[Wg-uma] SCAP for hData usage scenario
gbeuchelt at mitre.org
Wed Oct 28 13:17:13 EDT 2009
I am attending the NIST Security Automation Conference this week, which is heavily focused on SCAP (see http://scap.nist.gov). In the context of the hData scenario that I presented there is a clear need for SCAP's functionality:
* The hData Patient Discovery and Authorization Service (DAS - which represents the patient-managed medical data federation) will need confirmation the EHR systems trying to connect have an acceptable security baseline (minimally HIPAA compliant, but more in some cases).
* On the other side, the EHR systems of provider will need to be assured that the hData DAS is secured in a reasonable way. This might include requirements on the authN methods used at the DAS.
Overall, I think that we will use SCAP for this purpose - effectively the SCAP validation becomes a part of the discovery process. This might be relevant in the context of other UMA use cases as well - please let me know if you are interested in talking about this.
I will send out more information once we get there.
The MITRE Corporation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Wg-uma