OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xspa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xspa] Comments for XSPA 2.0 SAML profile

Hi, 


Il giorno 15/giu/2012, alle ore 21:01, Duane Decouteau ha scritto:

> 1. The NwHIN Authorization guide specifies the use of a pseudo ­ xspa
> subject id attribute of "urn:oasis:names:tc:xspa:1.0:subject:subject-id"
> instead of using the XACML subject-id as called out in the XSPA 1.0 and
> 2.0 draft. Should we care?
> 
> ****Don't care
> 

This error came from earlier draft of XSPA that was mandating this 
endpoint. IHE XUA++ was following the typo of NwHIN, but it has 
been corrected. So I suppose NwHIN will correct this typo too. 
EU epSOS is using the correct name. (Although is funny: the attributes
is named subject-id, but in fact, it is not an id, just the human
readable name).
  
> 2. The NwHIN Authorization gude specifies the use of a structured HL7 type
> as the attribute value for the purpose of use and role attributes. We
> decided to reference other sources for the value of these attributes, but
> should we copy the concept of a coded type or just leave the value lacking
> the notion of a code system? The commonly accepted health care IT practice
> when it comes to standards seems to prefer using coded or strongly typed
> values, so I advocate a similar approach for consistency sake.
> 
> ***Does the community plan to write policy based on a attributes code, codeSystem, codeSystemName, not sure this complexity would help implementors.


I see that as an misunderstanding by the NwHIN (and thus IHE XUA++) specs: XSPA defines
to have string-based roles, thus element-based roles are a violation of the standard. 
Either XSPA relaxes the dataType or NwHIN has to change the name. 

I agree with you, Michael: the usual way to encode a value in healthcare IT is
through coded values, since they have a precise semantics, thus guaranteeing 
interoperability.

Maybe coded values can be took into account for XSPA 2.0? I see the fact to use
either string or elements is a big opportunity for XSPA. 

Ciao, 

	Massi




--
Massimiliano Masi - http://www.mascanc.net/~max

Tiani "Spirit" GmbH
Guglgasse 6
Gasometer A
1110 Vienna
Austria/Europe

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]