Notes from Reference Implementation Presentation
Date: August 18, 2010
Time: 9:00am-10:00am

Participants: Brian Behlendorf, Jonathon Bartels, Tony Calice, Janet Campbell, Gary Christensen, Jason Colquitt, Ron Cordell, Tim Cromwell, Rich Elmore, Zachary Gillen, Mark Gingrich, Beau Grantham, Uvinie Hettiaratchy, Don Jorgenson, Dan Kazzaz, Chris Lamonico, Umesh Madan, Arien Malec, Alex Matsukevich, David McCallie, John Moerkhe, Parag More, Sean Nolan, Kris Olberg, Vassil Petyachev, Will Ross, Caitlin Ryan, Claudio Sanchez, Jason Siegel, Jas Singh, Mark Stine, Aaron Stranahan, John Theisen, Paul Tuten, Chris Voigt
Current Action Items
ID
Date
Action
Status
Owner
Due Date
1
8/18/2010
Contribute to a list of bugs at code.google.com (reference implementations)
Open
Sean Nolan and WG
8/24/2010
2
8/18/2010
Send the following question to the Security and Trust WG: “The reference implementations are solely using a DNS Responder Service to manage CERTs. Should the reference implementations also include an LDAP delivery mechanism as an alternative?”
Open
Arien Malec
8/24/2010
3
8/18/2010
Develop plan to bridge communication gap between the Reference Implementation WG and the Geographies WG
Open
Susan Johnston/Arien Malec
8/24/2010
4
8/18/2010
Create a list of action items to be completed so that coders can be directly plugged into the Java reference implementation coding process
Open
Beau Granthum/Brian Behlendorf
8/24/2010
5
8/18/2010
Develop a Java components skeleton to be posted on the team’s wiki page
Open
Beau Granthum/Brian Behlendorf
8/24/2010
6
8/18/2010
Prepare for Virtual Sprint to onboard new coders and plug them into projects
Open
Arien Malec/Brian Behlendorf/Beau Granthum
8/24/2010
7
8/18/2010
Organize the virtual code-a-thon for late August and assist in collocating effort
Open
Arien Malec/Brian Behlendorf
8/31/2010
8
8/18/2010
Determine location for the next Face-to-Face code-a-thon in September
Open
Arien Malec/Brian Behlendorf/Tony Calice
8/31/2010


CSHARP Reference Implementation Team (Leads: Umesh Madan & Sean Nolan)
Sean Nolan/Umesh Madan
  • Developed a bright interface between the components in case other developers want to change things themselves for their case specific implementation

  • Displayed the C-Sharp reference implementation’s components skeleton
  • Proceeded to walk through the key components:
    • Windows server comes with a simple SMTP server (Gateway)
      • It is a thin service, high volume product
      • Its structured in a “90’s way” to hook the transport
      • A thin C++ hook that connects to the pipeline
        • Basically bridges to the .NET
      • .NET decomposes and extracts the components
      • The security agent is in that box
      • The Windows server manages signatures, certificates, etc.
      • Status: Almost Done
        • Still working on intermediate certificates

    • XDD Gateway
      • “Enables communication between IHE/NHIN nodes and the NHIN Direct SMTP backbone”
      • Sean noted that HealthVault will do it this way
      • The drop box is monitored for messages that need to be converted to XDD and then transferred
      • Status: Vassil is working on this, translating things

    • Configuration Web Service (SQL)
      • Simple data base
        • On top of the data base is a .NET object model
        • On top of the .NET object model there is a WCF service
      • Anything underneath them can be replaced
      • Status: Mostly done

    • DNS piece
      • For MX and CERT record distribution
      • Previously used BIND (good for certificates)
        • It specifically focuses on zone file services
      • Less painful if they used a standalone responder for DNS
      • Status: Work in progress
        • DNS doesn’t cache

    • Configuration Web/Console UI
      • The configuration UI will be a simple ASP.NET MVC web site used by administrators to manually configure the reference implementation
      • Status: Not done yet

  • Creating a list of problems on the code.google.com
    • Asked work groups to contribute to said list of bugs

