[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: XSPA profile of WS-Trust attached for final comments by this TC
|
Some Microsoft colleagues and myself have reviewed this
document. We don’t have any feedback concerning the document’s
description of its usage of WS-Trust. In particular we did not identify
anything we would cite as an error. We do feel that the title does not
accurately reflect the content of the document as it does not seem to actually
“profile” the usage of WS-Trust, e.g. it does not specify specific
bindings or restrict the usage of the protocol. Instead the documents reads
more like an architectural description of the usage of WS-Trust for your
scenario. We think the title “XSPA WS-Trust Architecture for
Healthcare” would be more representative of the document’s content. We do have two additional
comments about the architecture described in the document. 1) While from a purely
architectural perspective it is possible to position a single Access Control
Service between the IP and RP components, in practice it would be an unusual
security topology for them to share a single service. 2) While it is possible to
construct the STSs and Access Control Service (it uses to make a claims
issuance policy decision) as separate services, in practice it would provide
better performance and simpler management to combine the issuance policy engine
with the STS. From: Staggs, David
(SAIC) [mailto:David.Staggs@va.gov] Colleagues I
am attaching the current version of the XSPA profile of WS-Trust for
comment. This profile will be submitted to XSPA TC as a committee
draft. Please review and provide comments so that the XSPA TC starts out
with a sound document. You
are cordially invited to join us in the XSPA TC. Vendors capable of
demonstrating the WS-Trust profile are needed at the HIMSS conference in two
months. Ancillary software is complete, we just need vendors to plug in
and demonstrate the exchange at the nation’s largest healthcare vendor
conference April 3 in Chicago. DoD Medical Health Services and the VA
will act as medical record providers accessed through a custom application
created for this demonstration. The
resulting profile will be provided to HITSP and ultimately to the Secretary of
Health for use by certain U.S. Federal agencies and between those agencies and
non-agencies. Please contribute to this important effort. Regards David
Staggs David
Staggs, JD, CISSP (SAIC) |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]