Security & Trust Meeting 2010-04-15
Jump to navigation
Jump to search
Notes from 'Security & Trust' Workgroup
Status of Notes: DRAFT
Date: April 15, 2010
Time: 2pm-3pm
Attendees: Honora Burnett, Arien Malec, Sam Christy, Laurie Tull, Fred Trotter, Greg Turner, Jonathan Gershater, Vassil Peytchev, Joel Ryba, Vince Lewis, Eric Heflin, Sean Nolan, Erik Horstkotte, Dan Russler, Ron Cordell, Pam Waters, Peter Palmer, Gail Belles, Mike Davis, Brett Peterson, Andrew Reickhard, Rodger Johnson & Peter Clark
Actions
Issue Framing:
1. Inclusion policy - how do we govern the inclusion of CAs in the trust relationships?
2. If nhin-direct does not take on the root-CA model, how do two medical providers communicate if their respective HSPs have not established a 1:1 trust relationship?
3. If an NHIN participant trusts all participants with a certificate signed by a given authority. Do we need to support the ability to define exceptions to this trust for specific participants?
4. A problem with individual trust versus organizational trust
5. Why is this problem different from any other?
6. From "robust group" Tuesday call: Take to Security and Trust Workgroup: does there have to be a separation between HSP and the destination?
Comment from Brett Peterson
· Trust relationships with multiple roots
Comment from Eric Heflin
· Policy should be a function of regulation
· Complexity is across state
Comment from Sean Nolan
· Technology implies that there can be multiple figurative one
· Overloading the word trust
Comment from Mike Davis
· Trust in CA is dependent on certificate policy in place
· There are existing standards in E31 could provide technical reasons for establishing trust in another CA
· Standard has been harmonized with Federal bridge CA
· Someone will investigate our use of government ASTM Use Cases ($44 for standard) look at how this can be used for the WG
· Technology is not cutting edge
· How different is this problem? Has it been solved in other industries?
Comment from Greg Turner
· A wealth of information here that wasn’t here before
· Lack of standards makes it more complicated
Comment from Vassil Peytchev
· Finance you have direct relationship
· Other exchange of information between financial institutions is de-identified and is
· Consumer to provider
· Other exchanges need explicit authorization and this isn’t done via technology even in financial organizations
Comment from Arien Malec
· Health challenges are very similar to financial institutions
· We trust our physicians more than we trust our banks
· Question is critical and don’t know who has done this
Comment from Joel Ryba
· Depends on what you are trusting the certificate for
Comment from Eric Heflin
· PKI might provide the solution we are looking for, but there are some key issues:
o Multiple conflicting laws
o Volume of data is massive
o Multiple domain issues – all with different needs/uses
o Number of unique laws
o Small number of domains – bank/bank partners
Comment from Sean Nolan & Umesh
· Root is a little more simple, healthcare is a place in which the market dynamics haven’t encouraged standardization
· Harder technology
· Challenges:
o Heterogeneity
o Workflow
Comment from Pete Palmer
· Have guidance documents to address these
· Pete Palmer will provide information about the Contera initiative on the Wiki
· ID assurance and ID proofing and addresses the nature of how assured someone needs to be to do XYZ and appropriate credentials that match that
Comment from Rodger Johnson & Andrew Reickhard
· Competing, or threat model is also improving with technology
· Authentification should be re authenticating at multiple stages
· Additional piece – what role does that person play and authentification of roles
Comment from Dan Russler
· Who is the “fraud team”
· Can move things back and forth to multiple banks
· A lot of this can be related to banks – more similarities
Comment from Mike Davis
· Managing this information is the part that is hard
· Hard from management side to implement these things
· Mike Davis might provide a summary understanding of the VA pilot for the use of PKI for identity with controlled substances on the Wiki
Sean & Umesh have done a lot of thinking about simplifying the key framework
· Framed up thoughts about a proposal that was down to individual certificates
· If we think that it is important for us to ID actors in the system down to the level of the address, it gives us flexibility not to have to worry about the higher levels
· Every address has a certificate, includes their organization
· Patient access – where having access to the organization isn’t significant as to whether a provider trusts and address or not
· Might have to introduce new hops
· PKI certificate – hard, but we have some unique mitigating factors because we are defining an HSP which can be an issuing authority
· If we could create individual level certificates, does that mean we have to do it up the chain – provider, HSP chain
· Arien’s restating proposal, Umesh and Sean are going to write this idea of “chain of trust” on the Wiki:
o Proposing that a Certification Authority that is duly authorized by a mechanism we give it can hand a cert to an organization or HSP and that organization can then hand out child certs or child-child certs which gives us flexibility to give certs to individual level, but gives us organizational efficiency to certify at the organizational level
o Explore re-cert an existing address
o Key issue to discuss for next time
Status of Notes: DRAFT
Date: April 15, 2010
Time: 2pm-3pm
Attendees: Honora Burnett, Arien Malec, Sam Christy, Laurie Tull, Fred Trotter, Greg Turner, Jonathan Gershater, Vassil Peytchev, Joel Ryba, Vince Lewis, Eric Heflin, Sean Nolan, Erik Horstkotte, Dan Russler, Ron Cordell, Pam Waters, Peter Palmer, Gail Belles, Mike Davis, Brett Peterson, Andrew Reickhard, Rodger Johnson & Peter Clark
Actions
| # |
Date |
Action |
Status |
Owner |
Due Date |
| 8 |
4/15/10 |
John Davis will investigate our use of government ASTM Use Cases ($44 for standard) look at how this can be used for the WG |
Open |
John Davis |
4/22/10 |
| 9 |
4/15/10 |
Pete Palmer will provide information about the Kantara initiative on the Wiki |
Open |
Pete Palmer |
4/22/10 |
| 10 |
4/15/10 |
Umesh and Sean are going to write this idea of “chain of trust” on the Wiki. They will explore re-cert an existing address and frame up as key issue to discuss for next time |
Open |
Microsoft Team |
4/22/10 |
Issue Framing:
