[Wg-uma] SCAP for hData usage scenario
Beuchelt, Gerald
gbeuchelt at mitre.org
Wed Oct 28 13:17:13 EDT 2009
I am attending the NIST Security Automation Conference this week, which is heavily focused on SCAP (see http://scap.nist.gov). In the context of the hData scenario that I presented there is a clear need for SCAP's functionality:
* The hData Patient Discovery and Authorization Service (DAS - which represents the patient-managed medical data federation) will need confirmation the EHR systems trying to connect have an acceptable security baseline (minimally HIPAA compliant, but more in some cases).
* On the other side, the EHR systems of provider will need to be assured that the hData DAS is secured in a reasonable way. This might include requirements on the authN methods used at the DAS.
Overall, I think that we will use SCAP for this purpose - effectively the SCAP validation becomes a part of the discovery process. This might be relevant in the context of other UMA use cases as well - please let me know if you are interested in talking about this.
I will send out more information once we get there.
V/r
Gerald Beuchelt
The MITRE Corporation
http://projecthdata.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20091028/65ca412d/attachment.html
More information about the Wg-uma
mailing list