On the Usage of SAML Delegate Assertions in an Healthcare Scenario with Federated Communities
نویسندگان
چکیده
The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions. Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data amongst different organizations. Concepts like interoperability, security and confidentiality are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchange amongst clinics and hospitals or even regions. For these scenarios, the problem of having authenticated transactions is crucial, in order to provide a form of authorization while accessing patient healthcare information. The IHE initiative addresses the problem by means of SAML assertions, i.e. XML documents containing authentication statements. In this paper, we focus on the problem of propagating the authentication information of healthcare professionals amongst hospitals or regions (in the IHE jargon, communities) by relying on the delegation mechanism introduced by SAML.
منابع مشابه
A Delegation Framework for Liberty
Building support for delegation services into an identity federation system enhances its flexibility and scalability. Users may need to delegate all (or a subset) of their access rights or privileges to other parties in the system. However, the Liberty Alliance, an industry consortium that aims to build open standard-based specifications for identity federation systems, does not include delegat...
متن کاملOn Breaking SAML: Be Whoever You Want to Be
The Security Assertion Markup Language (SAML) is a widely adopted language for making security statements about subjects. It is a critical component for the development of federated identity deployments and Single SignOn scenarios. In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm...
متن کاملOn Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security
In recent research, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives...
متن کاملOn Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals
The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions. Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (...
متن کاملSimulation Study of Different Authentication Protocols Used for Federated Identity Management in Cloud
rganizations needed a way to unify authentication systems in the enterprise for easier management and better security. Single-sign-on was widely adopted and provided a solution for keeping one repository of usernames and passwords that could be used transparently across several internal applications. After analyzing various issues regarding authentication of user’s in federated systems we have ...
متن کامل