Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 2 Process Flows and Functionalities : NHIN/esMD Authorization Framework with SAML Assertions

NHIN/esMD Authorization Framework with SAML Assertions
SAML is an XML-based, open-standard data format for exchanging authentication and authorization data between parties. SAML is a product of the OASIS Security Services Technical Committee. The Nationwide Health Information Network (NHIN) is a set of standards, services, and policies for secure exchange of the health information over the Internet. The NHIN Authorization Framework Specification defines the primary set of services and protocols that is required to establish a messaging, security, and privacy foundation for the NHIN.
Electronic Submission of Medical Documentation (esMD), as part of NHIN, follows the NHIN Authorization Framework with SAML 2.0 assertions. By using SAML assertions, esMD defines the exchange of metadata used to characterize the initiator of an esMD request, so the request might be evaluated by the esMD Gateway in local authorization decisions. The purpose of these SAML assertions exchange is to provide the esMD Gateway with the required information to make an authorization decision by using the policy enforcement point for the requested esMD function. Each initiating SOAP message must convey information by using SAML 2.0 assertions. The NHIN/esMD Authorization Framework is used by Council for Affordable Quality Healthcare (CAQH) CORE in exchanging healthcare information.
TIBCO BusinessConnect SOAP Protocol supports SAML assertions in conformance with the NHIN Authorization Framework. TIBCO BusinessConnect SOAP Protocol can work as either the esMD Gateway or clients. On esMD Gateway side, requests with SAML assertions are authenticated before all the Health Information Handler (HIH) and authorization attributes are forwarded to back office systems for further evaluation in authorization decisions. Responses sent back to the initiators in asynchronous mode can use SAML assertion signature, and also convey the HIH and authorization attributes. Responses sent back to the initiators in synchronous mode can use signature confirmation to verify the SAML assertion signature.
For more details on how to configure SAML assertions in TIBCO Administrator, see Request Action Tab and Response Action Tab. For more details on the NHIN/esMD process definitions, see Introducing NHIN/esMD Process Definitions.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved