Wednesday, October 22, 2014

CDA Digital Signatures inside

HL7 has been working on an Implementation guide that explains how one would use a Digital Signature inside of a CDA document. This is an implementation of XML-Signature in Enveloped form. 
This has completed a round of ballot and now enters 24 months of DSTU. 
  • Signature, Enveloped -- The signature is over the XML content that contains the signature as an element. The content provides the root XML document element. Obviously, enveloped signatures must take care not to include their own value in the calculation of the SignatureValue.
Note, I can't find the current DSTU version of the text... When I find it I will provide a link.
The HL7 CDA Digital Signature Implementation Guide shows a model where the Digital Signature is treated as a blob that is then inserted into the CDA document. This means that it is restricted to only signing CDA documents. The advantage that this CDA internalized digital signature is that it is carried inside the CDA document throughout any transport that conveys the CDA document.

DSTU Publication Approvals  
HL7 Implementation Guide for CDA® Release 2: Digital Signatures and Delegation of Rights, Release 1 for Structured Documents WG of SSD SD at Project Insight 1005 and TSC Tracker 3639 requested DSTU publication for 24 months. The Digital Signature and Delegation of Rights Implementation Guides provide a standardized method of applying Digital Signatures to CDA documents.  The standard provides for multiple signers, signer’s declaration of their role, declaration of purpose of the signature, long-term validation of the Digital Signatures and data validation of the signed content.
This Digital Signature is not a conflict with the IHE-DSG profile, but rather a different model. IHE-DSG profile is a standalone Digital-Signature that references a standalone document of any type. So the IHE-DSG profile can sign a CDA document, but can just as well sign a PDF or any other format of document. The limitation that the IHE-DSG profile has is that it can only sign by reference. This model has been extensively discussed in IHE and on my blog. See IHE-DSG profile,

IHE Does have a proposal that I am working on to add XML-Signature Enveloping.
In this case there would be one document that is an XML-Signature document, with the signed content inside of the document. In this way the content is carried inside the signature. The opposite of the CDA Enveloped DSTU. This method can Envelope ANY type of document, it is not restricted to CDA documents. It is also, like the CDA Enveloped DSTU, completely independent of Transport.
  • Signature, Enveloping - The signature is over content found within an Object element of the signature itself. The Object (or its content) is identified via a Reference (via a URI fragment identifier or transform).
Signature - Digital, Electronic

Tuesday, October 14, 2014

FW: IHE IT Infrastructure "MHD" Technical Framework Supplement Published

IHE has updated the MHD profile. This is an administrative formality that should have been done almost 3 months ago. The text published is updated Volume 1, and totally erased volume 2. This removal of the Volume 2 text is a notice to developers that IHE is currently re-developing the technical profile. This technical work has been in progress for many months now, moving very slowly because of day-job and summer vacations by everyone who is helping.
The current status of the updating of MHD can be found on the IHE "MHD Status" page.

Associated with this is a formal “Hackathon” at the IHE-Connectathon where developers will be encouraged to work on MHD implementations. This is not called a Hackathon, but rather "New Directions". The goal is to improve and mature the MHD profile. The MHD profile is not well enough matured to be formally tested at IHE-Connectathon.


IHE IT Infrastructure Technical Framework Supplement Published for Trial Implementation

The IHE IT Infrastructure Technical Committee has published the following supplement to the IHE IT Infrastructure Technical Framework for trial implementation as of October 14, 2014:
  • Mobile access to Health Documents (MHD)
This profile may be available for testing at subsequent IHE Connectathons. The document is available for download at Comments on all documents are invited at any time and can be submitted at