federated directory services brief profile proposal for 2009/10 presented to the it infrastructure...
TRANSCRIPT
Federated Directory ServicesFederated Directory Services
Brief Profile Proposal for 2009/10Brief Profile Proposal for 2009/10presented to thepresented to the
IT Infrastructure Planning CommitteeIT Infrastructure Planning CommitteeJ. Caumanns, O. Rode, R. Kuhlisch, FHGISSTJ. Caumanns, O. Rode, R. Kuhlisch, FHGISST
07 October 200907 October 2009
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
The Problem
• Physicians spend 20% of their time searching for Physicians spend 20% of their time searching for informationinformation
• ... so do their information systems... so do their information systems– the patient wants to authorize Dr. Meier, what’s the OID to put into the patient wants to authorize Dr. Meier, what’s the OID to put into
the policy?the policy?– the PDQ request must be encrypted for privacy reasons; what is the PDQ request must be encrypted for privacy reasons; what is
the public key of the respective service?the public key of the respective service?– now that I’ve got the OID of the repository, what’s the URL?now that I’ve got the OID of the repository, what’s the URL?– the patient was referred to the cardiology at Charite. What’s the the patient was referred to the cardiology at Charite. What’s the
eMail-Address to send them the latest lab results? eMail-Address to send them the latest lab results? – Dr. Meier informed me on his new phone number. How can I Dr. Meier informed me on his new phone number. How can I
ensure that all departments update their files respectively?ensure that all departments update their files respectively?
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Use Case
• With all distributed EHR systems we have the problem ofWith all distributed EHR systems we have the problem of– technically linking the logically decouples piecestechnically linking the logically decouples pieces– retrieving certificates of services and personsretrieving certificates of services and persons– discovering appropriate IDs to write into policies discovering appropriate IDs to write into policies
• Challenge:Challenge:– link a new repository with a registry and make its address and link a new repository with a registry and make its address and
certificate known to all userscertificate known to all users– assign a permission to a hospital department assign a permission to a hospital department – discover authentic and up-to-date contact data for a certain persondiscover authentic and up-to-date contact data for a certain person
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Federated Directory Services
Domain 1
FDS
Domain 2
FDS
virtual integrateddirectory
Local Directories
Local Directories
Local Dirs
UserUser
User
Domain 3
FDS
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Integration of Directory Schema
Direc
tories
FDS
join
ed n
ames
pac
es
dom=Domain 1 dom=Domain 2
root
dom=Domain 3
dir=IHE Personnel WP
dir=IHE Org. WP
dir=IHEServices WP
dir=IHE Personnel WP
dir=Some Regional WP
dir=IHEServices WP
dir=Some Regional WP
dir=IHE Org. WP
dir=IHEServices WP
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Sample: Find Service URL by OID
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Sample: Client -> local FDS
############# REQUEST FROM (FDS Client, Heart Inst.) TO (FDS, Heart Inst.)# REQUEST FROM (FDS Client, Heart Inst.) TO (FDS, Heart Inst.)############
<searchRequest dn="ou=Services,o=Charité,c=de,dir=IHE Service <searchRequest dn="ou=Services,o=Charité,c=de,dir=IHE Service WP,dom=Charité"WP,dom=Charité"
scope="singleLevel"scope="singleLevel" derefAliases="neverDerefAliases"> derefAliases="neverDerefAliases"> <filter><filter> <substrings name="oid"><final>1.2.3.4.5</final></substrings><substrings name="oid"><final>1.2.3.4.5</final></substrings> </filter></filter> <attributes><attributes> <attribute name="cert" /><attribute name="cert" /> <attribute name="url" /><attribute name="url" /> </attributes></attributes></searchRequest></searchRequest>
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Sample: Local FDS -> Domain FDS
############# REQUEST FROM (FDS, Heart Inst.) TO (FDS, Charité)# REQUEST FROM (FDS, Heart Inst.) TO (FDS, Charité)############
<searchRequest dn="ou=Services,o=Charité,c=de,dir=IHE Service <searchRequest dn="ou=Services,o=Charité,c=de,dir=IHE Service WP,dom=Charité"WP,dom=Charité"
scope="singleLevel"scope="singleLevel" derefAliases="neverDerefAliases"> derefAliases="neverDerefAliases"> <filter><filter> <substrings name="oid"><final>1.2.3.4.5</final></substrings><substrings name="oid"><final>1.2.3.4.5</final></substrings> </filter></filter> <attributes><attributes> <attribute name="cert" /><attribute name="cert" /> <attribute name="url" /><attribute name="url" /> </attributes></attributes></searchRequest></searchRequest>
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Sample: Domain FDS -> Domain LDAP
############# REQUEST FROM (FDS, Charité) TO (directory, IHE Service White Pages )# REQUEST FROM (FDS, Charité) TO (directory, IHE Service White Pages )############
