180 likes | 297 Views
A Federation of Web Services. For Danish Health Care IDTrust 2008. Kåre Kjelstrøm, kkj silverbullet.dk. @. The Danish Health Sector . Hospital Doctor. Many systems Many computers Doctors Nurses. Exchange Information. Caregiver. Few systems PDA access. Web access to own data.
E N D
A Federation of Web Services For Danish Health Care IDTrust 2008 Kåre Kjelstrøm, kkj silverbullet.dk @
The Danish Health Sector Hospital Doctor Many systems Many computers Doctors Nurses Exchange Information Caregiver Few systems PDA access Web access to own data Single system Doctor Secretary General Practitioner Patient
Requirements:Privacy vs. Safety Health Confidentiality Authentication & Authorization Records Emergency Access Record Activity
Requirements:Availability New work routines based on IT Redundancy Of systems Redundancy of lines Only loose dependency!
Requirements:Single-Signon Often multiple logins to multiple systems multiple times a day Login Login SSO Login Reduce number of logins to external systems!
Requirements: Preconditions National PKI infrastructure with SSN lookup Health care network (VPN) Existing specifications and profiles Rich non-browser clients
High Level Proposal: SOSIService-Oriented System Integration GP Hospital Security Token Service (STS) Nursing Home Central National Services Message integrity thru PKI Signatures on SAML tokens and body data SOAP Web Services Confidentiality & Integrity protected VPN Network SAML 2.0 assertions as security tokens Federation of Trust Existing Infrastructure Client initiated SSO
ID card: SAML Security Token Embedded into every SOAP message header SOSI IDCard Version: 1.0 ID: QYZ1234 Valid: 10/25-2008 - 10/26/2008 Issuer: EPJQ 3.0 Type: User Offline verifiable credentials (signature) System: EPJQ 3.0 Organization: Region X Organization ID: 1234 Identifies person or system Owner: S.Miley AuthorizationCode: 5678 Role: Surgeon SSN: 0101121234 Email: s.miley@abc.dkOccupation: Doctor Contains “core” attributes
Timeout Maximum ID card lifetime: 24 hours Authorization by service provider Service provider decides timeout level Based on risk analysis SOSI ID-Kort Version: 1.0 ID: QYZ1234 Gyldig: 25/10-2006 - 26/10/2006 Udsteder: EPJQ 3.0 Type: User System: EPJQ 3.0 Organisation: Region X Organisation ID: 1234 Indehaver: S.Miley Autorisationsnr: 5678 Rolle: Kirurg CPR: 0101121234 Email: s.miley@abc.dkStilling: Læge • IDCard Valid? • IDCard ”fresh” enough? • Person authorized?
Trail Blazer: Medicines Information GP Hospital Receive patient: Fetch data Receive patient: Fetch data Discharge patient: Upload data Issue Receipt: Upload data Web Services at the Danish Medicines Agency
STS Performance Verification and signing of 12.000 ID cards in 24 hours A maximum continuous throughput (MCT) of 1500 ID cards / hour, with a peak of 10 simultaneous ID card requests. Mean response times < 2 seconds at MCT 95% response times < 5 seconds at MCT 99% response times < 10 seconds at MCT
Implementing SOSI? SAML? COTS? SOAP? XML Signature? Cost? STS & WS-Trust? Integrate with legacy system? IDCards? Revocation Lists PKI?
Lowering the Threshold Code Libraries Support Organizations .NET library Java library Technical Support Center Toolkits Contract First WSDL Engineer .NET code gen MedCom Web Service Test Center Security Gateway
Looking Forward Partially verified IDCards? Biometrics, RFID, Near Field Identification? ”Break the glass” solution: Heightened control Alternatives from National IT- and Telecom Agency? Liberty ID-WSF 2.0 a replacement? Service governance
Summary Federation of health care systems using SOAP web services, SAML and WS-Trust Single-Sign-On to Web Services within the national federation / trust domain. Reduction of impact of unavailability of services. Reduction of the effort that WSCs and WSPs must put into implementing web services. High performance architecture where the number of requests/messages is minimized. Transparency and flexibility through the use of Open Source licensed tools and products. Reuse of existing infrastructure. The design reuses existing infrastructure for establishing secure channels that takes care of confidentiality and stream integrity and prevents known cryptographic attacks
? Questions