Software For Identity Management in Healthcare

1
Software For Identity Management in Healthcare

• David Bauer

October 5th, 2006 Georgia Tech Identity
Management in Healthcare Seminar Series
2
Outline

• Identity and identity management
• Older software/protocols
• Commercial systems
• Free/open source systems
• Directions for research
• Conclusion

3
Background - Identity

• Identity Who someone is
• Identity A set of claims
• Identity A set of attributes

4
Proposed Laws of Identity

• User Control and Consent
• Minimal Disclosure for a Constrained Use
• Justifiable Parties
• Directed Identity
• Pluralism of Operators and Technologies
• Human Integration
• Consistent Experience Across Contexts
• (By Kim Cameron, Identity and Access Architect at
  Microsoft Corporation)

5
Law 1 User Control

• Technical identity systems must only reveal
  information identifying a user with the users
  consent. -- Kim Cameron

6
Background Identity Management

• Identifying and authenticating subjects
• Managing user accounts
• Logins and passwords
• Permissions and privileges
• Preventing fraud
• Protecting privacy

7
Ancient History

• 1987 Kerberos V4
• 1988 X.509 Certificates
• 1991 PGP
• 1994 SSL
• 1996 Secure Electronic Transaction
• 1999 Microsoft Passport

8
Kerberos

• System for authentication
• Uses a trusted 3rd party server (KDC)
• KDC gives tickets for proving identity
• Uses only symmetric cryptography
• Version 4 released in 1987
• Version 5 RFC in 1993
• Variants built into Windows, MacOS

9
X.509 Certificates

• Standard for public key infrastructure
• Trusted certificate authorities (CAs)
• Public key certificates
• Certification path validation
• Originally part of X.500 directory services
• Widely used as part of other systems

10
PGP Pretty Good Privacy

• Program and protocol for encryption and
  authentication
• Widely used with e-mail
• Web of trust for (P2P) key verification
• First released in 1991
• OpenPGP RFC published in 1998

11
Secure Electronic Transaction

• Open specification for secure credit card
  transactions
• Retailer doesnt get credit card number
• Credit card copy doesnt get order details
• Developed by Visa, MasterCard, et. al.
• Failed to gain wide acceptance

12
Microsoft Passport

• Single Sign-On for web commerce
• Sites redirect login to passport servers
• Cookies hold authentication tickets
• Can hold real name, address, and credit card
  numbers
• Failed to gain wide acceptance
• Updated and renamed Windows Live ID

13
Commercial Systems - Examples

• Sentillion Vergence
• Sun Java System Identity Manager
• Courion Identity Management Suite
• Siemens HiPath HiMed
• Novell Identity Manager
• IBM Tivoli Identity Manager
• .

14
Sentillion Vergence

• Single sign-on across applications
• Read patient records across applications
• Other management functions
• User account management
• Flexible strong authentication options
• Centralized auditing

15
Sun Java System Identity Manager

• Large suite of products some are free
• Provides
• Single sign-on (SSO)
• Automated provisioning
• Synchronization services
• Auditing and reporting
• Federated identity support
• Directory proxy services

16
Sun Supported Standards

• Liberty Alliance Identity Web Services
  Framework (ID-WSF)
• OASIS Security Assertion Markup Language (SAML)
• OASIS eXtensible Access Control Markup Language
  (XACML)
• OASIS Service Provisioning Markup Language (SPML)
• OASIS Directory Services Markup Language 2.0
  (DSML)
• Lightweight Directory Access Protocol (LDAP)
• Java Authentication and Authorization Service
  (JAAS)
• Kerberos
• Liberty ID-FF
• Simple Object Access Protocol (SOAP)
• Secure Sockets Layer (SSL)
• WS-I Basic Security Profile tokens
• XML Digital Signature
• XML Encryption

17
Courion Identity Management Suite

• User account management
• Password management
• User role-based management
• Account/database synchronization
• Auditing
• 400,000 to outfit 5,000 users

18
Feature Comparison
Modified from The identity management
challenge from InfoWorld, Oct 7, 2005
19
What is missing?

• Q. Whose identity is being managed?
• A1. The workers doctors, nurses, etc
• A2. The patients, as seen by the system
• Q. Who is doing the managing?
• A. The hospital, doctors office, or wider
  health organization

20
What is missing? (2)

• Q. Where does patient consent or control
• come in?
• A. As chosen by the authorized workers
• Q. How is the patient authenticated?
• A. Same as with paper records

21
Free/Open Source Examples

• Open-LDAP
• Shibboleth
• Grouper and Signet
• Open-ID
• Eclipse Open Healthcare Framework

22
Open LDAP

• LDAP Lightweight Directory Access Protocol
• Provides directory/database interface
• Used both independently and underneath other
  products

23
Shibboleth

• System for federated single sign-on
• Web/HTTP based
• Supports attributes
• Based on OASIS SAML standard
• Support by Internet 2 project

24
Grouper and Signet

• Grouper
• Group management software
• Standard API for use across applications
• Signet
• Identity management and authorization
• Based on Stanford Authority Manager
• Supported by Internet 2 project

25
Open-ID

• Federated single sign-on
• Web based Users ID is a URL
• Currently most popular with blogs
• Designed to be a truly distributed system

26
Eclipse Open Healthcare Framework

• Project focused on interoperability between
  applications and systems
• Still in early stages of development

27
What is missing?

• Completeness/polish
• Commercial systems showcase the number of
  applications they support
• Commercial venders can custom write additional
  modules
• Acceptance/User-base
• Many of these are already in use
• Not widely known

28
Directions for Research

• How to authenticate a patient?
• In person (office/hospital visit)
• From home (checking on medical records)
• From another location (injured on vacation)
• How to give patients some control?
• Informed consent
• Emergency situations

29
Conclusions

• Lots of products/systems are available
• In commercial systems
• Focus is primarily on organization and management
• Patient privacy is an issue as required by
  HIPAA
• Patient control/consent is not discussed