Subject: Federal Register Notice requiring use of XACML by Federal agencies in certain situations
1. Federal Register Notice
Attached is a notice published in the Federal Register announcing the U.S. Secretary of Health and Human Services’ acceptance of Healthcare Information Technology Standards Panel (HITSP) Interoperability Specifications (IS).
IS listed in the Notice require the use of HITSP/TP20 Access Control Transaction Package. TP20 Table 2.3.2-1 cites standards required to implement TP20 and includes (OASIS) eXtensible Access Control Markup Language (XACML), ITU-T Recommendation X.1142.
Once the XSPA profile of XACML becomes an OASIS standard, future a Federal Registry notice is expected to trigger legal obligations to use it within certain U.S. Federal agencies and between those agencies and non-agencies in the areas listed in the Notice (EHR, Emergency Responder, Consumer access, Biosurveillance, etc.).
2. Public review of XSPA Profile
I have continued to reach out to others for technical review of the committee’s XSPA profile of XACML during the public review period, since once accepted as a standard certain Federal agencies will have an obligation to follow it. HITSP is very supportive of this effort and has voted to formally comment on OASIS XSPA profiles during the public comment period.
3. Need for HIMSS Participation
The XSPA profile of XACML will be featured in the OASIS-HITSP Demonstration of TP20 at the HIMSS Showcase in early April. There is still time to participate and we still have room in the booth for more participants.
The HIMSS demonstration is very similar to the XACML TC’s RSA and London InterOps, so it will be easy to demonstrate the profile by those participating in the earlier InterOps. Since we are in the “future directions” area your participation will be technical, not subject to IHE requirements, and provide high visibility to the XACML TC and to your company. The DoD Medical Health Services will be integrated into the demonstration. Please consider participating.