Download 080407 CA - RSA - Providing and securing web services

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts
no text concepts found
Transcript 
Identity Federation and
Web Services:
Happening Today – Enabling Tomorrow
© 2008 MEDecision, Inc.
Partner Integration Solutions
© 2008 MEDecision, Inc.
MEDecision offers
collaborative health care management solutions
Alineo™
Nexalign™
A collaborative health care
management platform for utilization,
case and disease management
A collaborative health care
information exchange service
Reporting
Correspondence
Automated Approvals
Clinical Criteria
Clinical Programs
Clinical Intelligence
Clinical Summaries
Care Management Analytics
iEXCHANGE®
Clinical Summaries
Improve the relationship among patients, payers and providers
© 2008 MEDecision, Inc.
Delivering Solutions with our
Partners
– Typical web solution allows provider users direct
access to payer data
– To drive further adoption we needed to work with
our partners
– Our partner portals need information from the health
plans
© 2008 MEDecision, Inc.
Partnering with portals
• We currently partner with key portal vendors to make information
available to members and providers. This will expand into dozens
of vendors over the next few years.
© 2008 MEDecision, Inc.
Web Services available
CaseCommit
Service
CaseRetrieval
Service
CaseLock
Service
AddAutoScheduled
Outcomes Service
PatientLock
Service
PatientCommit
Service
Care
Management
Platform
Nexalign
iEXCHANGE
GuidelineData
Service
PatientRetrieval
Service
GetProductAnd
ActionService
UserInformation
Service
MemberSearch
Service
PCSService
File Questionnaire
Web Service
SOA framework
Services
Web Services
© 2008 MEDecision, Inc.
GetUserInfo Web
Service
GetPCS Web
Service
Member Search
Web Service
Use of Standardized XML formats for
payload
• Pros
– Aids in adoption
– Lots of input and review from others
– Easier to convince your clients to use them
• Cons
– Can be more complex than a proprietary solution (I.e. HL7
CDA)
– Need to deal with regular updates
– Can be more expensive at the start
© 2008 MEDecision, Inc.
Leveraging a good SOA design
– Use of SOA allows us to create reusable components
that:
•
•
•
•
•
© 2008 MEDecision, Inc.
Contain well-defined business functionality
Is implementation-independent
Is loosely coupled
Benefits from ORM tools like Hibernate
Can be exposed as web services
Leveraging a SOA environment
© 2008 MEDecision, Inc.
Dealing with Privacy of Data
– HIPAA – Health Insurance Portability and
Accountability Act
– Restrict access to the information:
• Partner A can only access Web Service 2 for Health Plan B
– Log all access information:
• Who
• When
• What
© 2008 MEDecision, Inc.
Benefits of access based on partner
entitlement
– Certificates on a Web server were a good start but…
• It does not easily allow for role-base access
– With CA SOA Security Manager we’re able to:
•
•
•
•
Secure Web services using partner certificates
Identify partners based on the digital signature
Apply additional role-based access rules
Encrypt/Decrypt the message
– Chose to use WS-Security because of the partners we’re
dealing with
– Change to other authentication schemes (like SAML) is a
change in configuration
© 2008 MEDecision, Inc.
Access to web services
Call Web Svc
For Plan A
© 2008 MEDecision, Inc.
CA SOA Security
Manager
Partner PHM can only get to Web Service 2 for Plan B
Access
Granted
Get data
In Conclusion
© 2008 MEDecision, Inc.
Recommendations
– Build your web services on top of a good
SOA design
– Leverage industry standards for web
service formats as much as possible
– Providing access management as a
centralized service eases deployment
(coding -> configuration)
© 2008 MEDecision, Inc.
Questions?
© 2008 MEDecision, Inc.
Related documents
Service Oriented Architecture (SOA)
Service Oriented Architecture (SOA)
Integrated Geophysical Modeling of Lithospheric Structure Across
Integrated Geophysical Modeling of Lithospheric Structure Across
SPEAKING "DATA" PROPERLY
SPEAKING "DATA" PROPERLY
REST Introduction
REST Introduction
Need of SOA database for storing SOA
Need of SOA database for storing SOA
Cheap N Fast Web Service
Cheap N Fast Web Service
SOA
SOA
Slide 1
Slide 1
Service
Service
Building_the_SOA_Cit..
Building_the_SOA_Cit..
1MIT1 COMPUTER GRAPHICS AND IMAGE PROCESSING Review of Graphics Fundamentals
1MIT1 COMPUTER GRAPHICS AND IMAGE PROCESSING Review of Graphics Fundamentals
Applying SOA Principles for Business Integration
Applying SOA Principles for Business Integration
JavaZone - Why I hate SOA
JavaZone - Why I hate SOA
Demystifying SOA and EDA
Demystifying SOA and EDA
Steady State Simulation of Semiconductor Optical Amplifier
Steady State Simulation of Semiconductor Optical Amplifier
energy efficient all-optical soa switch for the “green internet”
energy efficient all-optical soa switch for the “green internet”
2.12 Connect Sonde Data Collection Platform (DCP)
2.12 Connect Sonde Data Collection Platform (DCP)
Actuarial Science Quick Overview
Actuarial Science Quick Overview
M.Sc.IT Sem. 9,10 (june2012)
M.Sc.IT Sem. 9,10 (june2012)
Semiconductor Optical Amplifiers (SOAs)
Semiconductor Optical Amplifiers (SOAs)
Studi Kasus: Return Handling - Perancangan Sistem Berorientasi
Studi Kasus: Return Handling - Perancangan Sistem Berorientasi
Document
Document