Versions Compared

Old Version 1

changes.mady.by.user Unknown User (nikolas.reineke)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (nikolas.reineke)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Announcements

  • Thank you for your participation!! As of January 9th, 2013, the esMD AoR Digital Signatures / Delegation of Rights White Paper has been finalized. The document below as well as the text embedded within the Digital Signatures / Delegation of Rights White Paper Wiki reflect updates that were proposed and agreed upon during the formal Consensus Process. Please contact the Workgroup Lead or Support Lead if you have any remaining questions or concerns.

Works Approved Through Consensus

DateArtifact NameArtifact Links
1/9/2013esMD AoR L1 SWG Report - Digital Signatures and Delegation of Rights

 

Works in Progress

Digital Signatures

Artifact NameDescription/PurposeStatusCurrent Status/
Last Updated		ReviewersTarget Date for Completion
      

 

Delegation of Rights

Artifact NameDescription/PurposeStatusCurrent Status/
Last Updated		ReviewersTarget Date for Completion
      

Meeting Materials

Meeting DateMeeting MaterialsPresentation MaterialsMinutesView Meeting Recordings
December 5, 2012White Paper review postponed until Friday, 12/7/12, 2pm EST
November 28, 2012White Paper review postponed
November 21, 2012MEETING CANCELLED
November 14, 2012MEETING CANCELLED
November 7, 2012MEETING CANCELLED
October 31, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 24, 2012Meeting MaterialsPresentation unavailableMeeting Minutes (.docx)View on Vimeo
October 17, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 10, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 3, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
September 26, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
September 19, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo

Reference Documents

Digital Signatures

 

Standards

Document LinkDescriptionVersion/Date
NIST SP 800-63-1 (PDF)NIST Electronic Authentication GuidelineDec 2011
ITI TF-1 (PDF)IHE IT Infrastructure Technical Framework: Volume 1: Integration ProfilesRevision 9.0
Aug 31, 2012
ITI TF-2a (PDF)IHE IT Infrastructure Technical Framework: Volume 2a: Transactions Part A - Sections 3.1 - 3.28Revision 9.0
Aug 31, 2012
ITI TF-2b (PDF)IHE IT Infrastructure Technical Framework: Volume 2b: Transactions Part B - Sections 3.29 - 3.51Revision 9.0
Aug 31, 2012
ITI TF-3 (PDF)IHT IT Infrastructure Technical Framework: Volume 3: Cross-Transaction Specifications and Content SpecificationsRevision 9.0
Aug 31, 2012
OASIS DSS Core SpecDigital Signature Service Core Protocols, Elements, and Bindings.
See also: All DSS Standards		Version 1.0
Apr 11, 2007
XMLdigsigXML Signature Syntax and Processing, W3C RecommendationsSecond Edition
Jun 10, 2008
FIPS PUB 186-3 (PDF)Digital Signature StandardJun 2009
IETF RFC 3820Internet X.509 PKI Certificate ProfileJun 2004
IETF RFC 3850Internet X.509 PKI Proxy Certificate ProfileJul 2004
IETF RFC 3851Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message SpecificationsJul 2004
IETF RFC 4998Evidence Record SyntaxAug 2007
IETF RFC 5276Using the Server-Based Certificate Validation Protocol to Convey Long-Term Evidence RecordsAug 2008
IETF RFC 5280Internet X.509 PKI Certificate and Certificate Revocation List ProfileMay 2008
IETF RFC 5698Data Structure for the Security Suitability of Cryptographic AlgorithmsNov 2009
IETF RFC 6277Online Certificate Status Protocol Algorithm AgilityJun 2011
IETF RFC 6283XML Evidence Record SyntaxJul 2011
FBCA X.509 Certificate Policy (PDF)X.509 Certificate Policy for the Federal Bridge Certification AuthorityVersion 2.25
Dec 9, 2011

 

Industry Implementations

Document LinkDescriptionVersion/Date
21 CFR Part 1305Orders for Schedule I and II Controlled Substances (DEA)Apr 1, 2012
21 CFR Part 1311Requirements for Electronic Orders and Prescriptions (DEA)Apr 1, 2012
DEA CSOS Certificate Policy (PDF)DEA Controlled Substance Ordering System (CSOS) Certificate PolicyVersion 4.0
Jan 6, 2010
DEA CSOS PKI Certificate & CRL Profile (PDF)DEA Diversion Control, Controlled Substance Ordering System
(CSOS) PKI Certificate and Certificate Revocation List Profile		Version 2.2
Jan 26, 2009
CertiPath X.509 Certificate Policy (PDF)CertiPath X.509 Certificate PolicyVersion 3.18
Apr 16, 2012

White Papers/Industry Reports

Document LinkDescriptionVersion/Date
OECD Digital Identity Management (PDF)Digital Identity Management - Enabling Innovation and Trust in the Internet Economy.
This paper is summarized here and includes the following reports:
Winter 2011
EU eSignatures ReportReport on the operation of Directive 1999/93/EC on a Community framework for electronic signaturesMar 15, 2006
EU eSignatures Action PlanAction Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single MarketNov 28, 2008

