Federated [Organization] RegistryFederated [Organization] Registry

Brief Profile Proposal for 2008/09Brief Profile Proposal for 2008/09presented to thepresented to the

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

J. Caumanns (eCR, Fraunhofer ISST, IHE-D) J. Caumanns (eCR, Fraunhofer ISST, IHE-D) 16 October 200816 October 2008

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

Use Case

Mr. A has been to hospital B for a surgery. After his stay he gets a Mr. A has been to hospital B for a surgery. After his stay he gets a discharge letter for his PCP where the follow-up medication is determined. discharge letter for his PCP where the follow-up medication is determined. On the way to his PCP Mr. A lost the letter in the bus. He asks the PCP to On the way to his PCP Mr. A lost the letter in the bus. He asks the PCP to call the hospital for copy.call the hospital for copy.PCP is calling the directory assistancePCP is calling the directory assistance..

PCP A: PCP A: Hi, this is PCP A: Can you please provide me the number of the Hi, this is PCP A: Can you please provide me the number of the cardiological dept. of hospital B?cardiological dept. of hospital B?

DirAssist: We do not have the numbers of the departments listed. But the DirAssist: We do not have the numbers of the departments listed. But the number of the hospital’s central office is 12345. Should I connect number of the hospital’s central office is 12345. Should I connect you?you?

PCP: PCP: Yes please.Yes please.Hospital: Hospital: Hospital B. What can I do for you?Hospital B. What can I do for you?PCP: PCP: Could you please give me the number of the cardiological dept.?Could you please give me the number of the cardiological dept.?

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

Use Case

Hospital: Hospital: The phone number is 123456. But for technical reasons I cannot The phone number is 123456. But for technical reasons I cannot connect you.connect you.

PCP is dialing 123456.PCP is dialing 123456.

CardDept: Hospital B. Cardiological dept. Can I help you?CardDept: Hospital B. Cardiological dept. Can I help you?PCP: PCP: Yes please. My name is PCP X and I’m here with Mr. A who lost Yes please. My name is PCP X and I’m here with Mr. A who lost

his discharge letter in the bus. Could you please send me a copy his discharge letter in the bus. Could you please send me a copy by fax? by fax?

CardDept:No Problem. Please give me your name and fax number.CardDept:No Problem. Please give me your name and fax number.PCP: PCP: My name is PCP X and my fax number is 444. Thank you.My name is PCP X and my fax number is 444. Thank you.

2 minutes later the discharge letter arrives by fax. 2 minutes later the discharge letter arrives by fax. The PCP prescribes the medicine as stated in the discharge letter.The PCP prescribes the medicine as stated in the discharge letter.

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

The Problem

• Directory lookups and identity information exchanged in the Directory lookups and identity information exchanged in the use case:use case:– PCP X calling the directory assistancePCP X calling the directory assistance– Directory assistance looking up the phone number [identity Directory assistance looking up the phone number [identity

attribute] of Hospital Battribute] of Hospital B– Hospital B looking up the phone number [identity attribute] of the Hospital B looking up the phone number [identity attribute] of the

cardiologic department.cardiologic department.– Cardiologic department asking for name and fax number [identity Cardiologic department asking for name and fax number [identity

attributes] of PCP Xattributes] of PCP X

• Shifting this scenario into the digital age would require Shifting this scenario into the digital age would require comparable lookup services and mechanisms for the comparable lookup services and mechanisms for the exchange of identity information exchange of identity information

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

Use Case (continued)

Two days later Mr. A dies from a contraindication caused by Two days later Mr. A dies from a contraindication caused by the medicine PCP X gave him. During their investigation the the medicine PCP X gave him. During their investigation the police finds out that the cardiologic department of hospital B police finds out that the cardiologic department of hospital B never sent a fax to PCP X. never sent a fax to PCP X.

It is possible for an intruder to do a man-in-the-middle attack It is possible for an intruder to do a man-in-the-middle attack with this scenario because PCP X had no easy way to with this scenario because PCP X had no easy way to authenticate his communication partners and to verify the authenticate his communication partners and to verify the accuracy of the identity and directory information exchanged.accuracy of the identity and directory information exchanged.

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

Conclusion

• Incompliant directory services using different trust models Incompliant directory services using different trust models make it hard to verify the authenticity of the service and the make it hard to verify the authenticity of the service and the data provided.data provided.

• Missing directory services make it impossible to establish a Missing directory services make it impossible to establish a trusted communication with partners only known by name.trusted communication with partners only known by name.

• -> a unique model for trust establishment is required -> a unique model for trust establishment is required • -> an operational model is needed that allows for a high -> an operational model is needed that allows for a high

accuracy of the directory dataaccuracy of the directory data• -> the authenticity of the entry point for a chain of directory -> the authenticity of the entry point for a chain of directory

queries must be verifiable with local data only queries must be verifiable with local data only

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

Federated Directory Services

OrgDir

OrgDir

Affinity Domain

OrgDir

Affinity Domain

Affinity Domain

ATNA, WS*, ...FDS

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

Proposed Standards & Systems

• The proposed profile should use existing directory The proposed profile should use existing directory standards (i. e. LDAP)standards (i. e. LDAP)

• RFC 2798 is a good basis for the registry data setRFC 2798 is a good basis for the registry data set• Entity Identification Service (Service Functional Model Entity Identification Service (Service Functional Model

Specification) + OMG Spec.Specification) + OMG Spec.• The use of DSML and/or SPML should be consideredThe use of DSML and/or SPML should be considered• Federation and trust establishment/brokerage should be Federation and trust establishment/brokerage should be

based on the respective WS* standards (e. g. using the based on the respective WS* standards (e. g. using the recommendations of the HL7 v3 transport specification)recommendations of the HL7 v3 transport specification)

IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee

Discussion

• Level of effort:Level of effort:– mediummedium

• Profile Editor:Profile Editor:– Ben Kraufmann, Olaf Rode (Fraunhofer ISST, eCR Consortium)Ben Kraufmann, Olaf Rode (Fraunhofer ISST, eCR Consortium)– Members from IHE Germany, IHE Austria, and eCR industry Members from IHE Germany, IHE Austria, and eCR industry

partnerspartners