Wednesday, January 9, 2013

IHE efforts in RESTful security

This is a simple update at the beginning of the year and IHE development cycle.

First, the slate of things that IHE IT Infrastructure (ITI) committee is working on this year is large. Here is a summary of the work items for the ITI  committee. I state this because last year ITI got one profile completed, the Mobile Health Documents profile that I wrote. So I want to encourage extra support from people who don't usually get involved.

The specific work item of interest is one that I am calling “Internet User Authentication/Authorization” (IUA). Yes, I am being cute with the acronym since there is already EUA and XUA. They are all very functionally similar, just focused on different technology stacks.

IHE ITI is right now in the stage of gathering use-cases and thus the 'interoperability needs’. In the coming months these needs will be evaluated against available standards. The most likely standard at this point is oAuth 2.0. Due to the scope and expected standard, this is more than just user authentication as it also includes application authorization. Much like the scope of oAuth. We are not purely driven by oAuth capability, but like oAuth the need is based on the use-case problems. The problems of Internet based Authentication and the problems of mobile devices and mobile applications.

This profile is expected to be used widely and not just include IHE use-case. IHE is gathering usecases from HL7-FHIR, DICOM-WADO, and Continua. This profile is also expecting to leverage work that has already gone on. For example the RHEx work done in the USA under the S&I Framework. This profile is also expecting to be in harmony with the efforts of the USA NSTIC effort.

The development work will be done through a Google+ community. This is an open community due to the interest from many organizations. The workspace for the development will be on the IHE FTP site 

There are two formal telephone conferences prior to the next face-to face. On 2/13 and 3/13 at 8am central. These are the more formal workitem focused with the whole ITI committee. Right now we have a weekly meeting Wednesday mornings at 8am central. However this is going to change. There will be some form of survey out to discover the best time.  This survey will utilize the Google+ community  so sign up. The IHE calendar is published at http://www.ihe.net/calendar/

The next face-to-face meeting for the IHE ITI committee is March 18-22, in Treviso Italy. This meeting is where we focus on finishing the  Vol 1 material, and doing the standards analysis. The result of this meeting should be the selection of a standard to develop.

IHE is an open and transparent organization, but in order to have voting privileges one must be a member in good standing. http://www.ihe.net/governance/index.cfm