to the same patient Patient Synchronized Applications Audit Trail & Node Authentication Centralized privacy audit trail and node to node authentication to create a secured domain. New Patient Demographics Query New Personnel White Page Access to workforce contact information New Cross-Enterprise Document Sharing Registration, distribution and access across health enterprises of clinical documents forming a patient electronic health record New Enterprise User Authentication Provide users a single name and centralized authentication process across all systems Consistent Time Coordinate time across networked systems

4 Sept 13-15, 2004IHE Interoperability Workshop 4 Enterprise User Authentication Scope Support a single enterprise governed by a single set of security policies and having a common network domain. Establish one name per user to be used for all IT applications and devices. Facilitate centralized user authentication management. Provide users with single sign-on.

5 Sept 13-15, 2004IHE Interoperability Workshop 5 Enterprise User Authentication Value Proposition Meet a basic security requirement  User authentication is necessary for most applications and data access operations. Achieve cost savings/containment  Centralize user authentication management  Simplify multi-vendor implementations Provide workflow improvement for users  Increase user acceptance through simplicity  Decrease user task-switching time. More effective security protection  Consistency and simplicity yields greater assurance.

6 Sept 13-15, 2004IHE Interoperability Workshop 6 Consistent Time Scope and Value Proposition Meet a basic security requirement  System clocks and time stamps of the many computers in a network must be synchronized.  Lack of consistent time creates a “security hole” for attackers.  Synchronization ±1 second is generally sufficient. Achieve cost savings/containment  Use the Network Time Protocol (NTP) standard defined in RFC 1305.  Leverage exisisting Internet NTP services, a set-up option for mainstream operating systems.

7 Sept 13-15, 2004IHE Interoperability Workshop 7 Enterprise User Authentication Use Case: Single Sign On Motivation  Users need to frequently communicate with many non- integrated IT application services.  Managing multiple user identities and passwords is costly to users and system administration. Solution  EUA supports a single common user identity for browser- based applications.  EUA allows multiple user authentication technologies.  EUA uses well-trusted standardized user identity mechanisms: Kerberos and CCOW user context.

8 Sept 13-15, 2004IHE Interoperability Workshop 8 Enterprise User Authentication Use Case: Fast User Switch Motivation  Customer requirement for fast user switching on a multi- user workstation due to long startup times during normal system login Solution  Initiate a “null user” during workstation startup.  Utilize EUA to authenticate actual users once, e.g., at start of work shift, via Kerberos.  Utilize Follow Context to switch user identities without incurring the high startup costs, via CCOW user context.

9 Sept 13-15, 2004IHE Interoperability Workshop 9 Enterprise User Authentication Key Attributes Limited network overhead  Kerberos is network-efficient, developed at a time when high-speed networks were rare.  CCOW is similarly network-efficient Kerberos and CCOW work with any user authentication technology  Tokens, biometric technologies, smart cards, …  Specific implementations require some proprietary components, e.g., biometric devices.  Once user authentication is complete, network transactions are the same for all technologies.

10 Sept 13-15, 2004IHE Interoperability Workshop 10 Enterprise User Authentication Key Attributes Multi-year roll-out  2004: Kerberos Server HTTP Authentication Shared Identity through CCOW Grouped with Consistent Time  Future: DICOM (Supplement 99) HL7 (v2.6 UAC segment or WSDL/SOAP transport) CCOW – Kerberos service ticket as part of use context

11 Sept 13-15, 2004IHE Interoperability Workshop 11 EUA and CT Key Technical Properties Standards Used  Kerberos v5 (RFC 1510) Stable since 1993, Widely implemented on current operating system platforms Successfully withstood attacks in its 10-year history Fully interoperable among all platforms  HL7 CCOW, user subject  Network Time Protocol (RFC 1305) Minimal Application Changes  Eliminate application-specific, non-interoperable authentication  Replace less secure proprietary security techniques  Leverage NTP interfaces built-into operating systems

12 Sept 13-15, 2004IHE Interoperability Workshop 12 Enterprise User Authentication Transaction Diagram

13 Sept 13-15, 2004IHE Interoperability Workshop 13 Enterprise User Authentication Transaction Diagram: CCOW Option

14 Sept 13-15, 2004IHE Interoperability Workshop 14 Consistent Time Transaction Diagram Maintain Time [ITI-1] ↑ Time Server Time Client

