OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  Federal Register announcement of SAML standard in HC

    Posted 01-26-2009 16:08



  • 2.  Re: US gov't announcement of OASIS security standards milestone

    Posted 01-26-2009 18:36 
    Staggs, David (SAIC) wrote:
> Colleagues
> Attached is a notice published in the Federal Register announcing the 
> U.S. Secretary of Health and Human Services’ acceptance of Healthcare 
> Information Technology Standards Panel (HITSP) Interoperability 
> Specifications (IS).  
> As described at the end of the notice, acceptance triggers legal 
> obligations to use the standards cited by HITSP within certain U.S. 
> Federal agencies and between those agencies and non-agencies. 
   * * *

The notice is published at 74 Federal Register 3599 (21 Jan 09).

Note that SAML, WS-Federation, WS-Trust and XACML all made it into 
this list which, *after* the HISTP tier 2 review process, is likely 
to lead to them being mandated, possibly with some optionality. 
It's not a small thing when a large federal government plans to 
mandate the use of your work in a huge regulated industry.

Even though this is preliminary, still, our warm congratulations, 
both to the TCs and our contributors, and also to the team of TC 
leaders and OASIS staff who have worked for over 3 years now to 
smooth the path  ...  explaining OASIS, open standards issues and 
the use of consortium standards to the HITSP vertical community.

We encourage anyone who wants to follow up on, or talk about, this 
to contact David or his colleagues, who can help better describe in 
detail the levels of approval and next steps in the USA HITSP process.

We put a lot of work into being an interoperable, transparent, 
understandable consortium platform ... so that users and regulators 
can reach these outcomes and repose confident in our members' work. 
   This is why.

Regards Jamie

~ James Bryce Clark
~ Director of Standards Development, OASIS
~ http://www.oasis-open.org/who/staff.php#clark


  • 3.  Re: US gov't announcement of OASIS security standards milestone

    Posted 01-26-2009 18:36 
    Staggs, David (SAIC) wrote:
> Colleagues
> Attached is a notice published in the Federal Register announcing the 
> U.S. Secretary of Health and Human Services’ acceptance of Healthcare 
> Information Technology Standards Panel (HITSP) Interoperability 
> Specifications (IS).  
> As described at the end of the notice, acceptance triggers legal 
> obligations to use the standards cited by HITSP within certain U.S. 
> Federal agencies and between those agencies and non-agencies. 
   * * *

The notice is published at 74 Federal Register 3599 (21 Jan 09).

Note that SAML, WS-Federation, WS-Trust and XACML all made it into 
this list which, *after* the HISTP tier 2 review process, is likely 
to lead to them being mandated, possibly with some optionality. 
It's not a small thing when a large federal government plans to 
mandate the use of your work in a huge regulated industry.

Even though this is preliminary, still, our warm congratulations, 
both to the TCs and our contributors, and also to the team of TC 
leaders and OASIS staff who have worked for over 3 years now to 
smooth the path  ...  explaining OASIS, open standards issues and 
the use of consortium standards to the HITSP vertical community.

We encourage anyone who wants to follow up on, or talk about, this 
to contact David or his colleagues, who can help better describe in 
detail the levels of approval and next steps in the USA HITSP process.

We put a lot of work into being an interoperable, transparent, 
understandable consortium platform ... so that users and regulators 
can reach these outcomes and repose confident in our members' work. 
   This is why.

Regards Jamie

~ James Bryce Clark
~ Director of Standards Development, OASIS
~ http://www.oasis-open.org/who/staff.php#clark


  • 4.  Re: US gov't announcement of OASIS security standards milestone

    Posted 01-26-2009 18:36 
    Staggs, David (SAIC) wrote:
> Colleagues
> Attached is a notice published in the Federal Register announcing the 
> U.S. Secretary of Health and Human Services’ acceptance of Healthcare 
> Information Technology Standards Panel (HITSP) Interoperability 
> Specifications (IS).  
> As described at the end of the notice, acceptance triggers legal 
> obligations to use the standards cited by HITSP within certain U.S. 
> Federal agencies and between those agencies and non-agencies. 
   * * *

The notice is published at 74 Federal Register 3599 (21 Jan 09).

Note that SAML, WS-Federation, WS-Trust and XACML all made it into 
this list which, *after* the HISTP tier 2 review process, is likely 
to lead to them being mandated, possibly with some optionality. 
It's not a small thing when a large federal government plans to 
mandate the use of your work in a huge regulated industry.

Even though this is preliminary, still, our warm congratulations, 
both to the TCs and our contributors, and also to the team of TC 
leaders and OASIS staff who have worked for over 3 years now to 
smooth the path  ...  explaining OASIS, open standards issues and 
the use of consortium standards to the HITSP vertical community.

We encourage anyone who wants to follow up on, or talk about, this 
to contact David or his colleagues, who can help better describe in 
detail the levels of approval and next steps in the USA HITSP process.

We put a lot of work into being an interoperable, transparent, 
understandable consortium platform ... so that users and regulators 
can reach these outcomes and repose confident in our members' work. 
   This is why.

Regards Jamie

~ James Bryce Clark
~ Director of Standards Development, OASIS
~ http://www.oasis-open.org/who/staff.php#clark


  • 5.  Re: US gov't announcement of OASIS security standards milestone

    Posted 01-26-2009 18:36 
    Staggs, David (SAIC) wrote:
> Colleagues
> Attached is a notice published in the Federal Register announcing the 
> U.S. Secretary of Health and Human Services’ acceptance of Healthcare 
> Information Technology Standards Panel (HITSP) Interoperability 
> Specifications (IS).  
> As described at the end of the notice, acceptance triggers legal 
> obligations to use the standards cited by HITSP within certain U.S. 
> Federal agencies and between those agencies and non-agencies. 
   * * *

The notice is published at 74 Federal Register 3599 (21 Jan 09).

