Add to collection(s) Add to saved
  1. Science
  2. Astronomy
  3. Particle Physics

The “Direct Project” Reference Implementation Architecture 1

advertisement 
The “Direct Project” Reference Implementation
Architecture
1
NwHIN Direct Approach
 Develop specifications for a secure, scalable, standards-




based way to establish universal health addressing and
transport for participants
Send encrypted health information directly to known,
trusted recipients over the Internet (Push Model)
Participants include providers, laboratories, hospitals,
pharmacies and patients
Standards and service descriptions designed to address the
key Stage 1 requirements for Meaningful Use
http://wiki.directproject.org/home
2
Direct Reference Implementation
 Open-source reference implementation and associated




libraries implementing the Direct Project specification
Implementations in Java and in C Sharp(.Net)
Actually implemented and used in several pilot projects.
New York Hudson Valley and Rhode Island have hooked
their pilots together (HISP to HISP)
Multiple EHRs vendors in the pilots
http://wiki.directproject.org/Reference+Implementation+
Workgroup
3
JAVA REFERENCE IMPLEMENTATION PLUS DIRECTORY SERVICES
HISP Security Domain
“Real” SMTP
Server
Provider
Directory
Services
External
Direct
Health
Information
Services
(HISPS)
POP/SMTP
Internal Email Client
SMTP Service
(Gateway )
Apache Mailet API
Configuration
Service
SQL
Security Agent
SMTP(SMIME)
Certificate
Directory
Services
Apache Mailet API
Configuration Web UI
XD* Agent
XDR Service(Receiving
System)
XD* SOAP SERVICE
XDR Source(Sending
System)
4
EHR to EHR
cmp EHR to EHR
Mutual Authentication
XDR Source (Sending System)
HISP/HIE Direct XD* Serv ice
XDR Serv ice (Receiv ing
System)
ProvideAndRegister
ProvideAndRegister
Search For Entity
Mutual Authentication
Get Local Endpoint
Search For Provider
Prov ider Directory Serv ice
Configuration Serv ice
5
EHR to EHR Sequence
sd EHR to EHRSequence
XDR Source (Sending
System)
Provider Directory
Service
HISP/HIE Direct XD*
Service
Configuration Service
XDR Service (Receiving
System)
SearchForProvider(SearchForProviderRequest)
:SearchForProviderResponse
MutualAuthentication()
ProvideAndRegister(ProvideAndRegisterRequest)
GetLocalEndpoint(DirectAddress)
ProvideAndRegister(ProvideAndRegisterRequest)
:ProvideAndRegisterResponse
:ProvideAndRegisterResponse
6
Why the SMTP Backbone ?
 Allows for the inclusion of providers without EHRs in the Direct
model
 Allows for a security model that does not rely on a strong
federation
 Strongly federated security with dictated CA structure, like
the “Federal Bridge”, seem to be difficult to implement
 Without strong federation, unanticipated push between two
random TLS based SOAP systems is not simple (possible?)
 Using the Direct “Certificate Directory” model allows for
unanticipated SMIME with “dynamic certificate exchange”
7
THE MAILET, ENABLING SECURE SMTP BASED SERVICES
HISP Security Domain
“Real” SMTP
Server
Provider
Directory
Services
External
Direct
Health
Information
Services
(HISPS)
POP/SMTP
Internal Email Client
SMTP Service
(Gateway )
Apache Mailet API
Configuration
Service
SQL
Security Agent
SMTP(SMIME(XDM))
Certificate
Directory
Services
Apache Mailet API
Configuration Web UI
XD* Agent
SMTP (XDM)
XD* SOAP SERVICE
XDR Service(Receiving
System)
XDR Source(Sending
System)
8
What Apache Mailets Get You
 “In-flow” programmatic access to the (S)MIME message
without cumbersome polling or queuing
 Allows for dynamic certificate exchange, decryption and
