Difference between revisions of "Federation Trust Registry"

From MgmtWiki
Jump to: navigation, search
(Solution)
Line 26: Line 26:
 
# Machine readable data as well as meta-data (called Service-Enabled Data Store).
 
# Machine readable data as well as meta-data (called Service-Enabled Data Store).
 
# Data Security
 
# Data Security
 
+
# Contains no [[User Information]], but is expected to respond [[Anonymous]]ly to [[User]] queries.
  
 
==References==
 
==References==

Revision as of 12:31, 17 September 2018

Full Title or Meme

Wherever a Web Sites wishes to take advantage of the benefits of belonging to a Federation it needs to be exposed in a Data Service that allows any user to ensure that the Web Site has been Validated by the Federation.

Context

Several variations on the theme of a Federation Trust Registry exist already.

  • Trust Services of TSCP the Transglobal Secure Collaboration Program (mostly focused on NATO A&D industry).
  • UK Open Banking (focused on UK banks and payment processors)
  • Recognized Coordinating Entity (RCE) (focused on the US Health Care community.)[1] See the page on TEFCA.

When a US federal federal agency's mission requires that it disseminate controlled unclassified information (CUI) to non-executive branch entities, but prohibits it from entering into a contractual arrangement, the agency is nevertheless directed to seek the entity's protection of CUI in accordance with Executive Order 13556, Controlled Unclassified Information, or any successor order, and the CUI Program regulations, which include requirements to comply with NIST SP 800-171.

Standards must be implemented, potentially with a profile, to ensure that the result is "as consistently as possible, follows implementation guides and authoritative best practices published by the applicable standards development organization (SDO). Minimizing variation in how standards are implemented will make it easier for others to connect to Electronic Health Information. Further, to the extent possible, Electronic Health Information stored in health IT products should be structured and coded using standardized vocabularies."[1]

Problem

So far every solution has been one-off and not applicable to the next federation with the same general problem.

Solution

In order that a Federation can be expose both is principles and its membership to the public some data server needs to provide information about the existing membership and their status. There are two ways to do this:

  1. A list of the members and their status that can be viewed in a browser.
  2. A data service that exposes the contents of the site in machine readable format.

This page is about the later case.

Of primary importance for a Federation that wants to allow user's to trust the members, is some easily accessible data service on a site that meets the following criteria[2]

  1. Reliable, always-on accessibility.
  2. Meta-data descriptions of the contents of the site.
  3. Machine readable data as well as meta-data (called Service-Enabled Data Store).
  4. Data Security
  5. Contains no User Information, but is expected to respond Anonymously to User queries.

References

  1. 1.0 1.1 The Office of the National Coordinator (ONC) for Health Information Technology, DRAFT TRUSTED EXCHANGE FRAMEWORK. (2018) Section 2 - How Will it Work p. 9ff https://www.healthit.gov/sites/default/files/draft-trusted-exchange-framework.pdf
  2. Michael J. Carey +2, Data Services (2012-06) CACM 55 No 6 Pp. 86-97

External Sources