The Future of Secure Reliable Message SRM Transport
The Future of Secure, Reliable Message (SRM) Transport for Exchanging Health Information 2008 PHIN Conference, Session H-7 August 28, 2008 8: 30 am – 10: 00 am Gautam Kesarinath – PHINMS Project Sponsor Asst. Director of Technology, DISS/NCPHI Tom Brinks, PMP - PHINMS Project Manager SAIC Consultant to CDC 1
Agenda q Current SRM Impact q Current SRM Limitations q Long Term SRM Vision q Possible New Technologies to Achieve Vision q Next Steps q Questions and Answers / User Feedback 2
Current SRM - PHINMS q Secure, reliable transport of any message(s) q Common platform for sending PH data q CDC Applications using PHINMS include: Bio. Sense, Cancer Registry, ELR, Foodnet, LRN, NEDSS, NEPHTN, NHSN, PHLIP/APHL, PHLIS q Some states using PHINMS internally: NYS, NYC, MN, OK, CA, SC, WI, FL, IN, AL q 5 -year old product deemed “mission critical” by CDC q Over 700 PHINMS nodes used in U. S. 3
PHINMS CDC Usage (data coming to CDC) 4
PHINMS – Message Flow LDAP State CDC Public Key (Encrypt) CDC Private Key (Decrypt) HL 7 Internet DB Q PHINMS Sender Firewall HL 7 Proxy Server PHINMS Receiver DMZ DB Q Firewall 5
Current SRM Impact - PHINMS q 5 years product use and Application Integration Consulting to PH organizations for SRM via Internet q New applications built faster, cheaper due to reuse q Automated delivery of critical data replacing manual methods allows new ways of analyzing (Cancer Registry) q PHINMS users (over 700 nodes) include: – – – – 25 CDC programs 40 state health departments 32 health systems 11 city and county health departments 16 laboratories 19 universities VA and FDA reviewing PHINMS for internal use 6
Agenda q Current SRM Impact q Current SRM Limitations q Long Term SRM Vision q Possible New Technologies to Achieve Vision q Next Steps q Questions and Answers / User Feedback 7
Current SRM Limitations - PHINMS q Client certificate authentication does not scale ($$) q Route-not-Read hub can only scale to ~ 150 nodes q Difficulties interfacing with non-eb. XML networks q Not easily extended through gateways q Focused on pt-pt connections q Not focused on distributed many-many, “plug and play”, & self-discovery of new nodes 8
Agenda q Current SRM Impact q Current SRM Limitations q Long Term SRM Vision q Possible New Technologies to Achieve Vision q Next Steps q Questions and Answers / User Feedback 9
Long Term Vision Secure, Reliable Messaging (SRM) q Government sponsored, collaborative, public domain “COTS-like” product enabling healthcare organizations in the nation and world to electronically transport critical, sensitive information to/from one another 10
Business Needs q Use Cases – Self-discovery for fast response during emergencies • Ad-hoc querying and secure retrieval for local processing • “Plug-n-Play” and replay capabilities – National, state, regional reporting mandates • HIEs, NHIN, agencies to agencies – Open Community for collaboration and growth – Scalable point-point secure, reliable data exchanges (current) q Architectural Goals – – – Scalable, secure (trust) relationships Reduced costs of maintenance (e. g. certificates) Interoperable among different health networks Fast creation of new tools Grid enabled, open source, SOA, web services Standards based 11
Agenda q Current SRM Impact q Current SRM Limitations q Long Term SRM Vision q Possible New Technologies to Achieve Vision q Next Steps q Questions and Answers / User Feedback 12
Grid Security Infrastructure – Different security requirements for different VOs define different types of grids ? ? ? 13
1. Public Health GRID Challenges (Trust) Hospitals Trust Mismatch X X Trust Mismatch No Cross Domain Trust PHIN X Trust Mismatch States 14
1. Public Health GRID Solutions (Trust) Hospitals Easy to add a new domain VO – Virtual Organization GRID VO PHIN Federated OSA, etc. Proxy Certificates States 15
2. Public Health GRID Challenges (Reliability) Client node End Point Secure & Reliable Data Firewall Grid User Firewall Fed Strong Auth GRID services End-to-end payload encryption • Grid Data End Point How to guarantee once and only once delivery in a “many-to-many” health information exchange across different types of networks? 16