Note that SAML, WS-Federation, WS-Trust and XACML all made it into 
this list which, *after* the HISTP tier 2 review process, is likely 
to lead to them being mandated, possibly with some optionality. 
It's not a small thing when a large federal government plans to 
mandate the use of your work in a huge regulated industry.

Even though this is preliminary, still, our warm congratulations, 
both to the TCs and our contributors, and also to the team of TC 
leaders and OASIS staff who have worked for over 3 years now to 
smooth the path  ...  explaining OASIS, open standards issues and 
the use of consortium standards to the HITSP vertical community.

We encourage anyone who wants to follow up on, or talk about, this 
to contact David or his colleagues, who can help better describe in 
detail the levels of approval and next steps in the USA HITSP process.

We put a lot of work into being an interoperable, transparent, 
understandable consortium platform ... so that users and regulators 
can reach these outcomes and repose confident in our members' work. 
   This is why.

Regards Jamie

~ James Bryce Clark
~ Director of Standards Development, OASIS
~ http://www.oasis-open.org/who/staff.php#clark


  • 6.  Re: Federal Register announcement of .. (OASIS standards for healthcare) [internal]

    Posted 01-26-2009 18:42 
    Colleagues: this is the cumulation of several years of work from our 
members, with significant effective staff involvement from several 
of us as well, resulting in a proposed legal mandate from the US 
gov't for an entire healthcare sector to use some of our standards.

When it's done -- note that it's in process, not yet done -- it will 
be up there with the NHS standardization of EHRs on ebXML MSG. 
Bigger, actually.

Our SAML, XACML, WS-Trust and WS=Federation are mentioned by name, 
basically as candidates for legal mandates.  FYI they also cut some, 
including some of ours, like ebXML Registry.  But it's still a win, 
and this really is health IT people, not software vendors, making 
the choices.  (And privately, the final choices reflect a 
catholicity across competing vendors too -- WS-T and WS-F are 
beloved of the Microsoft/WS-I crowd, with which SAML/XACML compete, 
functionally.)

I sent brief congrats messages to the TCs.

We should think about how to weave this into our message.  While we 
should get our members (SAML people etc) out front on this, also, 
bear in mind that there was no way they'd have swung this, without 
the early substantial handholding time put in, to get HITSP 
stakeholders oriented and comfortable with our world and stuff, 
several years ago.  This is reaping seeds planted by our TCs, but 
the rocks were taken out and the field tilled, by time that Patrick, 
myself, Brett T. and others invested years ago.  Mary and others 
also helped fly the flag at a couple of their meetings.

I will defer to Carol Geyer and David Staggs whether now, or the 
later Tier 2 approval, should be the occasion for making loud 
noises.   When we do, our message also should anticipate the 
expected expansion of this list to include more OASIS work including 
XSPA, which VA and the HITSP people explicitly commissioned from us 
to fill more of their gaps.

Regards  Jamie

Staggs, David (SAIC) wrote:
> Colleagues
> 
> Attached is a notice published in the Federal Register announcing the 
> U.S. Secretary of Health and Human Services’ acceptance of Healthcare 
> Information Technology Standards Panel (HITSP) Interoperability 
> Specifications (IS).  
> 
> As described at the end of the notice, acceptance triggers legal 
> obligations to use the standards cited by HITSP within certain U.S. 
> Federal agencies and between those agencies and non-agencies. 
> 
> IS listed in the Notice require the use of HITSP/TP20 /Access
> Control Transaction Package/.  TP20 Table 2.3.2-1 cites standards
> required to implement TP20 and includes SAML Core v2.0 OASIS
> Standard; ITU-T X.1141.
> 
> _Once the XSPA profile of SAML becomes an OASIS standard, future
> Federal Registry notices are expected to trigger legal
> obligations to use it._ Thank you for your help in developing a
> profile that will standardize access control in the areas listed
> in the Notice:
> 
> IS01—Electronic Health Records Laboratory Results Reporting
> IS02—Biosurveillance
> IS03—Consumer Empowerment and Access to Clinical Information via Networks
> IS04—Emergency Responder Electronic Health Record
> IS05—Consumer Empowerment and Access to Clinical Information via Media
> IS06—Quality
> 
> I have continued to reach out to others for technical review of
> the committee’s XSPA profile of SAML, since once accepted as a
> standard certain Federal agencies will have an obligation to
> follow it.  HITSP is very supportive of this effort and has voted
> to formally comment on OASIS XSPA profiles during the public
> comment period.
> 
> The XSPA profile of SAML will be featured in the OASIS-HITSP 
> Demonstration of TP20 at the HIMSS Showcase in early April.  I
> encourage you to publicize the event; this is a key activity in
> demonstrating to healthcare vendors and providers OASIS standards
> that meet the security and privacy needs of the industry.  There
> is still time to participate as we still have room in the
> featured “future directions” booth in the interoperability
> showcase for more participants.
> 
> Regards,
> David Staggs
> David Staggs, JD, CISSP (SAIC)
> Veterans Health Administration
> Chief Health Informatics Office
> Emerging Health Technologies
> Office: 858 433 1473