RE: [ihc] SAML 2.0 and IHE/XDS?

["David RR Webber \(XML\)" <david@drrw.info>]

John,

 

Your feedback is very encouraging. 

 

The challenge is that very factor of short-term expedience negating the benefits of the longterm standards-based approach.

 

The quick fix not fully paving the way for the wider needs - and ending up costing double time.

 

The sheer scale of everything makes the challenging of communicating and getting the message out there to all participants tough too.

 

Look forward to more on the progress with IHE/XDS in due course.

 

Thanks, DW

-------- Original Message --------
Subject: RE: [ihc] SAML 2.0 and IHE/XDS?
From: "Moehrke, John (GE Healthcare)" <John.Moehrke@med.ge.com>
Date: Sun, February 19, 2006 11:38 pm
To: "David RR Webber (XML)" <david@drrw.info>,
<ihc@lists.oasis-open.org>

IHE (http://www.ihe.net) is trying hard to add Federated ID to it's cross-enterprise healthcare profiles. XDS is the major one at this time, but there are other support profiles as well. I am the editor of this work within the IHE. This effort will be closely watching WS-SX and WS-I to do the profiling of the use of SAML 2.0 Assertions use within Web-Services.  This year we are adjusting our healthcare specific transactions to fit nicer on Web-Services. My hope is that healthcare will have no special needs and thus will simply be able to point at WS-I for the basic web-services profile as well as basic security with Federated ID.  Our biggest problem is time as the USA government as well as other governments around the world are calling for regional sharing of medical information. This urgency is at a breakneck pace that I hope doesn't require healthcare to do anything drastic.

 

I welcome any assistance that this community can provide, including giving me strong evidence that I am miss understanding the standards and market space.

 

John Moehrke
Enterprise Security Architect
GE Healthcare
T 262 293 1667
W126 N7449 Flint Road, Suite 200, Menomonee Falls, WI 53051
John.Moehrke@med.ge.com
www.gehealthcare.com
What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.  (One Portion of the Hippocratic Oath - Hippocrates, circa 400 B.C.)

 

 

---

From: David RR Webber (XML) [mailto:david@drrw.info]
Sent: Thursday, February 16, 2006 7:17 AM
To: ihc@lists.oasis-open.org
Subject: [ihc] SAML 2.0 and IHE/XDS?

Does anyone know how - and if at all - this fits with IHE/XDS ?
 
DW
========================================================
Ping Identity and MedCommons Use SAML 2.0 for Electronic Health Record
Access
Staff, Ping Identity Announcement
Ping Identity and MedCommons have announced a partnership to develop
secure, standards-based, single sign-on solutions for multi-location
electronic health record access and storage. Both Ping Identity and
MedCommons are committed to SAML 2.0 as the standard of choice for
secure authentication precisely because it provides for the convergence
of non-interoperable standards that support Web SSO. After significant
testing of alternative providers, MedCommons determined that
PingFederate Version 3 was the easiest SAML 2.0 product to acquire,
install, configure, integrate, and deploy. MedCommons quickly integrated
PingFederate v3 into their medical data network and secure storage
solution, enabling Web SSO using SAML 2.0. "Ping Identity's products and
services help organizations easily and cost effectively bridge security
domains across partner, supplier and customer organizations by providing
secure Web SSO. MedCommons has developed the first standards-based
system capable of communicating with and transferring image and
non-image data among Personal Health Records, Electronic Health Records
(EHR) and national healthcare IT systems."
http://xml.coverpages.org/PingMedCommons200602.html
See also the PingTrust announcement: http://www.pingidentity.com/news/show/119