2. Public Health GRID Solutions (Reliability) q Grid communities (Open Grid Forum/Global Grid Forum) have proposed the following solutions: – WS-Security Grid implementation guarantees end-to-end payload encryption in OASIS and GRID standard – WS-Reliable Messaging Grid implements the full sets of Grid reliability as described in the previous slide – Build Grid toolkit extensions that is interoperable with other WS-Security and WS-Reliable Messaging implementations such as WSIT (Web Services Interoperability Technology) – Reliable Grid. FTP has security and reliability features 17
3. Public Health GRID (Scalability) Challenges Possible Solutions Client certificate maintenance Federated Identify Provider Differing authentication schemes Universal Open Strong Authentication (OSA) Large data transfer sizes (Gb. Tb) Message Transmission Optimization Mechanism (MTOM) 18
4. Public Health GRID (Cost) Challenges Possible Solutions Client Certificate cost Proxy Cert + OSA Certificate maintenance cost Proxy Cert + OSA Software or toolkits maintenance Plug-and-play user centric cost extension to current toolkits 19
5. Public Health GRID (Interoperability) q Challenge: Public Health Grid needs to interoperable with: – States, local governments and hospitals – Other grids – Global grids (EU, Asia grids etc. ) q Solutions: – Build cross-network capabilities using toolkits (e. g. Globus) – NHIN-Connect gateway toolkit – WS-I+Grid: web services interoperability plus Grid extensions 20
5. Public Health GRID (Interoperability) Open Grid Service Architecture GRID GT 1 GT 2 OGSI RFT Current time WS-I + frame WSRF WSDL 2 WSDM Web http 1996 WSDL WS-* 1991 1993 1995 1997 1998 1999 2001 2002 2003 2005 2007 ? ? www Mosaic Netscape Globus The Grid Global OGSA Merging closer to Java Consor- Toolkit Grid Forum Grid & WS-* tium Book Forum DAI US PHGRID ? ? Global PHGRID 21
Benefits of Leveraging Globus Tools q Building SRM solution on extensions to existing toolkits: – – Reduced cost to develop and maintain Open source and SOA allows for multi-partner functional growth Scalable, use of SAML for authentication Faster to deliver new functionality vs. extending PHINMS q SRM Globus extensions could support: – – NHIN Connect Gateway Daily transactional pt-pt exchange of sensitive health data Self discovery in a grid mode for querying Health system to health system message transport services 22
Agenda q Current SRM Impact q Current SRM Limitations q Long Term SRM Vision q Possible New Technologies to Achieve Vision q Next Steps q Questions and Answers / User Feedback 23
NCPHI Proof of Concepts q R&D testing in CDC/NCPHI lab to determine: – – Best of bread extensions to Globus for SRM Interoperability approaches w/non-PHIN networks using Globus How to scale authentication in a SRM many-many network Ways to transition existing PHINMS sites to new “common platform” q Develop an “Architectural Blueprint” in 2009 – Receive partner feedback and incorporate – Develop transition plans for PHINMS 2. x customers – Develop project charter for building “production grade” open source approach for the next generation for Secure, Reliable Messaging product(s) for public and clinical health 24
Potential SRM Roadmap PHINMS Development PHINMS Maintenance Co-existence and/or Transition Services New SRM Toolkit Services 25
SRM Roadmap - Summary q Public and clinical health need a common platform to exchange health information in a securely, reliably, scalable, low cost manner q PHINMS has worked well for over 5 years with over 700+ nodes for pt-pt secure, reliable message transport q New approaches are needed to achieve transports that are scalable, interoperable, “plug-play”, and low cost q SRM Globus extensions offer a potential way to achieve the next generation of transport technologies faster and cheaper q Existing PHINMS “global community of practice” expertise in SRM can be leveraged to create a new “common platform” extending open source, web services, SOA, toolkit frameworks for health information exchanges 26
- Slides: 26