15 Sept 13-15, 2004IHE Interoperability Workshop 15 Enterprise User Authentication Kerberos Authentication Kerberos Server “kinit” Cache Request TGT Response (contains TGT) application TGT Request Service ticket Response with Service Ticket Application server Protocol specific communication, using Service Ticket as authenticator Communication Initiated Initial username, password Single System Environment

16 Sept 13-15, 2004IHE Interoperability Workshop 16 Enterprise User Authentication HTTP Authentication Client Authentication Agent HTTP Client HTTP Kerberized Server Kerberos Authentication Server Start HTTP Session HTTP Get – with no authentication. 401 response (WWW Authenticate: Negotiate) Get Kerberos Service Ticket Service Ticket HTTP Get – Kerberized Communication HTTP Response

17 Sept 13-15, 2004IHE Interoperability Workshop 17 Enterprise User Authentication Fast User Switch Kerberos Authentication Server Device with Fast User Switching User Context Participant Context Manager Client Authentication Agent Join Context Switch to User A Change Context User A Login Follow Context User B Login Change Context Follow Context Switch to User B

18 Sept 13-15, 2004IHE Interoperability Workshop 18 Kerberos Documentation Online  “Moron’s Guide” http://www.isi.edu/gost/brian/security/kerberos.html  MIT Site http://web.mit.edu/kerberos/www/  Various Microsoft MSDN support documents Hardcopy  Kerberos, by Brian Tung, Addison Wesley  Various vendor manuals Configuration and API documentation  Microsoft, Unix, and other vendor documentation

19 Sept 13-15, 2004IHE Interoperability Workshop 19 HTTP Documentation Internet draft for Kerberization of HTTP  draft-brezak-spnego-http-05.txt Other documentation  http://support.microsoft.com/default.aspx?scid=kb;ben- us;326985

20 Sept 13-15, 2004IHE Interoperability Workshop 20 EUA Futures HL7 CCOW Proposal EUA defines a CCOW identity space  User.Id.Logon.Kerberos  This enables some single signon capabilities. CCOW exchange of SAML assertions  Assertions can contain Kerberos service tickets  Is an HL7 work item, now underway  Use cases are needed in order to move this forward.

21 Sept 13-15, 2004IHE Interoperability Workshop 21 EUA Futures HL7 v2.6 Proposal HL7 v2.6 User Authentication Credential (UAC) segment  Kerberos service tickets or SAML assertion User identified associations enables  Better Audit logs  User specific customizations  User specific authorization HL7 also allows EUA as part of WSDL/SOAP, via SAML assertion

22 Sept 13-15, 2004IHE Interoperability Workshop 22 EUA Futures DICOM Proposal DICOM Associations convey user identification User identified associations enable  Better audit logs  User specific customizations  User specific authorization Under development as Supplement 99

23 Sept 13-15, 2004IHE Interoperability Workshop 23 More information…. IHE Web sites: http://www.himss.org/IHE http://www.rsna.org/IHE http://www.acc.org/quality/ihe.htmhttp://www.acc.org/quality/ihe.htm. Technical Frameworks: ITI V1.0, RAD V5.5, LAB V1.0 Technical Framework Supplements - Trial Implementation May 2004: Radiology August 2004: Cardiology, IT Infrastructure Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements

Download ppt "Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee."

Similar presentations

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.

PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.

June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.
Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.

Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.

DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.

Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.
Overview of IHE IT Infrastructure Integration Profiles 2003-2004 Charles Parisot, GE Healthcare IT IHE IT Infrastructure Technical Committee co-chair.

Overview of IHE IT Infrastructure Integration Profiles Charles Parisot, GE Healthcare IT IHE IT Infrastructure Technical Committee co-chair.
OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.

1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
Integrating the Healthcare Enterprise

Integrating the Healthcare Enterprise
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Security and Privacy Overview Part 1 of 2 – Basic Security

Security and Privacy Overview Part 1 of 2 – Basic Security

Similar presentations

Ads by Google