New Match Request Adaptor

Download Report

Transcript New Match Request Adaptor

Data Sharing & Standards Division
eCare Technical Workshop
Inverness
23rd November 2005
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
2
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
3
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
4
Agency Network
Data Sharing & Standards Division
Agency
System
System Business
Adaptor
Integration
Messaging
Logic
and Data
Agency Systems are
MIS
applications within the varying
agencies that perform
client/patient/person
processing functions
SOAP
An Adaptor is a software component that
enables communications between agency
systems and the eCare Framework […] the
Adaptor can be a logical software component
built into an agency system or on a separate
physical machine
eCare Safe Haven
eCare Safe Haven or
DMZ is a secure
perimeter network that
connects the Agency
networks with the
network in which the
eCare Framework’s
hardware is located.
Message
Messaging
Business Logic
The Messaging Service
provides Agency
Applications with an
interface to the eCare
Framework
Messaging Zone
SQL
Data
Databases
Indexes
23rd Novemeber 2005
Framework Zone
eCare Technical
Workshop
The Multi Agency Store is the
repository used to store
consented data for the purpose
of information being shared
between different agencies
5
Data Sharing & Standards Division
Indexing & Matching
•
Systems must have a person record prior to sharing or viewing of data in the MAS
•
Systems must create an index entry in the MAS from a matching solution employing
a national process as per the eCare Matching Overview strategy document
•
eCare maintains a multi-agency index of all connected systems person reference
numbers; systems have no access to this index which contains no shared data
•
Systems must have an index entry to receive MAS notifications
•
This index permits systems to view data regardless of consent or disclosure authority.
The ability to lock a person record in the MAS from viewing is a separate – and
currently unrelated – function.
23rd Novemeber 2005
eCare Technical Workshop
6
Data Sharing & Standards Division
Consent & Disclosure Authority
•
Conditions for data sharing are:
–
Either the Subject (or a proxy for the Subject) has
given informed consent to the sharing of data or a
competent professional within the disclosing agency
has taken a considered decision to override the
absence of consent; and
–
It is necessary and relevant to share the data.
23rd Novemeber 2005
eCare Technical Workshop
7
Data Sharing & Standards Division
Consent
• Consent is collected once per person in the MAS
– A subset of data is stored
– A full history of changes is maintained
– All systems with an index entry are notified when the
status changes
– Does not physically enable data sharing
23rd Novemeber 2005
eCare Technical Workshop
8
Data Sharing & Standards Division
consent process
(cross-partnership)
Systems update their own
consent status
SYSTEM-N
SYSTEM-A
MSG:
CONSENT_STATUS
MSG: NOTIFICATION
RefNo
Consent Data
MAS
23rd Novemeber 2005
MAS notifies each system
with an Index entry that
MAS maintains
a history
consent
has of
changed
all consent
eCare Technical Workshop
9
Data Sharing & Standards Division
Disclosure Authority
• Authority is stored once per system per person in the
MAS
– A full history of changes is maintained
– All systems with an index entry are notified when the status
changes
– Physically enables data sharing – no system can send data to
the MAS without authority
– Does not restrict viewing data from the MAS – all systems with
an index entry can retrieve data
23rd Novemeber 2005
eCare Technical Workshop
10
Data Sharing & Standards Division
disclosure process
SYSTEM-A
SYSTEM-N
MSG:
AUTHORITY_STATUS
MSG: NOTIFICATION
MAS notifies system
admin thatauthority has
MAS maintains a history of
changed
all authority
RefNo
Authority Data
MAS
23rd Novemeber 2005
eCare Technical Workshop
11
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
12
Data Sharing & Standards Division
What is the eCare Framework
Agency
Application
Adaptor
NHS
Auto
Matcher
eCare DMZ
Messaging
Services
Matching
Services
MAS
Matching
Manual
Matcher
Agency
CHI
Services
23rd Novemeber 2005
eCare Technical Workshop
13
Data Sharing & Standards Division
What are web services
• Standards based
• Simple Object Access Protocol 1.1
(SOAP)
• Web Service Definition Language (WSDL)
23rd Novemeber 2005
eCare Technical Workshop
14
Data Sharing & Standards Division
Security
• Encryption
– SSL Encryption
• Authentication
– WS-Security (Username Token)
• Authorisation
– WS-Security / Policy
23rd Novemeber 2005
eCare Technical Workshop
15
Data Sharing & Standards Division
WS-Security
• Oasis standard
• Supported by :
–
–
–
–
–
IBM
Microsoft (WSE)
Sun
Oracle
Bea
• Message level security
• http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-soap-message-security-1.0.pdf
23rd Novemeber 2005
eCare Technical Workshop
16
Data Sharing & Standards Division
Services Documentation Set
•
•
•
•
•
•
Messaging Integration Guide
Messaging Admin Guide
Matching Integration Guide
Matching Admin Guide
Viewer Tool Guide
+ Other National Documentation Set….
