OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

egov-ms message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [egov-ms] Groups - Provisional 2008 Work Plan [New Proposed Standard for 2009]



In 2007 I suggested the e-gov MS support the development of a standard for the exchange of health information (below) as part of their effort to promote interoperability frameworks.  This effort was discussed at the May 2008 e-gov member section meeting and the MS recommended that a new TC should be formed outside the e-gov MS for this activity.


I am pleased to announce that the Cross-enterprise Security and Privacy Authorization (XSPA) TC has submitted two profiles for consideration as OASIS standards and I am requesting that the organizations involved in the e-gov MS support this effort.  The proposed standards are now in the familiarization process, voting begins October 15. I would be happy to discuss the relevance of these standards to any member of the MS at their convenience.


An XSPA demonstration of sharing health records between two government agencies using the two proposed standards was done at the HIMSS09 conference.  The resulting reference implementation has been adopted by the (US domain) NHIN Connect effort.  The proposed standards have been technically validated and have the support of the XACML and SSTC (SAML) TCs.


Thank you for your encouragement at our 2007 meeting, the product of this timely work should be valuable to members of e-gov MS in promoting an international standards-based approach to the exchange of health records.


Approval of an OASIS standard is based on one vote per organization.  Many of the organizations in the e-gov MS may not typically participate in votes on standards from the XACML and SSTC TCs.  That makes your vote even more significant in achieving the organizational votes required to approve this work as an OASIS standard.  Thank you for your support.




David Staggs, JD, CISSP (SAIC)

Veterans Health Administration

Chief Health Informatics Office

Emerging Health Technologies


Colin, I now agree with your comment "heading into standards territory is not for the faint-hearted (in your 12/19/07 message, below)."


-----Original Message-----

From: Staggs, David (SAIC)

Sent: Thursday, December 20, 2007 12:09 AM

To: 'Colin.Wallis@ssc.govt.nz'; Carol.Cosgrove-Sacks@oasis-open.org

Cc: egov-ms@lists.oasis-open.org; Davis, John M.; jamie.clark@oasis-open.org; pim.vandereijk@oasis-open.org

Subject: RE: [egov-ms] Groups - Provisional 2008 Work Plan (eGMS provisional 2008 Work Plan071218.doc) uploaded


Dear Colin


Thank you for your kind comment, if the egov MS is not allowed to ballot a profile to standard then can the egov MS set up a TC to do so? 


I am asking for the help of the egov MS because OASIS announced that the MS would promote interoperability frameworks.


The VA's goal is to ballot a Cross-Enterprise Security and Privacy Authorization profile so that the ANSI Health Information Technology Standards Panel (HITSP) can cite it in support of the American Health Information Community (AHIC) use cases as mandated by the U.S. Department of Health and Human Services (HHS).  This would serve as the basis of a mandated interoperability framework for government healthcare and provides OASIS with the chance to play a prominent role in government healthcare interoperability frameworks.


Concurrently, the XACML TC has accepted the challenge to address Cross-Enterprise Security and Privacy Authorization by agreeing to develop an InterOp between at least seven vendors that will be shown at the 2008 RSA Security Conference April 7-11 in San Francisco.  Some of the guidance you mentioned in the authorization sphere will come from the consensus reached in preparation for the RSA InterOp.


In addition, I have been reaching out to privacy advocates through Health Level Seven (HL7) to address the medical privacy sphere. Indeed, the general outline of the profile has been suggested by HITSP when the gap in standards was uncovered.  So we can expect guidance from several organizations and some members may join the TC to help push the profile through the standards track.


As far as resources, the VA will commit people to write and test the profile developed by the proposed TC.  I just pushed through a standard (ANSI E-2596 standard on Privilege Management Infrastructure) and have three documents being balloted this session in HL7, so I have experience in developing standards.  We also have a Security Integration laboratory that is available to take on the development and test of the profile. 


I had originally asked IHE to address this standards gap last October but they only take 7 profiles a year and their plate was full. This is a great opportunity for OASIS to step in if they want the challenge.  I will recruit additional TC members and raise awareness of the effort at HL7, ANSI, HITSP as well as the OASIS TCs that I serve on (XACML, SAML, and WS-Federation).


Unfortunately, the HITSP effort needs this profile to complete its work properly.  So waiting to 2009 to start up a TC would be infeasible.


