PASS—Privacy, Security and Access Services
Don Jorgenson
Introduction to Security and Privacy Educational Session
HL7 WG Meeting- Sept. 2012
HL7 PASS Concept Diagram 0.1
HL7 PASS Concept Diagram 0.1
Candidate Access Control Logical Architectures
Access Enforcement
Access Enforcement
Policy Decision Service
Policy Decision Service
Access Coordination
Access Coordination
9. Decision Factors 8. Decision Rules
3. Return Authentication Token
2. Request Authentication Status
6. Request Resource 11. Request Resource
13. Resource (if Permit) 12. Resource
Identity ProviderIdentity Provider
1. Request Resource
14. Resource
5. Return Project Credential
4. Request Project Credential
hGrid 2.0 ProjecthGrid 2.0 Project
10. Return Decision Token:Deny, or Permit, or Permit with Provisions
7. Resource Access Decision Requested
Policy Enforcement Flow
Information Flow
1
1
2
3
2
1
2 Secure Message- hGrid profile of WS-Security
SAML - hGrid profile of SAML
WS-Trust - hGrid profile of WS-Trust
Encryption - FIPS 140-2 validated encryption
XACML - hGrid profile of XACML
HL7 PASS Access DSTU
21
Radiologist Workstation
Audit Service – IMS
Image Analysis Service (IMS)
Image Data Service (IDS)
Authentication Service
Trust MessageInfrastructure
Trust Infrastructure
1
1c 1
Request
Image/Data
1b
Privacy
Policies
1
1b
Authorization Service – IDS
2
Authorization
Policies
Authorization Service – IMS
1b
2
1a
SSO Log In
SSO Log In
1a
1c 1
1c 1
1 2
1
1 2
21
1 21
1
1
21
1
1b
1a
1a
1b
1a
1b
1a
1b
1a
1
Access Privacy
Access«PEP» «PEP»
Audit Service – IDS
Request
Image/Data
2
21
2
2
Trust Token Flow
1a1a1a 1b1b1b1b
1c 1
1111111 222222
1 2
2
Authentication Trust Token
AuthenticationTrust Token- Delegated
Authorization Trust Token
Audit Trust Token-Secure protocol
Representitive Use Case
“This sharing is, necessarily, highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs. A set of individuals and/or institutions defined by such sharing rules form what we call a virtual organization (VO).”
--Foster el al in “The Anatomy of the Grid”
Security, Privacy and Grid Computing
Access EnforcementResourceResource
Access Requirements
Access Requirements
Trusted Information Source
Trusted Information Source
requires
Access Enforcement
Access Enforcement
provides
requires access to protects
is a kind of
authorizes
Access PolicyAccess Policy
drives
Virtual HIN (vHIN)
Virtual HIN (vHIN)
Resource AuthorityResource Authority
authenticates to
managed by
defines policydefines
specifies
uses
is a kind of
Access Decision Information
Access Decision Information
Access Policy Decision
Access Policy Decision
RequestorRequestor
Identity ProviderIdentity Provider
Virtual Organization
(VO)
Virtual Organization
(VO)
Security/Privacy Framework—vHIN-based
6. Request
8. Resource (if Permit)Resource
Decision Factor 2
5. Decision
Decision Factor 1
Policy 1
Policy 2
Decision Factor n Policy m
2. RequestDecision
Policy Information Service
Policy Information Service
«PIP»
3. Request Decision Information
4. Decision Information
Policy Decision Service
Policy Decision Service
«PDP»
Policy Enforcement Agent
Policy Enforcement Agent
«PEP»«access»
7. Response
1. Request Resource
Access DecisionPolicySources may include:
Jurisdictions-
National
State
Organization (custodial)
hGrid 2.0 VO
Consumer-
Patient
Delegate
Patient-
Privacy Preferences
Access DecisionInformationFactors may include:
Requestor-
Identity
Organization
Role
Purpose of request
Time of request
Privacy Preferences
Policy Decisions (remote)
Resource-
Attributes
Policy Decision Rules reference Decision Information
Security, Privacy and Governance
6. Deliver CCD
. Consent Not GrantedRI State HIE
Decision
HIPAA
RI
PatientRequestDecision
Policy Information Service
Policy Information Service
«PIP»
Request Decision Information
Decision Information
Policy Decision Service
Policy Decision Service
«PDP»
Direct Enforcement Agent
Direct Enforcement Agent
«PEP»1. CCD Submitted
Access DecisionPolicySources may include:
Jurisdictions-
Federal
State
Organization (custodial)
RIQI
Consumer-
Patient
Patient-
Privacy Preferences
Access DecisionInformationFactors may include:
Requestor-
Identity
Organization
Role
Purpose of request
Time of request
Privacy Preferences
Policy Decisions (remote)
Resource-
Attributes
Policy Decision Rules reference Decision Information
Rhode Island Consent Gateway
Identity Proofed to NIST Level 3
Covered Entity?
RITC Membership?
Patient Consented?
Provider DSP Agreement Executed
Provider BA Agreement Executed
ConsentEnforcement Agent
ConsentEnforcement Agent
«PEP»
X.509Cert
IntermediaryIntermediary
Access Policy Enforcement
Access Policy Enforcement
hGrid 2.0 Monitor
hGrid 2.0 Monitor
Grid Policy Enforcement
Grid Policy Enforcement
Resource Policy Enforcement
Resource Policy Enforcement ProxyProxy
Governance Control Points
hGrid 2.0 Service Request/Response
hGrid 2.0 Service Request/Response
Security, Privacy and Governance