23rd Novemeber 2005
eCare Technical Workshop
17
Data Sharing & Standards Division
Application Design Decisions
•
•
•
•
•
•
Interoperability
Service Granularity
Authentication and Authorisation
Data Changes
Unique Message Requests
Error Feedback
23rd Novemeber 2005
eCare Technical Workshop
18
Data Sharing & Standards Division
Interoperability
• Apply best practise
• Validate against WS-I Basic Profile
WS-I is an open industry organisation chartered to promote
Web services interoperability across platforms, operating systems,
and programming languages.
23rd Novemeber 2005
eCare Technical Workshop
19
Data Sharing & Standards Division
Service Granularity
• Document Message Pattern
• Coarse grained messages
– Simplify message sequencing
– Reduce network performance overhead
– Simplify transaction management
23rd Novemeber 2005
eCare Technical Workshop
20
Data Sharing & Standards Division
Service Granularity…
• Standard message formats
Messages::eCareMessageContainer
Messages::eCareMessageHeader
1
+LocalUniqueMessageId : string
+AuditReference : string
1
1
Messages::eCareMessagePayload
1
23rd Novemeber 2005
eCare Technical Workshop
21
Data Sharing & Standards Division
Authentication & Authorisation
• Authenticate host application not user
• Implemented through WS-Security
• Support Role based authorisation (Policy)
23rd Novemeber 2005
eCare Technical Workshop
22
Data Sharing & Standards Division
Unique Message Request
• All messages must include a unique
identifier
• Validated on every service request
23rd Novemeber 2005
eCare Technical Workshop
23
Data Sharing & Standards Division
Error Feedback
• Soap Fault
• Client Details – XML formatted error
messages & codes
• ClientUtilities DLL (for .Net)
23rd Novemeber 2005
eCare Technical Workshop
24
Data Sharing & Standards Division
Web Services Supported
• Focuses on
– Core Demographics
– Disclosure Authority
– Matching
– Processes
– Events
– Status Episodes
23rd Novemeber 2005
eCare Technical Workshop
25
Agency Boundary
Data Sharing & Standards Division
Matching
Process
1. New
Host
Service User
Application
2. Poll for new service users
Adaptor
3. New Match
Request
8. Match
Notification
eCare DMZ
NHS Boundary
Manual
Matcher
Messaging
4. Store
Request
Matching
CHI
MAS
7. Index
Created
Auto
5. Attempt Matcher
Match
23rd Novemeber 2005
eCare Technical Workshop
6. Search
CHI
26
Data Sharing & Standards Division
Web Services Supported…
• Matching Service
– NewMatchRequest
• Index Service
– IsMatched
– Not AddIndex etc.