 

Federal Requirements

Document LinkDescriptionVersion/Date
RMH Vol. III Standard 3.1 AuthenticationCMS Risk Management Handbook Volume III, Standard 3.1: CMS Authentication StandardsVersion 1.2
Jul 31, 2012

 

Delegation of Rights

 

Standards

Document LinkDescriptionVersion/Date
OASIS SAML Assertions (PDF)Assertions and Protocols for the OASIS Security Assertion Markup Language
See also: All SAML v2.0 files		Version 2.0
Mar 15, 2005
FBCA X.509 Certificate Policy (PDF)X.509 Certificate Policy for the Federal Bridge Certification AuthorityVersion 2.25
Dec 9, 2011
IETF RFC 3850Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Certificate HandlingJul 2004
IETF RFC 3851Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message SpecificationsJul 2004
IETF RFC 5280Internet X.509 PKI Certificate and Certificate Revocation List ProfileMay 2008
Federal Register, Vol. 76, No. 8742
CFR Part 482 and 485 (PDF)		Medicare and Medicaid Programs: Changes Affecting Hospital and Critical Access
Hospital Conditions of Participation: Telemedicine Credentialing and Privileging		 
The Joint Commission Hospital Record of CareTJC standards are proprietary.Jul 2009
IGTF OID Proxy Delegation Tracing (PDF)International Grid Trust Federation OID Proxy Delegation TracingFeb 28, 2008

 

Industry Implementations

Document LinkDescriptionVersion/Date
HHS - Sample Business Associate Contract ProvisionsHIPAA Business Associate Agreement (BAA) exampleAug 14, 2002
HHS - OCR HIPAA Privacy - Business Associates (PDF)HIPAA Business Associate Agreement (BAA) briefApr 3, 2003
NIST SP 500-290 (PDF)NIST Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information
Re: Automated Fingerprint Identification System (AFIS)		Nov 2011
Best Practices for HISPsThe Direct Project - Best Practices for HISPs 
42 CFR Part 493Laboratory Requirements
See also: Current CLIA Regulations		Jan 24, 2004

 

White Papers/Industry Reports

Document LinkDescriptionVersion/Date
   

 

Federal Requirements

Document LinkDescriptionVersion/Date
RMH Vol. III Standard 3.1 Authentication CMS Risk Management Handbook Volume III, Standard 3.1: CMS Authentication StandardsVersion 1.2
Jul 31, 2012


See all Author of Record SWG reference materials on the esMD Reference Materials page.

Workgroup Details

 

Objective:

Define process, artifacts and standards for transaction and document bundle digital signatures for esMD. Define credentials, artifacts and process for Delegation of Rights for esMD.

Makeup:

 

Requirements:


Digital Signatures:

  • Must provide for non-repudiation as part of the credentials and artifacts
  • Must ensure data integrity


Delegation of Rights:

  • Must provide for non-repudiation (NIST definition) as part of the credentials and artifacts
  • Revocable

 

In Scope:


Digital Signatures:

  • Use Case 1 and 2 transactions
  • AoR L1 (Signature binding to aggregated document bundle)
  • Signature workflow
  • Signature artifacts
  • Identification of relevant standards


Delegation of Rights:

  • Use Case 1 and AoR L1 Delegation of Rights requirements
  • Delegation/Proxy workflow
  • Delegation/Proxy artifacts
  • Identification of relevant standards

 

Out of Scope:


Digital Signatures & Delegation of Rights:

  • AoR L2
  • AoR L3

 

Deliverable: Summary White Paper


Digital Signatures:

  • Assumptions
  • Statement of Problem
  • Recommended Solution(s)
    • Review of Standards (e.g., OASIS, IHE, HL7, ...)
    • Transaction signature process
    • Transaction artifacts to meet Use Case 1 and 2 requirements
    • Document Bundle signature process
    • Artifacts to meet AoR L1 requirements
  • Data Integrity requirements
  • Non-repudiation assurance
  • Identify gaps in current policy impacting Digital Signatures
  • References


Delegation of Rights:

  • Assumptions
  • Statement of Problem
  • Recommended Solution(s)
    • Review of Standards (e.g., OASIS, IHE, HL7, ...)
    • Proxy/Delegation Credential/Artifact(s)
    • Operational consideration for Proxy/Delegation Creation
    • Scope/Content of Proxy/Delegation
    • Revocation of Proxy
    • Credential Transaction proxy requirements
    • Transaction artifacts to meet Use Case 1 requirements
    • Document Bundle proxy signature process
    • Artifacts to meet AoR L1 signature proxy requirements
    • Non-repudiation assurance
  • Identify gaps in current policy impacting Delegation and Proxy
  • References