HIA WG Concall 2010-09-02 Minutes
HIA WG Concall 2010-09-02 Minutes
Date and Time
- Date: Thursday, September 2, 2010
- Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (_[Time Chart|http://timeanddate.com/worldclock/fixedtime.html?month=6&day=3&year=2009&hour=15&min=0&sec=0&p1=0&sort=2]_)
* Dial-In: Skype: +9900827044630912 - North American Dial-In: +1-201-793-9022 - Code: 4630912
Attendees
- Barry Hieb (voting)
- John Fraser (voting)
- Dervla O'Reilly (voting)
- Richard Moore (voting)
- Rich Furr (voting)
- Bob Pinheiro (voting)
- Pete Palmer (voting)
- Dan Combs (voting)
- Laurie Tull (voting)
- Bill Braithwaite (non-voting)
- Joni Brennan (non-voting)
- John McAuly? (not known)
- David Minch (non-voting)
- Mickey Tevelow (non-voting)
- Art Moldavia (non-voting)
- Daniel Bennett (non-voting)
- Dazza Greenwood (non-voting)
- Lara Zimberoff (non-voting)
- Jai ??, MITRE (non-voting) Guest
- Maria Tessipia, MITRE (non-voting) Guest
Apologies
Apologies - None.
We had 9 voting members on the call where we did reach reach quorum.
Agenda
1. Quorum determination
2. Approval of minutes from last meeting
3. Update on the Patient Portal Agreements and funding
4. Discussion on pilot architectural components
a. MITRE trusthub overview with Q&A
b. UMA (User-Managed Access)
c. Patient consent sharing
5. Resources available from the work group membership to help support the eCitizen pilot efforts
Minutes
1. Roll Call and quorum and welcome new attendees
Roll call as above.
Minute taker: Lara Zimberoff.
2. Approve Minutes from previous meeting
Bill Braithwaite motioned to approve the minutes, Rich Furr seconded, minutes approved without objection.
3. Update on the Patient Portal agreements and funding
John Fraser requested a status update from Joni Brennan & Dazza Greenwood
Joni: Signed off on all terms, ready to move forward. Working through issues regarding funding but we’re poised to move forward near term with the project.
Dazza: It looks very positive that the funding will be in place and we can therefore start the project soon.
John: I appreciate all the progress and assistance from Joni and Dazza in getting these agreements through.
4. Discussion on pilot architectural components
Dazza: this is a deeper dive into the technologies we may want to use on the pilot project. This particular discussion is in regards to the Trust Hub. We’ve invited MITRE on the call today to walk us through Trust Hub. Please refer to slides that we distributed.
Jaia introduced herself and Maria from MITRE and provided a brief background: I got into the project when it had already been funded. Funding came from the Department of Homeland Security. One of the deliverables was a proof of concept prototype. There seemed to be a lack of streamlined credential systems, which is how the trust hub came about. Standard physician model attributes are taken from HL7. The web service is a “put-back” (?) service – physician records are retrieved and put into the database. In our particular demo, we have a physician logging into the portal and the authentication is applied to their local database. The owner provides a protected resource for the data. The guest web service comes in when you want to look at additional attributes based on the patient’s consent. We have a website which explains all of this.
Dazza: The website contains all of the code and other good information – I will distribute the link to the group (http://trusthub.sourceforge.net/). I think the diagram and explanation Jaia gave explain the system well at a high level. We need to discuss if this is something we could leverage for our project. Jaia, can you summarize the major components of trust hub again?
Jaia: From the development perspective, these are SOAP calls. Basically, java objects are returned, not xml messages.
Barry: Is this trust hub up and operating? What’s its status?
Jaia: It is up and running
Maria: It’s in prototype mode, not operational
Barry: Who is using it?
Maria: As far as I know, no one is using it yet.
Dazza: The prototype has been created for proof of concept purposes
Maria: it’s not operational in the sense that there are no credentialed users for it, but it is up and running
Dazza: this is licensed under Apache, so no problems from a legal side in terms of applicability, but practically and technically, we need to determine how this is relevant to our work.
John: Is it true that when making a request for are remote resource, SAML assertion is returned?
Jaia: Yes
John: I assume that is signed by a certificate authority. Is SAML assertion then checked against the trust hub?
Jaia: Yes it is
JF: This seems very similar to the Liberty Alliance standard. Was this designed after the Liberty standard?
Jaia: I wouldn’t be able to answer that offhand.
John: Nne of the open source projects that implement the Liberty Standard is Shibboleth, which seems similar to this.
Jaia: Does that architecture include a universal credentialing model?
John: No, the concept of Shibboleth is of a club of federated Shibboleth installations that trust each other from disparate institutions. Have you modeled multiple trust hubs, or just one?
Jaia: One central repository is what is being modeled
Pete: It looks like there’s one directory that everyone uses – is that correct?
Jaia: In the trust hub, yes.
Pete: So instead of federating, is there one LDAP directory with one certification authority that populates the directory, and all the members share the directory/security credentials?
Jaia: That’s correct
Pete: very interesting
John: I’m looking at what semantic web technology is used. There seem to be some additional services around credentialing that are beyond the Liberty Standard.
Dazza: Draw your attention to Higgins base – that’s a very powerful overlay that is being used
John: Do you know how Higgins is used in the service?
Maria: We included the attributes from HL7 and Higgins frameworks that we thought would be relevant
Bill: Can database of attributes cover healthcare entities such as nurses and others besides physicians?
Jaia: I believe so
John: The semantic web piece is an interesting aspect of what has been done here
Barry: To Dazza and Dan – how are these candidates going to be evaluated once the project has started?
Dazza: We need to get more details about that in the project plan. We need to establish a requirement setting and then evaluate based on that. We won’t propose starting evaluation until we determine what that evaluation will be.
Daniel: One thing we’re going to work on in addition to requirements is architecture for all this. The idea is to be as flexible as possible with creating problems.
Dan: This is going to be a big issue in deciding what the design is going to incorporate. It seems that the design needs to be generic and non-technology specific enough to allow for a range of participants. I would imagine Rich is going to have questions about how SAFE will be incorporated.
John: One interesting thing will be contacting people we already know in the space. Various groups such as Google and Microsoft already have customers and identities. It seems to me if we can get those kinds of groups on board and interested in plugging in, we could take our architecture and have it be successful because we use identities of already existing entities. If we have to build different identities from scratch, that doesn’t seem like the right way to go.
??: we need to be able to accommodate multiple kinds of identities based on the type of data being moved. There is room for lots of different players based on the kind of transactions.
Dan: It’s going to be an interesting design process to get to an acceptable document that incorporates a wide variety of ways to conduct these different kinds of transactions
Dazza: Part of the reason we find the trust hub interesting is because it’s open source, and it seems like it’s designed extensively enough that it can be evolved and utilized in broader identity environments. Funding has been set aside by MITRE for eCitizen to work with its engineers.
John: I like Dan’s concept of conversation between different systems. That would focus on high level modeling of “what is an identity?” If we could put the high level semantics together and design a conversation, then we would have specific implementations. Does anybody understand or has anybody been involved with Higgins services?
Dazza: At a legal and policy-level, I have. It’s been intelligently conceived for people like us to be having these conversations at this time. If people think that this may have legs, and questions are crisped up by late September, this has enough merit to be worth a request to work with MITRE to begin to scope this out and get the answers.
Dan: We may want to change the nature of the conversation a bit. The MITRE folks could be a part of the conversation, but focused on MITRE being a credentialing provider and what the interaction is going to be.
??: We need to be thinking about this in 3 dimensions and how the trust hubs are communicating with each other.
John: I’m sensing interest from the group in regards to identity and potentially using the Higgins architecture.
??: Is the eCitizen project definitely going to be using the trust hub?
Dazza: No, that has to be evaluated. However, based on how it looks to me, it seems very relevant.
Pete: We need to have the conversation about centralized and federated identity management and where we want to go from here.
Dan: We can have that conversation again, it seems to me that from a Kantara perspective, that has been decided.
Dazza: The purpose of showing this demo was to allow for dialogue about a heterogeneous identity ecosystem.
5. Resources available from the Work Group membership to help support the program
No specific discussion occurred.
6. Other Business
John Fraser thanked everyone for participating and ended the call.
Next Meeting
- Date: Thursday, September 16, 2010
- Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (_[Time Chart|http://timeanddate.com/worldclock/fixedtime.html?month=6&day=3&year=2009&hour=15&min=0&sec=0&p1=0&sort=2]_)
- Dial-In: Skype: +9900827044630912 - North American Dial-In: +1-201-793-9022
- Code: 4630912