Notes from the Concrete Implementation Workgroup


Date: May 25, 2010
Time: 12pm-1pm
Attendees: Steven Waldren, Ravi Madduri, Wesley Combs, Rob Wilmot, David McCallie, Vassil Peytchev, John Moehrke, Matt Potter, Jason Colquitt, Nageshwara Bashyam, Karen Witting, Eric Heflin, Sean Nolan, Umesh Madan, Chris Lomonico, Tony Mallia, Brett Peterson, Brian Hoffman, Grahm Evans, William Lusen, Brian Behlendorf, Arien Malec

Actions for this Week:
#
Date
Action
Status
Owner
Due Date
21
5/25/10
Update Capability Worksheet to remove two sections: 11.3.1 and 9.4
Open
Sean
6/1/10
22
5/25/10
Continue discussion of Capability Worksheet on the wiki and post any major objections
Open
WG
6/1/10
23
5/25/10
Create a wiki page describing the Argonne National Laboratory’s REST implementation and speak to the security framework for this implementation
Open
Ravi Madduri
6/1/10
24
5/25/10
Request trusted HIT experts to become involved in an external review of the concrete implementations
Open
WG
6/1/10
25
5/25/10
Distribute invitation for extended WG meeting on June 8th
Open
Jackie Key
6/1/10

Actions from last Week:
#
Date
Action
Status
Owner
Due Date
18
5/18/10
Sean Nolan is going to take input from the call edit the capability worksheet
Closed
Sean
5/25/10
19
5/18/10
If WG has additional comments, email Sean by EOD tomorrow.
Closed
Sean & WG
5/25/10
20
5/18/10
WG will then be asked to give feedback on the Capability Worksheet
Closed
WG
5/25/10

Agenda

Notes
· Request for votes from the remaining organizations that did not vote on the wiki thus far:
o AAFP – Has not yet had a chance to review the worksheet, but will look after the call today and note any issues
o Medicity – Needs more time to review the worksheet, but recommend that WG proceed forward without a yes/no vote from Medicity
o VLER – Needs more time to review the worksheet
o Epic – Will review the worksheet shortly
Comment from Sean Nolan
· Message to Implementation Group is that we feel confident about level of WG agreement on the worksheet
· As suggested, Sean will remove the two items from the worksheet
Feedback on the Capability Worksheet
Name
Feedback/Comment
Steven Waldren
Pass
Ravi Madduri
Looks good
Wesley Combs
Have not yet had a chance to review
Rob Wilmot
Fine with the worksheet
David McCallie
Fine with the worksheet
Vassil Peytchev
Ok with the worksheet
John Moehrke
GE was not on the voting list, but would give the worksheet a yes vote
Matt Potter
Looks good
Jason Colquitt
Ok with the worksheet
Nageshwara Bashyam
Ok with the worksheet
Karen Witting
· What are the two things that will be deleted from the worksheet? If sections 11.3.1 and 9.4 then agree with the worksheet
· Sean Nolan – Yes, those are the two sections that will be deleted
Eric Heflin
Have not yet had a chance to review
Umesh Madan
Ok with the worksheet
Chris Lomonico
Ok with the worksheet
Tony Mallia
Need more time to review
Brett Peterson
Ok with the worksheet
Brian Hoffman
Need more time to review
Grahm Evans
Need more time to review
William Lusen
Have not yet had a chance to review

Comment from Arien Malec
· Note that the rule for NHIN Direct voting is: Either say yes, abstain (which equals a yes), or say no with comments
Comment from Sean Nolan
· WG should continue discussion of worksheet on the wiki and post any major objections to the wiki before the 3:00 IG call
· WG has achieved milestone of having draft of capability worksheets from each implementation team ready by today
· Should we bring in independent review of the implementations?
Comment from Brian Behlendorf
· On June 8th we’ll have a longer conversation to compare the options
IHE/SOAP team update from Vassil Peytchev
· Status for IHE/SOAP team
o Capability worksheet is still in progress
o Approach for IHE/SOAP team is not just to provide an end-end implementation, but also explore combinations of edge protocols with an IHE backbone
o Looking at 4 cases for end-end exchange
o In the process of filling gaps with transformations
o Getting appropriate test scenarios and test data to do end-end testing
o Tracking lessons learned on the team page
· IHE cases are intended to cover the NHIN Direct user stories, each IHE case can be applied to several user stories
· NHIN Direct specification will be drafted this week
Comment from Ravi Madduri
· At Argonne, we’ve created a REST implementation that installs the use cases with a different security framework. Should we create a separate capability worksheet?
Comment from Arien Malec
· Just add to the capability worksheet and post any content to the wiki
· Ravi to create a wiki page describing the Argonne REST implementation and speak to the additional security in place
· Want to be able to talk about each implementation option in a unified way
· We now have three different REST security models, one for each of the three REST approaches
Comment from Ravi Madduri
· What happens on June 8th? (will be addressed as part of later agenda item)
XMPP team update from Nageshwara Bashyam
· Capability worksheet should be completed today
· Team has explored XMPP demonstrations
· Still working on encryption and security model between HISP-HISP
Question from Sean Nolan
· What would the XMPP demonstration look like in terms of clients?
o Nageshwara Bashyam – Team held an exploratory meeting to see what settings would be required and what policies would need to be in place before an implementation could be piloted. Team did not look into what the end user interface would look like.
· Sean Nolan - Using an IM user interface could be very interesting
· Nageshwara Bashyam to add a screenshot of the XMPP implementation to the wiki
SMTP team update from Sean Nolan
· Filling out the worksheet was a good exercise
· SMTP team’s approach is to use email, additional code, which is being called the NHIN Direct agent, will give an extra security layer
· Most code is off the shelf, some code around cert management will need to be written
· Enough code is done to be able to send emails, though currently this is for windows only, but will be integrated with java
· Plan to snap into Healthvault in next few days
· Most code has come from Cerner, Microsoft, and Secure Exchange Solutions
· Interesting lesson learned was how to manage responses and acks/nacks, as most SMTP errors are in form of bounces and postmaster replies
o Team has figured out how to encrypt these properly