23rd Novemeber 2005
eCare Technical Workshop
27
Data Sharing & Standards Division
Matching Process
New Match Request
MAS
Match Request
Matching
Tool
23rd Novemeber 2005
Get Pending Match Request
Successful Match
eCare Technical Workshop
Create Index
Adaptor
Matching
DB
28
Data Sharing & Standards Division
Web Services Supported…
• Notifications Service
– GetNotifications
– AcknowledgeNotifications
23rd Novemeber 2005
eCare Technical Workshop
29
Data Sharing & Standards Division
Matching Process
Index
Created
Adaptor
New Match Request
MAS
Get Notifications
Acknowledge Notifications
23rd Novemeber 2005
eCare Technical Workshop
30
Data Sharing & Standards Division
Matching Demo…
• Automatic Matcher
• Manual Matcher
• CHI Simulator
23rd Novemeber 2005
eCare Technical Workshop
31
Data Sharing
Agency Boundary
Data Sharing & Standards Division
Agency Boundary
Host
Application
Host
Application
1. Service User
Interaction
5. View Shared
Data
Adaptor
3. Store Service
User Data
Adaptor monitors
Changes
Viewer
2. Store Disclosure
Authorisation
Adaptor
4. Other Agencies
Share Data
eCare DMZ
Messaging
MAS
23rd Novemeber 2005
eCare Technical Workshop
32
Data Sharing & Standards Division
Web Services Supported…
• Disclosure Service
– StoreDisclosureAuthority
– StorePartnershipConsent
• Person Service (Person, Associate & Professional)
– StorePerson
• Must be matched first
• CurrentData
– GetPerson
• Current Data Only
– GetPersonByMasId
• Person Status
23rd Novemeber 2005
eCare Technical Workshop
33
Data Sharing & Standards Division
Web Services Supported…
•
Organisation Service
– StoreOrganisation
– GetOrganisation
•
StatusEpisode Service
– StoreStatusEpisode
– GetStatusEpisodeForSubject
– GetStatusEpisode
•
Process Service
– StoreProcess
– GetProcessesForSubject
– GetProcess
•
Event Service
– StoreEvent
– GetEventsForSubject
– GetEvent
23rd Novemeber 2005
eCare Technical Workshop
34
Data Sharing & Standards Division
Web Services Supported…
• Viewer Service
– GetPersonView
– GetPersonViewXML
23rd Novemeber 2005
eCare Technical Workshop
35
Data Sharing & Standards Division
Extensions
• Supported by
– Processes
– Events
– Status Episodes
• Allows custom data to be stored
– E.g. Referral Process:
• Reason
• Received Date
• ConcernFactorCV
23rd Novemeber 2005
eCare Technical Workshop
36
Data Sharing & Standards Division
Viewer
• What is the Viewer and what can you do?
– Access MAS Data
– No searching
– Embed in web page
– .Net User Control (Web Page)
– No inherent authentication / authorisation
23rd Novemeber 2005
eCare Technical Workshop
37
Data Sharing & Standards Division
Web Service /
Embedded Viewer Demo…
23rd Novemeber 2005
eCare Technical Workshop
38
Data Sharing & Standards Division
Viewer Usage
•
•
•
•
ASP.Net page
Parameterised reference data
Access Rights – tab visibility
Configurable Tabs text / CSS
23rd Novemeber 2005
eCare Technical Workshop
39
Data Sharing & Standards Division
Version 0.7 Viewer Demo
23rd Novemeber 2005
eCare Technical Workshop
40
Data Sharing & Standards Division
eCart Demo
eCart
eCare
eCart User
Interface
eCare
Messaging
Service
eCart
Application
Directory
Service
eCart Data
23rd Novemeber 2005
MAS
eCare Technical Workshop
41
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
42
Data Sharing & Standards Division
Forms Web Services
• Two Phases
– 0.7: Store and Retrieve Completed Form
– 0.8(?): Retrieve full Form definition
23rd Novemeber 2005
eCare Technical Workshop
43
Data Sharing & Standards Division
Storing a Form
• Form Definition must exist in MAS (Excel
Tool)
• Forms belong to a process
• Agencies can collaborate on a single form
• Pessimistic locking is implemented
• Form ‘updates’ do not overwrite old forms
(FormState)
23rd Novemeber 2005
eCare Technical Workshop
44
Data Sharing & Standards Division
Storing a Form
• New Form
– Execute StoreForm web service
• Update Form
– GetForm (with lock)
– StoreForm
23rd Novemeber 2005
eCare Technical Workshop
45
Data Sharing & Standards Division
Store Form
System A
StoreProcess
StoreForm (New)
eCare
Get Form (for edit)
Error!
