PASS—Privacy, Security and Access Services

Don Jorgenson

Introduction to Security and Privacy Educational Session

HL7 WG Meeting- Sept. 2012

HL7 PASS Concept Diagram 0.1

HL7 PASS Concept Diagram 0.1

Candidate Access Control Logical Architectures

Access Enforcement

Access Enforcement

Policy Decision Service

Policy Decision Service

Access Coordination

Access Coordination

9. Decision Factors 8. Decision Rules

3. Return Authentication Token

2. Request Authentication Status

6. Request Resource 11. Request Resource

13. Resource (if Permit) 12. Resource

Identity ProviderIdentity Provider

1. Request Resource

14. Resource

5. Return Project Credential

4. Request Project Credential

hGrid 2.0 ProjecthGrid 2.0 Project

10. Return Decision Token:Deny, or Permit, or Permit with Provisions

7. Resource Access Decision Requested

Policy Enforcement Flow

Information Flow

1

1

2

3

2

1

2 Secure Message- hGrid profile of WS-Security

SAML - hGrid profile of SAML

WS-Trust - hGrid profile of WS-Trust

Encryption - FIPS 140-2 validated encryption

XACML - hGrid profile of XACML

HL7 PASS Access DSTU

21

Radiologist Workstation

Audit Service – IMS

Image Analysis Service (IMS)

Image Data Service (IDS)

Authentication Service

Trust MessageInfrastructure

Trust Infrastructure

1

1c 1

Request

Image/Data

1b

Privacy

Policies

1

1b

Authorization Service – IDS

2

Authorization

Policies

Authorization Service – IMS

1b

2

1a

SSO Log In

SSO Log In

1a

1c 1

1c 1

1 2

1

1 2

21

1 21

1

1

21

1

1b

1a

1a

1b

1a

1b

1a

1b

1a

1

Access Privacy

Access«PEP» «PEP»

Audit Service – IDS

Request

Image/Data

2

21

2

2

Trust Token Flow

1a1a1a 1b1b1b1b

1c 1

1111111 222222

1 2

2

Authentication Trust Token

AuthenticationTrust Token- Delegated

Authorization Trust Token

Audit Trust Token-Secure protocol

Representitive Use Case

“This sharing is, necessarily, highly controlled, with resource providers and consumers defining clearly and carefully just what is shared, who is allowed to share, and the conditions under which sharing occurs. A set of individuals and/or institutions defined by such sharing rules form what we call a virtual organization (VO).”

--Foster el al in “The Anatomy of the Grid”

Security, Privacy and Grid Computing

Access EnforcementResourceResource

Access Requirements

Access Requirements

Trusted Information Source

Trusted Information Source

requires

Access Enforcement

Access Enforcement

provides

requires access to protects

is a kind of

authorizes

Access PolicyAccess Policy

drives

Virtual HIN (vHIN)

Virtual HIN (vHIN)

Resource AuthorityResource Authority

authenticates to

managed by

defines policydefines

specifies

uses

is a kind of

Access Decision Information

Access Decision Information

Access Policy Decision

Access Policy Decision

RequestorRequestor

Identity ProviderIdentity Provider

Virtual Organization

(VO)

Virtual Organization

(VO)

Security/Privacy Framework—vHIN-based

6. Request

8. Resource (if Permit)Resource

Decision Factor 2

5. Decision

Decision Factor 1

Policy 1

Policy 2

Decision Factor n Policy m

2. RequestDecision

Policy Information Service

Policy Information Service

«PIP»

3. Request Decision Information

4. Decision Information

Policy Decision Service

Policy Decision Service

«PDP»

Policy Enforcement Agent

Policy Enforcement Agent

«PEP»«access»

7. Response

1. Request Resource

Access DecisionPolicySources may include:

Jurisdictions-

National

State

Organization (custodial)

hGrid 2.0 VO

Consumer-

Patient

Delegate

Patient-

Privacy Preferences

Access DecisionInformationFactors may include:

Requestor-

Identity

Organization

Role

Purpose of request

Time of request

Privacy Preferences

Policy Decisions (remote)

Resource-

Attributes

Policy Decision Rules reference Decision Information

Security, Privacy and Governance

6. Deliver CCD

. Consent Not GrantedRI State HIE

Decision

HIPAA

RI

PatientRequestDecision

Policy Information Service

Policy Information Service

«PIP»

Request Decision Information

Decision Information

Policy Decision Service

Policy Decision Service

«PDP»

Direct Enforcement Agent

Direct Enforcement Agent

«PEP»1. CCD Submitted

Access DecisionPolicySources may include:

Jurisdictions-

Federal

State

Organization (custodial)

RIQI

Consumer-

Patient

Patient-

Privacy Preferences

Access DecisionInformationFactors may include:

Requestor-

Identity

Organization

Role

Purpose of request

Time of request

Privacy Preferences

Policy Decisions (remote)

Resource-

Attributes

Policy Decision Rules reference Decision Information

Rhode Island Consent Gateway

Identity Proofed to NIST Level 3

Covered Entity?

RITC Membership?

Patient Consented?

Provider DSP Agreement Executed

Provider BA Agreement Executed

ConsentEnforcement Agent

ConsentEnforcement Agent

«PEP»

X.509Cert

IntermediaryIntermediary

Access Policy Enforcement

Access Policy Enforcement

hGrid 2.0 Monitor

hGrid 2.0 Monitor

Grid Policy Enforcement

Grid Policy Enforcement

Resource Policy Enforcement

Resource Policy Enforcement ProxyProxy

Governance Control Points

hGrid 2.0 Service Request/Response

hGrid 2.0 Service Request/Response

Security, Privacy and Governance