Download presentation
Presentation is loading. Please wait.
Published byKellie May Modified over 9 years ago
1
IHE Infrastructure - Security February 6, 2003
2
IHE Basic Security Profile Addresses a single use-case in Radiology Machine-to-machine communication with mutual authentication Auditing –ASTM E2147 (PS-115) + XML message payload –User-level auditing needed; sense of “user” is not in IHE basic security profile –Better transport needed: uses Syslog (RFC 3164) Waiting for maturity of Reliable Syslog (RFC 3195)
3
IHE Basic Security Profile DICOM/HL7/ASTM Web message –Draft RFC: New version to be published soon with comments incorporated Your comments needed! Target: stable draft for May 1 HL7/DICOM meeting –Work will continue in HL7/DICOM/ASTM, who will make IHE aware when available. –IHE should proceed in way that will allow using current audit trail standards and allow future standards to be plugged in.
4
Areas for IHE to Address User Authentication –Key need is a single credential for all applications –Standards include: X.509(95), X.509(2000), ASTM E1762 and E1985, RFC 1510 (Kerberos v5), HL7 CCOW user context certificates, SAML –Cases: Hard: Intra-institutional credentials Harder: Cross-institutional credentials Exclude issues of patient identification
5
Areas for IHE to Address Common User Authentication (Single Sign-On) –Need is 1 authentication event for accessing multiple applications from a single user device. –Standards include: RFC 1510 (Kerberos v5), HL7 CCOW user context, SAML –Cases: Multiple concurrent/serial application windows Serial application services, e.g., a portal-style access to multiple systems Front-end application to access back-end databases.
6
Areas for IHE to Address Certificate Management –Need is for a common credential Within one institution Across multiple institutions –Standards include X.509(95), X.509(2000), ISO/TS 17090, ASTM E2212, SAML –Need user and client device certificates –Big win for IT in automation of user management –A “necessary first step” to gain significant visible benefit for clinicians’ User Authentication(?)
7
Areas for IHE to Address Digital Signatures –Standards include: X.509, ASTM E2084, W3C XML dsig, SAML –Dependent on Certificate Management solution –Intra-institutional solutions may be possible with existing solutions, but not inter-institutional solutions (key issue is how to establish trust) Rapid authentication –Ability to quickly sign-on as a clinician –Re-establish user environment rapidly upon sign-on –Any standards for this?
8
Areas for IHE to Address Encryption –Standards plethora Public confusion –Not a critical need or easy win Secure servicing –Excluded from HIPAA rules, not EU rules –De-identification of data is one issue that does draw attention –Cross-relations to Master Provider Index issues –Useful, but not a glamorous item to start with: make part of road map
9
So, Today We Must … Identify use cases for end user constituencies –Clinicians –Nurses –IT Admin Examine available standards Refine use cases: scope, dependencies of items, sequence of implementation Select immediate goal contents for demo at HIMSS, Feb. 2004 and …
10
So, Today We Must … Define the IHE Work Product: –Scope statement Broad-brush tech solutions Status of relevant standards Value propositions for users and vendors –Milestones for HIMSS 2004 and beyond: Tasks with names & due-dates –January 2004 Connect-a-thon Detailed event planning –Address HL7 collaboration and win-win scenarios
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.