wicked problems, righteous solutions: learnings from two years of directtrust pki and...
TRANSCRIPT
Wicked Problems, Righteous Solutions: Learnings from Two Years of DirectTrust PKI and
Interoperability Testing Experiences
DirectTrust Technical Break-out SessionMarch 22, 2015
Greg Meyer, Distinguished Engineer, Cerner CorporationLuis C. Maas III, MD, PhD, CTO, EMR Direct
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Real World Challenges
• Technical HISP-to-HISP Solutions• Certificate Authority Solutions• Payload Realities: Collaboration between EHR Counter Parties• Workflow Definitions
2
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Purpose of Testing: Strengthen DirectTrust Network
• New HISP to HISP connections often result in unexpected interop issues • Strong signaling from customer community about expectations for DirectTrust Network (and Direct in
general)– It should “just work”– Customers cannot tolerate unpredictable failures
• “30+ potential reference models”– 2 Reference Implementations, a few “clean room” implementations, but no two deployments of Direct
behave exactly the same– Pairwise testing across this variety of systems reveals unique issues – No good way to automate HISP-to-HISP testing at a single point
3
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Purpose of Testing: Strengthen DirectTrust Network
• Strong community of collaborators exists within DirectTrust– History of connect-a-thon participation, good communication– DirectTrust Network removes uncertainty in exchange through security policies, a common Certificate
Profile, preliminary inspection by anchor bundle committee, removing incompatible certificates• Interop testing can be performed on a continuous basis, with very little time commitment• Demonstrate current level of success, take inventory of shortcomings• Feedback to policy making and accreditation process
4
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Network Interoperability Over Time
February 11 and 28, 2014 May 21, 2014 March 10, 201514 HISPs 26 HISPs 39 HISPs
5
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Network Interoperability Over TimeMarch 13, 2015: 30 HISPs Testing
6
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Solution Guide
General Takeaways: 1. Generate payloads, messages, MDN requests & responses as
closely to specs as possible.2. Accept as broadly as possible.
7
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
More Specific Takeaways
• Benefits of Interoperability forum– Real human points of contact– Central location for posting common issues and status of each pairwise interaction
• Direct is transport, not workflow– Loose coupling between transport & workflow– Many use cases can be supported, not just Transitions of Care, View/Download/Transmit– Expecting a text part before a CCDA—coupling transport with workflow
• Trust Network Membership—a product marketing/customer messaging challenge– DirectTrust HISP can also trust non-DirectTrust HISPs outside the network– DirectTrust CA can also issue non-DirectTrust addresses that don’t interoperate with DirectTrust network
8
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
SATC Consensus StatementsNovember, 2014
• Send Processed MDN unless sending immediate failure due to address not existing or otherwise• Send C-CDA as application/XML; receive as application/XML or text/XML• Direct addresses, including their domain parts, are case-insensitive• Stylesheet URIs should not reference external websites• All EHRs should support receiving of application/zip and application/octet-stream XDM
– In the short term, XD* HISPs may send outbound messages as Vanilla Direct instead of XDM ZIP for recipients who are known to not process XDM
– Outbound XDM should be in application/zip format
• Wildcard “catch-all” addresses are permitted • Conventional spam filtering on message content should not be performed on messages from trusted
recipients• Blind Forwarding
– Edge protocol needs to have a mechanism for failures and require that it be used when addresses are not in use
9
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Interoperability Solutions(FROM: A REPORT ON DIRECTTRUST INTEROPERABILITY TESTING AND RECOMMENDATIONS TO IMPROVE DIRECT EXCHANGE)
• Better constrain the C-CDA payload• C-CDAs both via MIME and via XDM Zip are valid MU2 payloads• EHR endpoint interoperability testing• Guide to converting the XDM Zip to MIME • MDN ambiguities resolution• Resolve service level issues
10
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Questions?
11