· Note from Sean: As much as Sean believes in the SMTP approach, Microsoft is willing to implement the consensus regardless of the chosen approach
Comment from Umesh Madan
· Educational to actually write the code
Question from Brian Behlendorf
· Is there a Java based SMTP implementation?
o Sean Nolan – Cerner has built an implementation of the agent with java mail. The code for this is available on the wiki
· Brian Behlendorf - In the interest of cross team collaboration, other teams using java should make note of the fact that the SMTP code exists
REST team update from Brett Peterson
· Capability worksheet needs more work
· Would like to focus more on the NHIN Exchange integration piece
o Suspects that there may be a gap on this front from both the REST and SMTP teams, and so posted comment/question on SMPT page
· Have successfully done HISP-HISP transactions using mutually authenticated TLS
· Have used REST for edge and backbone
· Integrating other protocols as edges
· Need to finalize the security model to make sure the java and ruby implementations can speak to each other
REST team update from Arien Malec
· Getting resources up and running has been trivial, whereas agreeing on a security model has been more difficult
· Implemented mutual authentication over TLS, but is not confident that this will be the ultimate solution
· Has built a version of the SMIME agent end-end against a database cert store
o Also has enabled cert discovery using REST
· Dependent on the final security model , sees this as the biggest issue for the REST team
· Hopes to build a simple web client, but may not be able to get to this
REST team update from Ravi Madduri
· Created a scenario where they implemented three transactions using mutual authentication
· Able to issue patient username and password and have SAML assertion issued
· Created a web-based demo, want to make this widely available
· Next steps:
o Make Argonne REST team’s work public
o Determine how to interact with other NHIN Direct implementations
Comment from Brian Behlendorf
· Would like to hear input from WG on the Farzad’s idea for external review idea of the concrete implementations
· Suggest that the WG generate publicity around worksheets as appropriate
· Goal is to have fresh set of eyes look at the capability worksheet content
o Worksheet content must be self-explanatory
o Would be a high standard to say that the worksheets were peer reviewed
o Can have media publicize worksheets and channel interest into comments on wiki
Comment from Arien Malec
· Would it be valuable to have a formal structured review of the implementations with neutral parties that have awareness of technology and healthcare? (could include: Aneesh Chopra, John Halamka)
· Would this sort of independent review help us drive to consensus or add more confusion?
Feedback on External Review of Implementations
Name
Feedback/Comment
Wesley Combs
Pass
David McCallie
  • Good idea to specifically invite a few key people with authority and responsibility
  • Concern about the potential for confusion if we have a superficial reaction from the outside
  • Ambivalent about a publicity drive, we may not gain greatly from more input

Vassil Peytchev
A targeted request for feedback would be better than broad publicity pull if we don’t have a very careful explanation of the whole project/process

John Moehrke
  • How would an outsider make sense of this?
  • Need to build a mechanism for understanding pros/cons ourselves
  • A broadcast approach would produce likely to produce worse than noise
  • Would be useful to help a larger audience understand that we’re making progress

Jason Colquitt
A targeted response, with questions/comments from industry leaders would be good, but a public broadcast would be less helpful

Nageshwara Bashyam
Agree with what’s been said thus far
Karen Witting
Agree with what’s been said thus far
Eric Heflin
· Opaqueness for our process could cause confusion
· Eventually we should broadcast our work and have an overall communications approach

Comment from Arien Malec
· Once we have a final specification it would be good to have wide review of the final spec
Comment from Brian Behlendorf
· Seems to be a general endorsement of directed invitations to review the implementations
· Brian and Arien to make personal appeals to experts we trust to get involved
o Do we want a structured conference call with these experts rather than a more informal review?
· A meeting invitation for a longer WG session will be distributed for June 8th