Wednesday, November 11, 2009

OASIS Approves SAML and XACML Healthcare XSPA Profiles as Standards

This has been pulled into HITSP TP20, and will be the one of the inputs to the IHE updates to the XUA profile this year.

OASIS announced two Cross-Enterprise Security and Privacy Authorization (XSPA) profiles have been approved at OASIS Standard level. The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee was chartered to "specify sets of stable open standards and profiles, and create other standards or profiles as needed, to fulfill the security and privacy functions identified by the functions and data practices identified by HITSP, or specified in its use cases."  The XSPA-SAML profile describes a Cross-enterprise Security and Privacy Authorization (XSPA) framework using the SAML core standard and specific attributes to satisfy requirements pertaining to information-centric security and privacy within the healthcare community.
http://docs.oasis-open.org/security/xspa/v1.0/saml-xspa-1.0-cs01.html
See also the XSPA XACML profile: http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.html