Consultancy Infrastructure Requirements for Fast, Reliable and Secure HL7 V3 Messaging Andrew...
-
Upload
sabastian-harre -
Category
Documents
-
view
222 -
download
1
Transcript of Consultancy Infrastructure Requirements for Fast, Reliable and Secure HL7 V3 Messaging Andrew...
Consultancy
Infrastructure Requirements for Fast, Reliable and Secure HL7
V3 Messaging
Andrew Hinchley CPL Consulting
Consultancy
UK direction
• HL7 V3 offers many options as how the supporting network and security infrastructure is implemented
• HL7 V3 Infrastructure ballot offers rich set of options for implementing message wrappers and related support messages
• This is a brief review of the directions that the NHS is taking in supporting HL7 V3 for ICRS messaging
Consultancy
Caveats –NPfIT development
• In a number of areas, NPfIT decisions depend on the results of contractual negotiations which are still under way
• In others, decisions have yet to be taken with the immediate focus being on completing what is needed to specify and develop the Electronic Booking Service for mid-2004
Consultancy
General Principles in networking and security area
• Supply a set of network services able to be used for a variety of purposes including messaging
• Implement security infrastructure that provides protection against threats to a variety of communication flows
Consultancy
General status - December 2003
• Much of the detailed solution has been specified by each short-listed NASP against the NHS stated requirements
• Selection of the NASP in December will trigger the implementation of the selected NASP’s solutions
Consultancy
Security Approach
• ICRS focuses on high level security mechanisms to counter risks– Pseudonymisation for Secondary Uses– Legitimate Relationships and Sealed enveloped– Role Based Access Control
• ICRS security solutions for the underlying network can then use standard components– Retain NHS private network with NHS access controls
and Code of Connection– Where necessary use link encryption or VPN
encryption as appropriate
Consultancy
Security Approach
• For the purposes of this talk, Legitimate Relationships and Sealed envelopes do not impact messages or the network
• Role Base Access Control may impact messaging if/when authorisation meta-data needs to be carried with the message
• For initial ICRS applications this is not yet found to be necessary
Consultancy
Role-based Access Control
• In an organisation with as many staff as the NHS, authorised access to clinical information on a “need-to-know” basis is seen as a key requirement
• Need to provide methods whereby access can be checked and authorised before access is granted
• A successful universal approach can be used for many types of access including GUI and message-based access
Consultancy
Role-based Access Control(RBAC)
• RBAC requires up-to-date accurate directories of staff
• Need to tie into NHS initiatives to build staff directories
• Issues– How many access roles need to be defined?– Business functions can be classified in a way
which helps defines which roles should be granted access
Consultancy
Role-based Access Controlhealthcare experiences elsewhere
• Some implementation experience from US
• Recent proposals from Veterans Administration –to be presented to HL7 at next WGM– Likely to include specific proposals for
including authorisation information in message wrappers
Consultancy
Network Infrastructure
• Retain and strengthen dedicated network for NHSnet comes up for replacement – revised N3
• Consider applying encryption close to network : link SSL
• Increasing focus by Cabinet Office on robustness of key national resources: CNI - Critical National Infrastructure, which includes health. Pressure to enhance network integrity and security from perspective of risks to CNI
• Specific to Messaging: Need for specific HL7 V3 message transport specifications
Consultancy
Messaging client
Network client
Messaging client
Network client
Application Domain AApplication Domain B
No Security Services atthis level
NASP/LSP services
Message Relay
SOAP SOAP
Application Domain-Security Services
Role-based AccessControl
NHSNET/N3
Consultancy
Message Routing
• The message wrapper provides a permanent envelope for the message throughout this transit
• Messages will be forwarded through relays which need to be able to use the V3 wrapper to apply forward routing as needed
• V3 messages may need to be carried over a number of different transport protocols between source and destination
Consultancy
Message transport services
• In line with general ICRS approach to communications infrastructure services designed to support a number of requirements including messaging
• Web Services is a potentially attractive general solution:-– Define message transport services based on
SOAP– In HL7 Microsoft have submitted drafts which
include use of WSDL
Consultancy
Web Services Architecture
MetadataWSDL, Policy
XML and SOAP XSD, XPath, …
Messaging WS-Addressing …
TransactionsWS-Transactions,WS-Coordination
…
SecurityWS-Security,
Secure Conversation, Trust, …
ReliableMessaging
Network Transports HTTP, TCP, UDP, …
Consultancy
Web Services transport
• Reliable Delivery Service not yet stable
• Link encryption adequate for now. Do not require WS-Security
• WSDL preferred by companies such as Microsoft to standardise stub software
• SOAP wrapper may need to duplicate some of the information in the V3 wrapper
Consultancy
Application acknowledgements
• HL7 V3 messaging should not have to rely completely on the network for reliable delivery
• HL7 V3 defines an end-to-end application acknowledgement and this is being used in NPfIT applications.
• Messaging is then a true end-to-end service, an independent service layer in the network stack
Consultancy
Requirements for message-based authentication or encryption?
• Current NPfIT plans do not include requirements for either of these:-– Messages pass between trusted NHS Organisations.
There is no requirement therefore for authentication information to be carried in the message
– Where necessary, link-level encryption can be used to protect messages in transit between NHS Organisations
– Within an NHS Organisation any protection requirements are addressed by a local assessment of risks
Consultancy
TMS - Transaction and Messaging Service
• Over time the ICRS TMS will provide an increasing level of functionality– TMS provides additional routing intelligence
over that of a standard message relay– TMS may create message copies, for
instance to allow copies of clinical reports to be stored in the spine
– TMS will have the capability of splitting or recombining messages in future applications as/when these functions are found useful
Consultancy
Summary (1)
• N3 replacement needs less functions than existing network– Focus on high integrity– High speed– High availability– Network Code of Conduct– Level 3 eGIF dial-up access– Interconnects with LSPs
Consultancy
Summary (2)
• Underlying network does not need specific messaging capabilities
• NASP/LSPs manage messaging layers together
• Security focus is high level, protecting access to assets on need-to-know basis