NOTE: This wiki is provided by the OASIS standards consortium as a collaborative tool for members of the OASIS XSPA Technical Committee, who are permitted to post to these pages. As this is an official workspace of the TC, the OASIS IPR Policy and other OASIS rules apply to its use. To learn more about the work of the TC, send a comment, or join this effort, visit the OASIS XSPA TC homepage.

Wiki pages are transient documents, so intermediate edits may not be saved. TC members should move all permanent work and stable artifacts to the TC's document repository, where the archival work product of the TC also can be viewed by the public.

RSA 2010 Interop Wiki

The following content is provided as reference materials for those participating in the RSA 2010 Interop.

Demonstration Functionality / Use Cases

XSPA Profiles of SAML, XACML, and WS-Trust

RSA 2010 Demonstration Extensions

HIMSS 2009 Interoperability Showcase

Video Presentations (hosted by Ascendahealthcare.com)

OASIS-HITSP Advanced Technology Demonstration Johnathan Coleman Security Risk Solutions, Inc. HITSP, Duane DeCouteau OASIS

XSPA Technology Overview

XSPA Development Background

XSPA Technology Overview

XSPA Use Case Demonstrations

Organizational Policy Constraints / Emergency Access - Use of coarse and fine grain access control.

Clinical Data Masking and Obligations - Patient controls what clinical objects are delivered during healthcare information exchange.

Documentation

HIMSS 2009 Playbook(pdf) HIMSS 2009 Playbook(ppt)

Source Code - Netbeans Projects

XSPA Profiles of SAML 2.0 and XACML 2.0 for Healthcare

XSPA Profile of WS-Trust for Healthcare

XACML Policies

Attributes

Service Requestor - Application Assertion

Identifier

Demonstrated HIMSS 2009

Ratified Within XSPA SAML Profile (updates in bold)

WS-Trust Claim

SubjectId

urn:oasis:names:tc:xacml:2.0:subject:subject-id

urn:oasis:names:tc:xacml:1.0:subject:subject-id

SubjectOrg

urn:oasis:names:tc:xpsa:1.0:subject:organization

SubjectOrgId

urn:oasis:names:tc:xpsa:1.0:subject:organization-id

SubjectPermissions

urn:oasis:name:tc:xspa:1.0:subject:hl7:permissions

urn:oasis:name:tc:xspa:1.0:subject:hl7:permission

SubjectRole

urn:oasis:names:tc:xacml:2.0:subject:role

urn:oasis:names:tc:xacml:2.0:subject:role

SubjectRoleCodeSystem

codeSystem, codeSystemName, displayName

n/a

SubjectFunctionalRole

urn:oasis:names:tc:xspa:1.0:subject:functional-role

urn:oasis:names:tc:xspa:1.0:subject:functional-role

SubjectPurposeOfUse

urn:oasis:names:tc:xspa:1.0:subject:purposeofuse

urn:oasis:names:tc:xspa:1.0:subject:purposeofuse

ResourceId

urn:oasis:names:tc:xacml:2.0:resource:resource-id

urn:oasis:names:tc:xacml:1.0:resource:resource-id

ResourceType

urn:oasis:names:tc:xspa:1.0:resource:hl7:type

urn:oasis:names:tc:xspa:1.0:resource:hl7:type

ResourceAction

urn:oasis:names:xacml:1.0:action:action-id

urn:oasis:names:xacml:1.0:action:action-id

SubjectNpi

urn:oasis:names:tc:xspa:1.0:subject:npi

urn:oasis:names:tc:xspa:1.0:subject:npi

SubjectLocality

urn:oasis:names:tc:xacml:2.0:subject:locality

urn:oasis:names:tc:xspa:1.0:environment:locality

Service Provider - Policy Enforcement Point Interaction

Subject and Resource

Identifier

Demonstrated HIMSS 2009

Ratified Within XSPA XACML Profile (updates in bold)

SubjectId

urn:oasis:names:tc:xacml:2.0:subject:subject-id

urn:oasis:names:tc:xacml:1.0:subject:subject-id

SubjectNpi

urn:oasis:names:tc:xspa:1.0:subject:npi

SubjectLocality

urn:oasis:names:tc:xacml:2.0:subject:locality

SubjectPermissions

urn:oasis:names:tc:xspa:1.0:subject:hl7:permission

SubjectRole

urn:oasis:names:tc:xacml:2.0:subject:role

SubjectFunctionalRole

urn:oasis:names:tc:xspa:1.0:subject:functional_role

SubjectPurposeOfUse

urn:oasis:names:tc:xspa:1.0:subject:purposeofuse

ResourceId

urn:oasis:names:tc:xacml:2.0:resource:resource-id

ResourceType

urn:oasis:names:tc:xspa:1.0:resource:hl7:type

ResourceAction

urn:oasis:names:tc:xacml:1.0:action:action-id

ResourceLocality

urn:oasis:names:tc:xacml:2.0:resource:locality

Organizational Constraints From PIP

Identifier

Demonstrated HIMSS 2009

Ratified Within XSPA XACML Profile (updates in bold)

HoursOfOperations

urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation

OperatingDay

urn:oasis:names:tc:xspa:1.0:resource:org:operating-day

HoursOfOperationStart

urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:start

HoursOfOperationEnd

urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:end

AllowedOrganizations

urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations

RequiredRoles

urn:oasis:names:tc:xspa:1.0:resource:org:role

RequiredPermissions

urn:oasis:names:tc:xspa:1.0:resource:org:hl7:permission

Patient Constraints From PIP

Identifier

Demonstrated HIMSS 2009

Ratified Within XSPA XACML Profile (updates in bold)

PatientAllowedOrganizations

urn:oasis:names:tc:xspa:1.0:resource:patient:allowed-organizations

ConfidentialityCode

urn:oasis:names:tc:xspa:1.0:resource:patient:hl7:confidentiality-code

PatientDissentingRoles

urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-role

PatientDissentingSubjectIds

urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-subject-id

PatientObjectMasking

urn:oasis:names:tc:xspa:1.0:resource:patient:masked

*New Knowledge Management Repository KMR Constraints

*New Genomic Data Constraints

Identifier

RSA 2010 Demostration

XSPA XACML Profile Version 2.0 (updates in bold)

DiseaseTraits

urn:oasis:names:tc:xspa:2.0:genome:gwas:trait-name

Pending

Interop Test Environment

XSPA Domain A

IP Address: 208.75.163.70

Service Requestor: http://208.75.163.70/XACMLPatientPrivacy

XSPA Domain B

IP Address: 208.75.163.71

Service Provider: http://208.75.163.71/XSPASecurityServices

Test Users

Username: drbob Password: xspa

Username: nursealice Password: xspa

Glassfish Version 2.1

OpenSSO Version 8.0

Centos 5.x

Contact Duane DeCouteau for passwords.

This wiki is powered by MoinMoin.

RSA 2010 Interop (last edited 2010-02-01 20:14:34 by Daniel.Dority)