signature validation
 Allows for dynamic conversion to more SOA friendly
protocols
 Extremely simple “injection” mechanism
 Configuration based
9
SOAP to SMTP
cmp EHR toSMIME Out
XDR Source (Sending System)
Mutual Authentication
HISP/HIE Direct XD* Serv ice
HISP/HIE Direct Mail Serv ice
ProvideAndRegister
Search For Entity
Search For Provider
Get Local Endpoint
Prov ider Directory Serv ice
Configuration Serv ice
Get Provider Private
Key (Sender, Sign)
External Direct SMTP Serv ices
SMIME(XDM) Over SMTP
XDM Over SMTP
Get Current Certificates
(Recipient, Encrypt)
Certificate Repository Serv ice
10
SOAP to SMTP Sequence
sd EHR to SMIME Out Sequence
XDR Source (Sending
System)
Provider Directory
Service
HISP/HIE Direct XD*
Service
Configuration Service
HISP/HIE Direct Mail
Service
Certificate Repository
Service
External Direct SMTP
Services
SearchForProvider(SearchForProviderRequest)
:SearchForProverResponse
MutualAuthentication()
ProvideAndRegister(ProvideAndRegisterRequest)
GetLocalEndpoint(DirectAddress)
SMTP(XDM)
GetProviderPrivateKey()
GetCurrentCertificates()
SMIMEOverSMTP(XDM)
:Ack
:Ack
:ProvideAndRegisterResponse
11
THE MAILET, ENABLING SECURE SMTP BASED SERVICES
HISP Security Domain
“Real” SMTP
Server
Provider
Directory
Services
External
Direct
Health
Information
Services
(HISPS)
Certificate
Directory
Services
Internal Email Client
SMTP Service
(Gateway )
Apache Mailet API
SMTP(SMIME)
POP/SMTP
Configuration
Service
SQL
Security Agent
Apache Mailet API
Configuration Web UI
XD* Agent
XDR
XD* SOAP SERVICE
XDR Service(Receiving
System)
XDR Source(Sending
System)
12
SMTP to SOAP
cmp SMIME to EHR In
External Direct SMTP Serv ices
HISP/HIE Direct Mail Serv ice
SMIME Over SMTP
Get Current Certificates
(Sender, Validation)
XD Step Up Serv ice
Get Local Endpoint
Get Provider Private Key
(Recipient, Decrypt)
Certificate Repository Serv ice
Configuration Serv ice
HISP/HIE Direct XD* Serv ice
ProvideAndRegister
ForwardMessage
ProvideAndRegister
Mutual Authentication
Get Local Endpoint
XDR Serv ice (Receiv ing
System)
13
SMTP to SOAP Sequence
sd SMIME to EHR In Sequence
External Direct SMTP
Services
HISP/HIE Direct Mail
Service
Certificate Repository
Service
Configuration Service
XD Step Up Service
HISP/HIE Direct XD*
Service
XDR Service (Receiving
System)
SMIMEOverSMTP()
GetProviderPrivateKey()
GetCurrentCertificates()
GetLocalEndpoint()
ForwardMessage(Payload)
ProvideAndRegister(ProvideAndRegisterRequest)
MutualAuthentication()
ProvideAndRegister(ProvideAndRegisterRequest)
:ProvideAndRegisterResponse
:ProvideAndRegisterReponse
:Ack
:Ack
14
Conclusions and Questions ?
 The Direct specification and reference implementation




has been an incredible example of cooperative open source
development
Multiple “connectathons” and extensive jUnit testing help
make the implementation rock solid
Architecture seems as clean as possible with multiple
protocols
Still firming up the Provider Directory detailed
requirements
Certificate Directory now uses DNS, may or may not
change
15
Related documents
DIRECT_Secure_Transport_Design_v_1_0
DIRECT_Secure_Transport_Design_v_1_0
1.0 Objective/Purpose
1.0 Objective/Purpose
comp9_unit1_self
comp9_unit1_self
Modern Email System “A set of related and interconnected protocols
Modern Email System “A set of related and interconnected protocols
HISP Cultural Event Reflection Form
HISP Cultural Event Reflection Form
Princess Nora Bint Abdul Rahman University College of Computer
Princess Nora Bint Abdul Rahman University College of Computer
Download
advertisement