System B
23rd Novemeber 2005
eCare Technical Workshop
46
Data Sharing & Standards Division
Webservice Validation
• Question mapping – based on Question
Code
• Definitions validated – e.g. CVs, Validation
Types etc.
• Mandatory fields not validated – change?
• Calculations not validated
• Locking validated
23rd Novemeber 2005
eCare Technical Workshop
47
Data Sharing & Standards Division
Entities
• Form (Form State)
• Form Sections (Multiple Occurrences)
• Form Question Grouping (Multiple
Occurrences)
• Responses
23rd Novemeber 2005
eCare Technical Workshop
48
Data Sharing & Standards Division
Other Forms Services
•
•
•
•
GetFormsForProcess
GetForm
UnlockForm
LinkFormToProcess
23rd Novemeber 2005
eCare Technical Workshop
49
Data Sharing & Standards Division
0.7 Enhancements
• Logical sorted results (e.g. Processes)
• Improved database indexing
• Support multiple Person Roles (single
operation)
• Some new CVs
• Various Viewer improvements (cosmetic)
• Matching Simulator improvements
23rd Novemeber 2005
eCare Technical Workshop
50
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
51
Data Sharing & Standards Division
Conceptual Implementation
eCare Partnership Boundary
Health Care Boundary
Social Care Boundary
Education Boundary
Health Care
Social Care
Agency Boundary
Application
Application
Agency
Viewer
Application
Web
eCare
eCare Server
Adaptor
Adaptor
eCare
Adaptor
Matching
CHI
Matching
Clients
Education
Application
eCART
Database
eCare
AdaptorServer
Other
Application
eCare
Adaptor
eCART
Web Server
eCART
Adaptor
CHI XML
Gateway
Security
Education Boundary
Optional
Components
Messaging
Only in Health
eCare Framework
MAS
23rd Novemeber 2005
Index
eCare Technical Workshop
52
Data Sharing & Standards Division
Agency Responsibilities:
•
•
•
•
•
•
Agency Applications (or eCART)
eCare Viewer (Optional)
Application Adaptors
Matching Tools
eCare Connectivity
Security
23rd Novemeber 2005
eCare Technical Workshop
53
Data Sharing & Standards Division
Partnership Responsibilities
• eCare Safe Haven
– MAS Database
– Application Servers
– Secure Infrastructure
• Administration / Maintenance
• Disaster Recovery
• Resiliency
23rd Novemeber 2005
eCare Technical Workshop
54
Data Sharing & Standards Division
Technologies
•
•
•
•
Microsoft Technology stack
Windows 2003
SQL Server 2000
Microsoft .Net 1.1 Framework
23rd Novemeber 2005
eCare Technical Workshop
55
Data Sharing & Standards Division
The Options….