<searchRequest dn="ou=Services,o=Charité,c=de"<searchRequest dn="ou=Services,o=Charité,c=de" scope="singleLevel"scope="singleLevel" derefAliases="neverDerefAliases"> derefAliases="neverDerefAliases"> <filter><filter> <substrings name="oid"><final>1.2.3.4.5</final></substrings><substrings name="oid"><final>1.2.3.4.5</final></substrings> </filter></filter> <attributes><attributes> <attribute name="cert" /><attribute name="cert" /> <attribute name="url" /><attribute name="url" /> </attributes></attributes></searchRequest></searchRequest>
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Sample: Domain FDS <- Domain LDAP
############# RESPONSE FROM (directory, IHE Service White Pages) TO (FDS, Charité)# RESPONSE FROM (directory, IHE Service White Pages) TO (FDS, Charité)############
<searchResponse><searchResponse> <searchResultEntry dn="cn=RecordRegistry,ou=Services,o=Charité,c=de"><searchResultEntry dn="cn=RecordRegistry,ou=Services,o=Charité,c=de"> <attr name="cert"><attr name="cert"> <value xsi:type="xsd:base64Binary"><value xsi:type="xsd:base64Binary"> VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= </value></value> </attr></attr> <attr name="url"><attr name="url"> <value>http://services.charite.de:8080/recreg/service?wsdl</value><value>http://services.charite.de:8080/recreg/service?wsdl</value> </attr></attr> </searchResultEntry></searchResultEntry> <searchResultDone><resultCode code="0"/></searchResultDone><searchResultDone><resultCode code="0"/></searchResultDone></searchResponse></searchResponse>
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Sample: Local FDS <- Domain FDS
############# RESPONSE FROM (FDS, Charité) TO (FDS, Heart Inst.)# RESPONSE FROM (FDS, Charité) TO (FDS, Heart Inst.)############
<searchResponse><searchResponse> <searchResultEntry<searchResultEntry dn="cn=RecordRegistry,ou=Services,o=Charité,c=de,dir=IHE Service dn="cn=RecordRegistry,ou=Services,o=Charité,c=de,dir=IHE Service
WP,dom=Charité">WP,dom=Charité"> <attr name="cert"><attr name="cert"> <value xsi:type="xsd:base64Binary"><value xsi:type="xsd:base64Binary"> VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= </value></value> </attr></attr> <attr name="url"><value>http://services.charite.de:8080/recreg/service?wsdl</value><attr name="url"><value>http://services.charite.de:8080/recreg/service?wsdl</value> </attr></attr> </searchResultEntry></searchResultEntry> <searchResultDone> <resultCode code="0"/> </searchResultDone><searchResultDone> <resultCode code="0"/> </searchResultDone></searchResponse></searchResponse>
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Sample: client <- Local FDS
############# RESPONSE FROM (FDS, Heart Inst.) TO (FDS Client, Heart Inst.)# RESPONSE FROM (FDS, Heart Inst.) TO (FDS Client, Heart Inst.)############
<searchResponse><searchResponse> <searchResultEntry<searchResultEntry dn="cn=RecordRegistry,ou=Services,o=Charité,c=de,dn="cn=RecordRegistry,ou=Services,o=Charité,c=de,
dir=IHE Service WP,dom=Charité"> dir=IHE Service WP,dom=Charité"> <attr name="cert"> <value xsi:type="xsd:base64Binary"><attr name="cert"> <value xsi:type="xsd:base64Binary"> VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= </value></value> </attr></attr> <attr name="url"><attr name="url"> <value>http://services.charite.de:8080/recreg/service?wsdl</value><value>http://services.charite.de:8080/recreg/service?wsdl</value> </attr></attr> </searchResultEntry></searchResultEntry> <searchResultDone><resultCode code="0"/></searchResultDone><searchResultDone><resultCode code="0"/></searchResultDone></searchResponse></searchResponse>
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Proposed Standards & Systems
• DSML v2 to query (LDAP) directoriesDSML v2 to query (LDAP) directories– LDAP2UDDI adaptors available from industry LDAP2UDDI adaptors available from industry
• IHE PWP as basis and referenceIHE PWP as basis and reference– RFC2798 (inetOrgPerson), RFC2256 (X500 user schema) RFC2798 (inetOrgPerson), RFC2256 (X500 user schema)
• IHE ATNA for FDS AuthenticityIHE ATNA for FDS Authenticity• IHE White Paper on Cross-Community Information IHE White Paper on Cross-Community Information
ExchangeExchange
• Alternatives to discuss (in January....):Alternatives to discuss (in January....):– OMG IS (former EIS)OMG IS (former EIS)– UDDIUDDI
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Scope of the Profile
• Upper Directory Tree structure (more or less implied)Upper Directory Tree structure (more or less implied)• Client and P2P query transactions (DSML v2)Client and P2P query transactions (DSML v2)• Registration of FDS for a certain domainRegistration of FDS for a certain domain• security issues (mainly ATNA)security issues (mainly ATNA)• Schema forSchema for
– Services (Vasil‘s Profile Proposal)Services (Vasil‘s Profile Proposal)– OrganisationsOrganisations– Personnel (should be PWP)Personnel (should be PWP)
IT Infrastructure Planning CommitteeIT Infrastructure Planning Committee
Discussion
• Editor: Fraunhofer ISSTEditor: Fraunhofer ISST• Editing support by: Swisssign, ELGA, iSoft, ISProEditing support by: Swisssign, ELGA, iSoft, ISPro• Estimated Effort: MediumEstimated Effort: Medium
• Prototype implementation as “proof of concept” at Prototype implementation as “proof of concept” at Fraunhofer ISSTFraunhofer ISST
• integration with eCR v1.4 (2010) planned and agreed with integration with eCR v1.4 (2010) planned and agreed with industry; deployment into running eCR pilot projects and industry; deployment into running eCR pilot projects and running networks late 2010running networks late 2010