Secure Web Service Service Transportation Secure Web Transportation for HL7 V3.0 Messages for HL7 V3.0 Messages Authors: Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Presented By: Muhammad Afzal 08 May, 2009 NUST School of Electrical Engineering and Computer Science, Pakistan
Outlines 2 � Background � Limitations of SSL � � HL7 V3.0 Web Service Profile � Proposed Architecture � Conclusion � References
Background 3 � Healthcare is a many-to-many business � Web service is a significant way for healthcare to exchange information in an interoperable way way � People are reluctant to use it due to lack of security � Key challenge is to provide a robust end-to- end security model without compromising the interoperability of systems
Limitations of SSL 4 � SSL provides point-to-point security but there is need of end-to-end security solution � SSL operates at the transport level and not at the message level � SSL does not support element-wise signing and encryption � SSL does not support non-repudiation
HL7 V3.0 Web Service Profile 5 � Provide implementation guidelines to promote interoperability between implementers using standard that fall under the general definition of web services � Standardization of information among Healthcare � Standardization of information among Healthcare applications without caring about the heterogeneity of platform, network protocol and transport protocol � Promote interoperability as recommendations from organizations like WS-I, W3C, OASIS are taken into account � Help to utilize the resources efficiently
HL7 V3.0 Web Service Profile(Contd..) 6 � Basic Profile � Give idea about basic message exchange specification � Does not focus on advanced services such as � Does not focus on advanced services such as “Security” � Addressing Profile � Focuses on Message addressing properties and end-point references � There is need to adopt appropriate security measures
HL7 V3.0 Web Service Profile(Contd..) 7 � Security Profile � General-purpose mechanism for associating security tokens with message content � Methods for signing and encrypting the messages � Methods for signing and encrypting the messages � How to establish a security context � How to implement authentication mechanism for multiple message exchanges � How to exchange shared secrets or keys � How to establish or determine Trust
Web Service Security Framework 8 ��������� ��������������� ��� �������� ������������������ Kerberos SAML WS-Security Username X.509 XML Encryption XML Signature ��������������
Proposed Architecture 9 � This component helps to find � This component takes the derived "Who is the caller?" and "How token from the Token does she/he prove her/his � This component is Management component, attach identity?" by using security tokens the derived token with the SOAP responsible for requesting, responsible for requesting, attached to each message attached to each message message and sign the whole message and sign the whole issuing, renewing, and � Its working based on Security � This component is message. On receiving, this validating security tokens in Tokens responsible to provide component verifies the signatures � Username Token order to broker trust confidentiality and privacy of for ensuring the integrity of � Binary security tokens (X.509 relationships the messages messages certificates, Kerberos tickets) � Its working is based on � Its working is based on � Its working based on � XML-based security tokens � XML Encryption � WS-Trust � XML Signature (SAML, REL) � WSSecureConversation � WS-Policy
HL7 V3.0 Message Signature Generation 10 ��������� ��������������������������������������������������������� ������������������� !"���#$� �� ����%�� ��������������������������������������������� �� �������&�'��(�)��� ���� �� ����� ����*���*+,�"����-.�)���!/���� ����%�) ,����$�����%�-�����.���� ���%0�)�'-�1&��-2�)������%0�)�'-�� ���%*�&���1&�����%*�&���� ���%*�&���1����%*�&���� �����%�)��������������������� ����������� HL7 V3.0 Message �3�)'4�� ���������������������������� ���������������������������� �.�������!���& �,,�� ���%<�*���,������%<�*��9��� ���������������� ���%=�����5�'�>�����:��"�� +'*����")��"���%��222�2����*����������)' ��5 5���6��� ���%<�*���,��:��"�� ���� +'*����")��"���%��222�2����*����������)'���*6����"���� ���%8�0����5� 789��6:�*;��-�� ���%#�*���:��"�� +'*����")��"���%��222�2����*����������)'���*6�"����� ��������������� ����#�����$��!��%&%�'(�)*(+,,,�-���#�����$��!�� ����%8�0����5�������%<�*���9�0�� �������������������������� �������� ��"���%��222�2����*����������)' ��5 5���6��� ����������!��$��!���//01�203�4)�/$56,� ���������������� �;(�������<�& ����������!�������� �-���������!��$��!�� ����&����� ���%?�-9�0����2���%<�5,���-(�@��8�0����5������ �������� ��"���%��222�2����*����������)'���*6��� �"����� ���� ����"�������� ����%?�-9�0��� ����%<�*���,��� �-.�������!���&��- ��<��/������ 789��6:�*;��-�� ��������������� ����#����������� �����7��& 2�,%9���:�*;��-�� ������ �������� ��"���%��222�2����*����������)'���*6�"����� �8�����8�A,���� �89�$:�������� ��8�����8�A,���� ����#�����$��!��%&%�'(�)*(+,,,�-���#�����$��!�� �-���"��������� �-����7��&� �-������������� �-�������������� Signed Information SOAP containing HL7 V3.0 Message with Signature
Recommend
More recommend
