Search This Blog

Tuesday, April 8, 2008

XACML Interoperability Demo for Health Care Scenario

At the RSA 2008 Conference, members of the OASIS open standards
consortium, in cooperation with the Health Information Technologies
Standards Panel (HITSP), demonstrated interoperability of the
Extensible Access Control Markup Language (XACML) version 2.0.
Simulating a real world scenario provided by the U.S. Department of
Veterans Affairs, the demo showed how XACML ensures successful
authorization decision requests and the exchange of authorization
policies. The XACML Interop at the RSA 2008 conference utilizes
requirements from Health Level Seven (HL7), ASTM International, and
the American National Standards Institute (ANSI). The demo features
role-based access control (RBAC), privacy protections, structured
and functional roles, consent codes, emergency overrides and filtering
of sensitive data. Vendors show how XACML obligations can provide
capabilities in the policy decision making process. The use of XACML
obligations and identity providers using the Security Assertion
Markup Language (SAML) are also highlighted. According to the
ANSI/HITSP announcement, the multi-vendor demonstrations "highlight
the use of OASIS standards in HITSP-approved guidelines, known as
'constructs,' to meet healthcare security and privacy needs. The
Panel's security and privacy specifications address common data
protection issues in a broad range of subject areas, including
electronic delivery of lab results to a clinician, medication workflow
for providers and patients, quality, and consumer empowerment. HITSP
is a multi-stakeholder coordinating body designed to provide the
process within which affected parties can identify, select, and
harmonize standards for communicating health care information throughout
the health care spectrum. As mandated by the U.S. Department of Health
and Human Services (HHS), the Panel's work supports Use Cases defined
by the American Heath Information Community (AHIC). 'This is the first
time the RSA Conference will highlight in an Interop demo the healthcare
scenario, the Electronic Health Records (EHR), and associated
interoperable terminologies of clinical roles, patient consent
directives, obligations, and business logic,' said John (Mike) Davis,
standards architect with the VHA Office of Information in the Department
of Veterans Affairs, and a member of the HITSP Security, Privacy and
Infrastructure Technical Committee."

3 comments:

el cabo said...
This comment has been removed by the author.
Dakuro said...

I enjoyed following the whole entry, I always thought one of the main things to count when you write a blog is learning how to complement the ideas with images, that's exploiting at the maximum the possibilities of a Generic Viagra! Good work on this entry!

STC Technologies said...

STC Technologies provide the perfect coaching in this business.STC Technologies