|
1.
|
Clear description of the referenced document:
|
|
|
|
Name:
|
IHE TFS XUA++ (2010)
|
|
Title:
|
IHE IT Infrastructure (ITI), Technical Framework Supplement: Cross-Enterprise User Assertion - Attribute Extension (XUA++). Trial Implementation.
|
|
|
2.
|
Status of approval:
|
|
|
Approved for trial implementation August 10th, 2010.
|
|
3.
|
Justification for the specific reference:
|
|
|
The Continua Design Guidelines utilizes the IHE Technical Framework for use with both its Health Reporting Network (HRN) and Wide Area Network (WAN) interfaces. This document defines specific implementations of established standards to achieve integration goals that promote appropriate sharing of medical information to support optimal patient care.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
N/A
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
An improvement over the XUA Profile improving access control for audit logging: This supplement extends the Cross-Enterprise User Assertion (XUA) profile with Options that will enable access controls on the service side. The current XUA profile allows attributes but does not require any specific attributes beyond the user identity that is used for audit logging. There is now experience on how to extend an XUA Assertion to support some service side access control. This improvement over the XUA profile has been recognized and implemented within related certification programs.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
See 5.
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
This document defines a coordinated set of transactions based on ASTM, DICOM, HL7, IETF, ISO, OASIS and W3C standards. The COntinua Design Guidelines further constrained it for the HRN and WAN interfaces.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
NIST SP 800-63, Liberty Alliance, and OASIS [sstc-saml-assurance-profile-draft-01.pdf]./
/
IHE Access Control White Paper [http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_WhitePaper_AccessControl_2009-09-28.pdf]./
/
OASIS http://www.oasis-open.org/committees/security/./
/
SAMLCore SAML V2.0 Core standard/
/
WSS10 OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)", March 2004. 330/
/
WSS11 OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", February 2006./
/
WSS:SAMLTokenProfile1.0 OASIS Standard, “Web Services Security: SAML Token Profile”, December 2004/
/
WSS:SAMLTokenProfile1.1 OASIS Standard, “Web Services Security: SAML 335 Token Profile 1.1”, February 2006/
/
XSPA-SAMLv1.0 OASIS Standard, ?Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of the Security Assertion Markup Language (SAML) for Healthcare v1.0? , November 2009/
/
SAML V2.0 Standards http://www.oasis-open.org/committees/security/./
/
SAML V2.0 Technical Overview/
/
SAML Executive Overview/
/
SAML Tutorial presentation by Eve Maler of Sun Microsystems
|
|
9.
|
Qualification of
IHE:
|
|
|
Integrating the Healthcare Enterprise (IHE) meets the qualifying criteria for normative referencing as per Recommendation ITU-T A.5.
|
|
10.
|
Other (for any supplementary information):
|
|
|
N/A.
|