1. Inclusion policy - how do we govern the inclusion of CAs in the trust relationships?
2. If nhin-direct does not take on the root-CA model, how do two medical providers communicate if their respective HSPs have not established a 1:1 trust relationship?
3. If an NHIN participant trusts all participants with a certificate signed by a given authority. Do we need to support the ability to define exceptions to this trust for specific participants?
4. A problem with individual trust versus organizational trust
5. Why is this problem different from any other?
6. From "robust group" Tuesday call: Take to Security and Trust Workgroup: does there have to be a separation between HSP and the destination?
Comment from Brett Peterson
· Trust relationships with multiple roots
Comment from Eric Heflin
· Policy should be a function of regulation
· Complexity is across state
Comment from Sean Nolan
· Technology implies that there can be multiple figurative one
· Overloading the word trust
Comment from Mike Davis
· Trust in CA is dependent on certificate policy in place
· There are existing standards in E31 could provide technical reasons for establishing trust in another CA
· Standard has been harmonized with Federal bridge CA
· Someone will investigate our use of government ASTM Use Cases ($44 for standard) look at how this can be used for the WG
· Technology is not cutting edge
· How different is this problem? Has it been solved in other industries?
Comment from Greg Turner
· A wealth of information here that wasn’t here before
· Lack of standards makes it more complicated
Comment from Vassil Peytchev
· Finance you have direct relationship
· Other exchange of information between financial institutions is de-identified and is
· Consumer to provider
· Other exchanges need explicit authorization and this isn’t done via technology even in financial organizations
Comment from Arien Malec
· Health challenges are very similar to financial institutions
· We trust our physicians more than we trust our banks
· Question is critical and don’t know who has done this
Comment from Joel Ryba
· Depends on what you are trusting the certificate for
Comment from Eric Heflin
· PKI might provide the solution we are looking for, but there are some key issues:
o Multiple conflicting laws
o Volume of data is massive
o Multiple domain issues – all with different needs/uses
o Number of unique laws
o Small number of domains – bank/bank partners
Comment from Sean Nolan & Umesh
· Root is a little more simple, healthcare is a place in which the market dynamics haven’t encouraged standardization
· Harder technology
· Challenges:
o Heterogeneity
o Workflow
Comment from Pete Palmer
· Have guidance documents to address these
· Pete Palmer will provide information about the Contera initiative on the Wiki
· ID assurance and ID proofing and addresses the nature of how assured someone needs to be to do XYZ and appropriate credentials that match that
Comment from Rodger Johnson & Andrew Reickhard
· Competing, or threat model is also improving with technology
· Authentification should be re authenticating at multiple stages
· Additional piece – what role does that person play and authentification of roles
Comment from Dan Russler
· Who is the “fraud team”
· Can move things back and forth to multiple banks
· A lot of this can be related to banks – more similarities
Comment from Mike Davis
· Managing this information is the part that is hard
· Hard from management side to implement these things
· Mike Davis might provide a summary understanding of the VA pilot for the use of PKI for identity with controlled substances on the Wiki
Sean & Umesh have done a lot of thinking about simplifying the key framework
· Framed up thoughts about a proposal that was down to individual certificates
· If we think that it is important for us to ID actors in the system down to the level of the address, it gives us flexibility not to have to worry about the higher levels
· Every address has a certificate, includes their organization
· Patient access – where having access to the organization isn’t significant as to whether a provider trusts and address or not
· Might have to introduce new hops
· PKI certificate – hard, but we have some unique mitigating factors because we are defining an HSP which can be an issuing authority
· If we could create individual level certificates, does that mean we have to do it up the chain – provider, HSP chain
· Arien’s restating proposal, Umesh and Sean are going to write this idea of “chain of trust” on the Wiki:
o Proposing that a Certification Authority that is duly authorized by a mechanism we give it can hand a cert to an organization or HSP and that organization can then hand out child certs or child-child certs which gives us flexibility to give certs to individual level, but gives us organizational efficiency to certify at the organizational level
o Explore re-cert an existing address
o Key issue to discuss for next time