Anyway, perhaps the steps I have outlined above meet the constraints in the later part of your comment.  I look forward to reading your future comments and hopefully exploring with the egov MS a way forward to developing this important profile in government healthcare interoperability. I appreciate your thoughts on the subject and look forward to working with you in the future.


Best regards,


David Staggs, JD, CISSP (SAIC)

Veterans Health Administration

Chief Health Informatics Office

Emerging Health Technologies


-----Original Message-----

From: Colin.Wallis@ssc.govt.nz [mailto:Colin.Wallis@ssc.govt.nz]

Sent: Wednesday, December 19, 2007 5:06 PM

To: Carol.Cosgrove-Sacks@oasis-open.org; Staggs, David (SAIC)

Cc: egov-ms@lists.oasis-open.org; Davis, John M.; jamie.clark@oasis-open.org; pim.vandereijk@oasis-open.org

Subject: RE: [egov-ms] Groups - Provisional 2008 Work Plan (eGMS provisional 2008 Work Plan071218.doc) uploaded



Heading into standards territory is not for the faint-hearted and does

need a TC set up, which we are not. We (eGov) have just come from there

and know the trials and tribulations.


David, if I were you I'd 'walk before you run'. Develop guidance, get it

accepted as best practice and once you are confident you have a whole

heap of motivated people to push this through standards track, open up a

TC, maybe early 2009.






-----Original Message-----

From: Carol Cosgrove-Sacks [mailto:Carol.Cosgrove-Sacks@oasis-open.org]

Sent: Thursday, 20 December 2007 8:48 a.m.

To: Staggs, David (SAIC)

Cc: egov-ms@lists.oasis-open.org; Davis, John M.; 'James Bryce Clark';

Pim van der Eijk

Subject: Re: [egov-ms] Groups - Provisional 2008 Work Plan (eGMS

provisional 2008 Work Plan071218.doc) uploaded


Thanks David. This is an interesting proposition.


We will need to have feedback, especially from the Steering Committee.

But there seems no doubt that health is a very significant item of

public sector expenditure and a major focus of ICT applications within

the general context of eGovernment.


There could be a case for proposing an OASIS Technical Committee to

develop these standards, but affiliated to the Member Section. and

working in an integrated way.


Thank you for putting this on the table for discussion.

Best wishes,





Staggs, David (SAIC) wrote:


>Dear Colleagues


>The proposed provisional Work Plan for 2008 has covers a challenging

>breadth of work products and I think the plan nicely supports the

>egov-ms vision statement.  I would suggest expanding Goal 2 from

>developing eGovernment guidelines to also publishing eGovernment

>standards.  As you may recall in an earlier e-mail, in the ANSI Health

>Information Technology Standards Panel (HITSP) and the international

>organization Integrating the Healthcare Enterprise (IHE) have

>identified a standards gap in the area of Cross-Enterprise Security and


>Privacy Authorization within government healthcare.


>Since this profile needs to be created, balloted and published by a

>standards group (and it involves a blend of OASIS standards such as

>WS-Federation, SAML and XACML) I propose expanding the provisional Work


>Plan for 2008 to include publishing such a standard.


>Best regards,



>David Staggs, JD, CISSP (SAIC)

>Veterans Health Administration

>Chief Health Informatics Office

>Emerging Health Technologies

>-----Original Message-----

>From: carol.cosgrove-sacks@oasis-open.org


>Sent: Tuesday, December 18, 2007 9:06 AM

>To: egov-ms@lists.oasis-open.org

>Subject: [egov-ms] Groups - Provisional 2008 Work Plan (eGMS


>2008 Work Plan071218.doc) uploaded


>Please see the provisional Work Plan for 2008.


> -- Dr. Carol Cosgrove-Sacks


>The document named Provisional 2008 Work Plan (eGMS provisional 2008


>Plan071218.doc) has been submitted by Dr. Carol Cosgrove-Sacks to the

>OASIS eGovernment Member Section document repository.


>Document Description:

>This brief document sets out the main priorities for the eGMS for 2008

>- comments and feedback welcomed.



>View Document Details:





>Download Document: 


>/ eGMS%20provisional%202008%20Work%20Plan071218.doc



>PLEASE NOTE:  If the above links do not work for you, your email

>application may be breaking the link into two pieces.  You may be able

>to copy and paste the entire link address into the address field of

>your web browser.


>-OASIS Open Administration




To unsubscribe from this mail list, you must leave the OASIS TC that

generates this mail.  You may a link to this group and all your TCs in





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]