Transcript Slide 1

Single Sign-On for
Professionals & Patients
Phil Stradling
Best use of web service standards
In particular:
– WS-Security and WS-Trust that are already in
use in government.
– WS-Federation for single sign-on.
– WS-Addressing and WS-ReliableMessaging
for messaging across the NHS estate.
HL7 Web Service Profiles
• Submitted to ballot process last month
• First review by HL7 UK next week
• 3 draft profiles submitted for:
– WS-Addressing
– WS-Security
– WS-ReliableMessaging
• Build on basic profile for SOAP
Federated Identity Management
Standards-based technology & processes to enable
identification, authentication, and authorization across
organizational and platform boundaries
• Enable each organization to:
– Act as an authority for the identities it manages
– Make verifiable assertions about those identities
• Build bridges of trust between “organizational
islands” so they:
–
–
–
–
Choose whom they trust
Control how much they trust
Manage only their own internal identities
Use their own internal protocols
Logical SSO Architecture
Spine
Web
Apps
Dir
CA
SSB
LSP
Web
Apps
MHS
MHS
Transact
NHS Net
Message =
HL7 Schema +
Transact
Trust
DMZ
Professional
SAML token
Internal
Network
HL7 WS Headers
Secure Connection
Federation
Server
Directory
MHS
Integration Hub
HL7 v2 / v3
Logon
Transact
Maternity
Radiology
PAS
Product Mapping
Spine
Web
Apps
Dir
CA
SSB
LSP
Web
Apps
MHS
MHS
Transact
NHS Net
Message =
HL7 Schema +
Transact
Trust
HL7 WS Headers
DMZ
ISA
Professional
SAML token
Internal
Network
ADFS
Indigo
AD
Biztalk
HL7 v2 / v3
Logon
Transact
Maternity
Radiology
PAS
Patient E-Services using Government Gateway
Spine
LSP
Web
Apps
Web
Apps
MHS
MHS
Internet/
Messages =
NHS Net
HL7 Schema +
HL7 WS Headers
Government
Gateway
Secure
Conex
A&A
SAML token
Transaction
Engine (MHS)
Logon
Patient
Access to
NASP & LSP
web services
Patient facing sites, eg:
View/Transact
NHS Direct
Healthspace
Care
Pathways
GP