Extension of the Profile “Security Retrieve”

[JohnMoehrke]

1. Proposed Work Item: Extension of the Profile “Security Retrieve”

Proposal Editor: Martin Smock, eHealth Suisse
Work Item Editor: Martin Smock, eHealth Suisse
Date: 9-Feb-2022
Version: 1.0
Domain: IHE ITI

2. The Problem

As mentioned in the IHE Access Control Whitepaper, IHE provides profiles for most of the actors and transctions required for access control:

• EUA for Kerberos based User Authentication;
• XUA for Authorization Assertions based on SAML 2.0
• BPPC for implementing Policy Administration Points based on XDS.b infrastructure;

In the years after publication of the Access Control Whitepaper, additional supplements were published focusing on some additional aspects of access control:

• HPD my be used as Policy Information Point by the Policy Decision Point;
• APPC for implementing Policy Administration Points in XDS.b infrastructure based on the XACML 2.0 standard;
• IUA for Authorization Assertions based on OAuth and JWT;
• SeR for implementing Policy Enforcement and Policy Decision Points in XDS.b for XDS.b repositories.

While most of the profiles and supplements are generic and applicable for access control for many use cases, the Secure Retrieve (SeR) supplement is not. The messages defined in the supplement were designed for policy enforcement of an XDS.b repostory and the application of the profile is therefore limited to the document retrieval use case only. Currently the profile cannot be aplied to policy enforcement in other use cases (e.g. PIX) and other components of an affinity domain or in cross enterprise scenario.

The intention of the work item is to rework the SeR supplement to support other use cases and increase its applicability for policy enforcement as part of the access control infrastructure. The goal is to rework the SeR supplement to be extensible (i.e. definition of additional use cases and national extensions), preserving backward compatibility, so that no changes will be required in current SeR implementations.

3. Key Use Case

The key use cases to be adressed by the work item are:

• Policy enforcement for access control in retrieving patient personal identifiable information (PDQ, PDQm, etc.);
• Policy enforcement for access control in retrieval of document metadata (Registry Stored Query, MHD, etc.);
• Policy enforcement for access control in retrieval in other IHE or non IHE Actors of an affinity domain or in cross community scenarios.

4. Standards & Systems

The extension of SeR shall not introduce new standards. The work item extends the current version of the SeR supplement using the XACML 2.0 standard, the current version is based upon.

5. Discussion

Remark (M. Smock):

• The work item is motivated by requirements of the swiss national EPR, where the legal regulations require policy enforcement for access control not only for document retrieval. The current implementation of the Swiss EPR uses a proprietary specification (ordinance), which has much in common with the SeR supplement, but applies to more use cases. The work item on the one hand would allow us to switch to a swiss national extension, on the other hand we expect the international community could benefit from the swiss experience with policy enforcement.

• We expect the work item to be a low hanging fruit, since:
  o eHealth Suisse already mandated a specialist to perfom the gap analysis and to propose the chnages required for the work item (see attached word document with tracked changes).
  o eHealth Suisse reserved budget in 2022 for a specialist to participate in the ITI TC meetings for the work item and to finalize the update of the SeR supplement.

[JohnMoehrke]

https://github.com/IHE/IT-Infrastructure/blob/master/Proposals/IHE_ITI_Proposal_SeR-Work-Item.docx