• Local Implementation
– Partnership jointly responsible for eCare Safe
Haven implementation and on going support
• Managed Service
– Centrally managed eCare Safe Haven
23rd Novemeber 2005
eCare Technical Workshop
56
Data Sharing & Standards Division
Option 1 – Local Hosting
23rd Novemeber 2005
eCare Technical Workshop
57
Data Sharing & Standards Division
Basic Connectivity
Agency A
Agency B
Connection Networks
eCare
Applications
(if any)
eCare
Messaging
eCare
Data
eCare
Management
Network Intrusion
Protection System
eCare Firewall
WAN Router
23rd Novemeber 2005
100 Mbps LAN
Switch with VLAN
capability
eCare Technical Workshop
58
Data Sharing & Standards Division
Servers
Management Server
eCare Management LAN
Small Scale Solution
Application
Server
(if any)
Database
Server
Messaging
Server
eCare LAN
Management Server
eCare Management LAN
Application
Server
(if any)
Messaging
Server
Messaging
Server
Network Load Balanced
Database
Server
Database
Server
A-P Clustered
Large Scale Solution
eCare LAN
23rd Novemeber 2005
eCare Technical Workshop
59
Data Sharing & Standards Division
Security
Agencies
Health Care
Social Care
Education
etc.
Firewall
Firewall
Firewall
Firewall
External Zone
Firewall
Outer Perimeter
Framework Defences
(e.g. IDS, DOS, Content Inspection, Anti-Virus, etc)
eCare Applications
(none currently)
eCare Messaging
(Web Services)
Framework Defences
MultiAgency
Store
Exposed Zone
Inner Perimeter
Matching
Data
Internal Zone
Index
Message
Logs &
Audit Data
eCare Data
eCare ‘Safe Haven’ or DMZ
23rd Novemeber 2005
eCare Technical Workshop
60
Data Sharing & Standards Division
Option 2 – Hosted Service
Local Authority
LAN
Health Board
LAN
GSX
NHSnet
eCare DMZ
23rd Novemeber 2005
eCare Technical Workshop
61
Option 2 –
Hosted Service
Local Authority
Health Board
Data Sharing & Standards Division
Local Partnership A
Local Authority
Health Board
Local Partnership B
GSx
NHSNet
Managed Service
Routers
CJG
Firewalls
Switch
23rd Novemeber 2005
eCare Technical Workshop
62
Data Sharing & Standards Division
Managed Service
–
–
–
–
–
–
–
–
–
–
–
Re-use of infrastructure and associated costs
Improved Scalability
Improved Resiliency
Disaster recovery capabilities
Potentially higher service levels (24x7 support)
Improved Security
Risk Management
Reduced learning curve
Support staff training overheads
Simplifies future national connectivity
Partners focus on local integration issues
23rd Novemeber 2005
eCare Technical Workshop
63
Data Sharing & Standards Division
Local Implementation
– Locally controlled / Managed
– Minimises dependency on other partnerships
23rd Novemeber 2005
eCare Technical Workshop
64
Data Sharing & Standards Division
Connectivity Options
• Nick Blundell – Cable & Wireless
• James MacGregor – Atos Origin
23rd Novemeber 2005
eCare Technical Workshop
65
Data Sharing & Standards Division
eCare presentation, Inverness
23-Nov-05
Collaboration across GSX
enabling shared eCare Service
C&W Personnel:
1. Using GSX for council access
Nick Blundell, Client Manager
07795 254571
[email protected]
2. Using Closed-User Groups
Paul Hulme, Solutions Consultant
07715494995
[email protected]
23rd Novemeber 2005
eCare Technical Workshop
66
Data Sharing & Standards Division
GSi
xGSI
GSI
GSX
GSE
23rd Novemeber 2005
Background
The Framework
Central Government – CONFIDENTIALHIGH
Central Government – RESTRICTEDHIGH
Local Authorities – RESTRICTED
Public Sector Supplier (& List-X) Extranet
- Up to CONFIDENTIAL
eCare Technical Workshop
67
Data Sharing & Standards Division
Existing Scottish Infrastructure
INTERNET
Existing
collaboration
ISCJIS District Courts,
SCRO, SCRA,
