Single Sign-On for Professionals & Patients

Phil Stradling

Best use of web service standards

In particular:

– WS-Security and WS-Trust that are already in use in government.

– WS-Federation for single sign-on.

– WS-Addressing and WS-ReliableMessaging for messaging across the NHS estate.

HL7 Web Service Profiles

• Submitted to ballot process last month• First review by HL7 UK next week• 3 draft profiles submitted for:

– WS-Addressing– WS-Security– WS-ReliableMessaging

• Build on basic profile for SOAP

Federated Identity Management

• Enable each organization to:– Act as an authority for the identities it manages– Make verifiable assertions about those identities

• Build bridges of trust between “organizational islands” so they:– Choose whom they trust– Control how much they trust– Manage only their own internal identities – Use their own internal protocols

Standards-based technology & processes to enableidentification, authentication, and authorization across

organizational and platform boundaries

LSP

DMZ

MHS

Integration Hub

Federation Server

Directory

Secure Connection

Logon

Transact

Transact

Transact

SAML token

MHS

Maternity Radiology PAS

MHS

Spine

Web Apps

Message =

HL7 Schema +

HL7 WS Headers

NHS Net

Internal Network

Trust

HL7 v2 / v3

Dir CA SSB

Web Apps

Professional

Logical SSO Architecture

LSP

DMZ

Indigo

Biztalk

ADFS

AD

ISA

Logon

Transact

Transact

Transact

SAML token

MHS

Maternity Radiology PAS

MHS

Spine

Web Apps

Message =

HL7 Schema +

HL7 WS Headers

NHS Net

Internal Network

Trust

HL7 v2 / v3

Dir CA SSB

Web Apps

Professional

Product Mapping

LSP

Government Gateway

Transaction Engine (MHS)A&A

Secure Conex

Logon

View/Transact

SAML token

MHS

NHS Direct Healthspace

Care Pathways

GP

MHS

Spine

Web Apps

Web Apps

Messages =

HL7 Schema +

HL7 WS Headers

Internet/

NHS Net

Patient facing sites, eg:

Patient E-Services using Government Gateway

PatientAccess to NASP & LSP web services