  • Although not complete, the C-Sharp reference implementation is up online and can be used
    • Are theoretically prepared to start assisting pilot projects in implementation
    • John Theisen has been performing building tests
    • Microsoft expects that HealthVault will be up and running by November, so Sean and Umesh need the code going
Brian Behlendorf
  • Asked about individual certificates?
Sean Nolan
  • Responded that the DNS will be called out to look up for a certificate
    • Each time a user is provisioned, then a certificate is provisioned in the DNS
    • Depends on what level certificates are being issued (organization v. individual)
Janet Campbell
  • Asked if there is a high volume website for individual certificates?
Sean Nolan
  • Answered that the code at the Configuration Web Service level will have to sub-certificate
John Moerkhe
  • Asked if NHIN Direct addresses cannot have a period in the front part?
Brian Behlendorf
  • Clarified that this is one-way process
    • The associated signature/certificate will not need to be returned to an address
    • Therefore they will not need to determine which period was the original @ sign
John Moerkhe
  • Questioned why not manage certificates by LDAP instead of DNS?
Umesh Madan/Sean Nolan
  • Responded that they are not using it right now, but could be done
    • The agent doesn’t care - can fix that using config
    • Public is different if you are trying to save the certificates
    • When a third party wants to discover certificates they use the DNS
John Moehrke
  • Further questioned about universal addressing?
    • Need to distinguish between minimum specification or other options
Arien Malec
  • Reminded that DNS is just the minimum, and was a suggested mechanism
  • Further reminded participants that organizations are free to use an LDAP certificate mechanism
  • However, noted that universality may be lost if NHIN Direct is too divided between DNS and LDAP
    • Right now the DNS is being used for certificates
      • It is out there, it works and it propagates
    • Credible solution for getting up and running
John Moehrke
  • Clarified that he does not know what is best, just wants to have the discussion
    • Should we have a discussion about LDAP now?
      • Discussion: Which one is better, DNS or LDAP?
  • Expressed the view that it appears there is already a decision if all the reference models are going solely in one direction
Umesh Madan
  • Responded that he does not want to engage in policy-like negotiations
    • Ex: Some speak LDAP, some speak DNS
    • Believes the fewer better options, the better
Brian Behlendorf
  • Asked if we make this decision before the pilots or after the pilots?
    • Suggested this should be sent to Security and Trust workgroup
  • Reminded the participants that this is a “do-ocracy”
    • If people have any particular issue, they bring it up and provide assistance in coding the difference
Arien Malec
  • Stressed that NHIN Direct needs some universality in certificate distribution
    • Mentioned that the DNS CERT “has it baked in there”
    • Offered that if they can figure out a mechanism to have LDAP do the same thing as DNS, then they can try it out and use them in pilots
  • Organizations are free to do the personal exchange of certificates
  • Recognized that they have a team that has been working tough on code
    • Sean and Umesh – want to prove it out that this DNS model works
    • Offered that anyone is free to take this code that Umesh singlehandedly wrote, and edit it and run with it
Dan Kazzaz
  • Mentioned that he has worked with this code personally, and it worked without the DNS
    • Essentially you can use it with or without DNS
  • However, he stressed that the DNS model always refreshes certificates
    • This is something that really makes the DNS attractive

Java Implementation (Leads: Beau Grantham & Brian Behlendorf)
Beau Grantham
  • Informed the participants that the agent piece is eighty percent complete
    • Exists and in test the messages got across
  • Identified that neither of the principal architects of the Java reference implementation, Greg Cole or Vince Lewis, were present
    • Recognized that they took a lot from Umesh’s initial code
    • Intimated the need to transfer the knowledge to those that are interested
      • Jonathon Bartels from the Mirth Corporation is interested
      • Chris Lomonico has also provided a possible resource for Java
Parag More
  • Introduced himself as the representative on behalf of MedAllies
  • Accepted that MedAllies has yet to convert the agent/SMTP portion to the XDM package
    • Working on the XDM to XDR
  • Informed the group that no security or packaging has yet been developed
  • Further informed the group that they are still working on the addressing part
    • Vince Lewis specifically is working on that
  • Stated that once the XDD specification is formalized, MedAllies is committed to providing that
Brian Behlendorf
  • Issued a “call for help”
    • Dragon has volunteered to help out with Java
    • Susan Johnston has volunteered to be a bridge between the reference implementation and geographies team
      • Essential role that product and project management can play
    • The Connect working group members might be able to help
      • Brian and Dragon have been keeping them updated
      • The Connect members have been observing from a far, but are currently “marching to orders of the federal partners”
      • Based on priorities and on time, they currently need to complete VLER
  • Urged participants that if they want to bring in someone else from your company, NHIN Direct could maximize their assistance at this time
Arien Malec
  • Emphasized the importance of the visibility of the schedule
  • Recognized there is a good base of people on the Java side, they just need to organize them
  • Believes that in a week or two NHIN Direct will be in a much better state
    • First need to identify all the components in the stack
    • Then determine all the targets for when all these components will be completed
Brian Behlendorf
  • Currently laying out that roadmap over the next two weeks, then we can go full force
  • Announced a one week virtual sprint with a public outlook
    • Issued a broader call - if someone has a background in CSharp and Java, this is the time to get involved
    • Plan to make themselves available for that one week to catch people up to speed
    • Aim to create with a list of items that need to be worked on so people can simply take them on
    • Bringing the code to a test-ready state
    • Goal: As a HISP I can take this code, do the tests (test-patient, test-doctor)
  • Also plan to create a Java skeleton similar to the C-Sharp skeleton referenced earlier in notes