Google Site Search


Wednesday, December 23, 2009

SAML and XACML standards in US Healthcare

I was fortunate to utilize PicketLink ( in a Technology Demonstration (interoperability exercise) at HIMSS 2009, April 2009 at Chicago. The other participants were Sun Microsystems, Jericho Systems, US Department of Veterans Affairs and the US Department of Defense. I have reported on this in the past. We used PicketLink mainly for the SAML and XACML capabilities. The associated Oasis press release is OASIS and HITSP Collaborate on Interoperability Demo of Healthcare Privacy Standards at HIMSS09.

While we are on the topic, I am extremely glad to read the latest news item from the Oasis Consortium related to the use of XACML and SAML standards in the US Healthcare infrastructure. The news is OASIS Members Approve Security and Privacy Authorization Standards for Healthcare.

As co-chair of the Oasis XSPA Technical Committee that was the driver of the two profiles (one on SAML and one on XACML) that became Oasis standards recently, I was able to contribute and support these two profiles. I am pleased that Oasis XACML and Oasis SAML standards have made headway into being mandated for use in the US Federal Agencies. Hopefully, these two standards should play a pivotal role in the widespread usage of the National Health Information Network (NHIN), whose open source based initiative is CONNECT.

No comments: