Upload
clyde-watson
View
214
Download
0
Embed Size (px)
Citation preview
S&I Framework
Architecture Refinement & Management (ARM)01/07/2013
Trust Bundle SWG Background
Direct Scalable Trust Forum organized by ONC in November 2012 in Washington D.C to discuss “Scalable Trust” and wide spread adoption of Direct.
• Outcomes from the forum
• Start a WG to define/refine a package of requirements that will limit/avoid the need for HISP to HISP agreements
• Start a WG to determine what has to be done “In the Meantime”
• Standardize Trust Bundle distribution for Direct which can then be automated• Scope:
• Distribute Direct Trust Bundles within and between Trust Communities.• Collaborate with Trust Communities to pilot the Implementation Guide.• Refine the Implementation Guide based on feedback from the pilots.
• Out of Scope: • Trust Anchor management policies (Addition/Removal/Modification etc) within a Trust
Bundle.• Business Processes and/or Governance of the Trust Community or any of the
organizations participating in the Trust Community.
Trust Bundle SWG Timeline1/31/201312/31/2012 2/28/2013 3/31/2013 4/30/2013
Trust Bundle SWG kickoff
Finalize Technical Approach (Leverage work performed by ABBI, DirectTrust, WSC, NSTIC pilots etc.)
Develop Implementation Guide
Pilot Implementation Guide
Refine Implementation Guide
Proof of Concept
Implementation Guide Consensus
Trust Bundle Distribution Context
Trust Community: Trust Communities are formed by organizations electing to follow a common set of policies and processes related to health information exchange. Examples of these policies are identity proofing policies, certificate management policies, HIPAA compliance processes etc.
Trust Community Profile: A Trust Community can create multiple sets of policies and processes and enforce these sets of policies on selected organizations who want to conform. For e.g A Trust Community can create a set of policies and processes which organizations have to conform to for regular treatment related use cases, a different set of policies and processes that organizations have to conform to for Behavioral Health related use cases and so on. These sets of policies and processes are called as Trust Community Profiles. The word “Profile” indicates a set of policies and processes.
Trust Bundle: Trust Bundle is a collection of Direct Trust Anchors within a Trust Community that conform to a Trust Community Profile. Trust Anchor’s of member organizations who have elected to conform to a Trust Community Profile are included in the Trust Bundle for that particular Trust Community Profile. Some examples of Trust Bundles conforming to different Trust Community Profiles are:• A Trust Bundle could have Trust Anchors that conform to NIST Level of Assurance 3 • A Trust Bundle could have Trust Anchors that are FBCA Cross-certified at Medium Level of Assurance.
Trust Bundle Distribution Context
Trust Bundle Requestor
Trust Bundle Publisher
Trust Bundle Requestor: A Trust Bundle Requestor is an entity (person, software system, Direct STA etc) that requests a Trust Bundle from a Trust Bundle Publisher.
Trust Bundle Publisher: A Trust Bundle Publisher is an entity that publishes one ore more Trust Bundles for a Trust Community.
The focus of the implementation guide is to detail the technical standards, protocols and content that will be used to implement the two transactions identified in the above diagram
• Requesting a Trust Bundle and• Receiving a Trust Bundle
1. Request Trust Bundle
2. Receive Trust Bundle
Trust Bundle Distribution IG
• http://wiki.directproject.org/file/view/Implementation%20Guide%20for%20Direct%20Project%20Trust%20Bundle%20Distribution_v0.7.docx/408482894/Implementation%20Guide%20for%20Direct%20Project%20Trust%20Bundle%20Distribution_v0.7.docx