Crown Office
GRoS - Births,
Deaths and
Marriages
Emailing
partners Police, NHS,
DWP, HMRC
Sharing data
peer to peer Caird network
SCRO Criminal
Histories
East DC
West DC
GSX MPLS VPN
NHSnet
Local
Authority 3
Firewall
Heaith
Board 1
Dundee
Council
Health
Board 2
Orkney
Council
23rd Novemeber 2005
eCare Technical Workshop
Comhairle Nan
Eilean Sar
Barnodos
Shetland
Council
68
Data Sharing & Standards Division
eCare collaboration in Scotland
INTERNET
East DC
West DC
Health
Board 2
GSX MPLS VPN
Health
Board 1
Firewall
NHSnet
Local
Authority A
Local
Authority C
Local
Authority B
Barnodos
eCare CUG
Firewall
eCare Framework
57.65.10.21
Firewall
Other non
govt partner A
23rd Novemeber 2005
eCare Technical Workshop
Other non
govt partner
B
69
Data Sharing & Standards Division
Collaboration using the Critical National
Infrastructure
ADVANTAGES
•
•
•
•
•
•
•
•
DISADVANTAGES
Available immediately at no extra cost (except for • Singular cost comparison
new joiners or increases in bandwidth)
with point to point
leaseline
Accredited by government to carry Restricted data
(NHS Confidential)
Many to many connectivity, not just eCare
Closed user group is a community within the
secure infrastructure with its own 51.63 IP schema
All councils comply to best practise manual of
protective security
Working within centrally organised security
Purchase off GSi Framework
Allows voluntary sector to join
23rd Novemeber 2005
eCare Technical Workshop
70
Data Sharing & Standards Division
Closed-User Group working
over GSi
GSi tariff CHARGES
• Establish CUG (reserve MPLS VPN):
– Setup £10,250 (one-off) – payable by CUG owner/sponsor
• Attach each GSI/xGSI site to CUG:
– Setup £2,050 per site (one-off) – payable by connecting
department
• Terminate CUG VPN on existing GSI/xGSI router (additional LAN
interface):
– Install £971, Rental £1,025/annum – payable by connecting
department
• Connect non-GSi organisations to CUG:
– Applicable circuit charge (install/rental) – payable by CUG
owner/sponsor
23rd Novemeber 2005
eCare Technical Workshop
71
Data Sharing & Standards Division
Closed-User Group working
over GSi
Security Assurance considerations
•
•
•
•
•
CUGs are separate MPLS VPNs procured using the GSi framework
The network infrastructure used for CUGs is the same as that used for
GSI – CESG Fast-track approved to EAL2 (Restricted)
CUGs are outside the jurisdiction of NISCC – effectively a private
WAN
GSI/xGSI organisations joining CUGs must ensure continued
compliance with Code of Connection
If non-GSi organisations are being connected by the CUG sponsor it is
recommended that there are minimum security assurance standards
mandated on the outside body.
23rd Novemeber 2005
eCare Technical Workshop
72
Data Sharing & Standards Division
NHSNet / N3
•
•
•
•
•
•
•
•
Managed service to support NHSNet & N3
Provides Health Board connectivity
National policy to migrate to N3
N3 – Higher bandwidth
N3 not implemented everywhere (yet)
No closed user groups (ISSG)
SSL Encryption
Initial investment connecting to N3
23rd Novemeber 2005
eCare Technical Workshop
73
Data Sharing & Standards Division
NHSNet / N3
Health Board 1
Health Board 2
Health Board 3
Adaptor
Adaptor
Adaptor
HTTPs
HTTPS
HTTPS
NHSNet
N3
GSx
Messaging
Framework
Managed Service
23rd Novemeber 2005
eCare Technical Workshop
74
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
75
Data Sharing & Standards Division
Agenda
•
•
•
•
•
•
•
Introduction
Architecture Overview & Technical Context
Current Release Features & Demos
Next Release Features
Hosting Options
Partner Perspective
Q&A
23rd Novemeber 2005
eCare Technical Workshop
76