Wicked Problems, Righteous Solutions: Learnings from Two Years of DirectTrust PKI and Interoperability Testing Experiences DirectTrust Technical Break-out Session March 22, 2015 Greg Meyer, Distinguished Engineer, Cerner Corporation Luis C. Maas III, MD, PhD, CTO, EMR
11
Embed
Wicked Problems, Righteous Solutions: Learnings from Two Years of DirectTrust PKI and Interoperability Testing Experiences DirectTrust Technical Break-out.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Wicked Problems, Righteous Solutions: Learnings from Two Years of DirectTrust PKI and
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Purpose of Testing: Strengthen DirectTrust Network
• New HISP to HISP connections often result in unexpected interop issues • Strong signaling from customer community about expectations for DirectTrust Network (and Direct in
general)– It should “just work”– Customers cannot tolerate unpredictable failures
• “30+ potential reference models”– 2 Reference Implementations, a few “clean room” implementations, but no two deployments of Direct
behave exactly the same– Pairwise testing across this variety of systems reveals unique issues – No good way to automate HISP-to-HISP testing at a single point
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Purpose of Testing: Strengthen DirectTrust Network
• Strong community of collaborators exists within DirectTrust– History of connect-a-thon participation, good communication– DirectTrust Network removes uncertainty in exchange through security policies, a common Certificate
Profile, preliminary inspection by anchor bundle committee, removing incompatible certificates• Interop testing can be performed on a continuous basis, with very little time commitment• Demonstrate current level of success, take inventory of shortcomings• Feedback to policy making and accreditation process
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
More Specific Takeaways
• Benefits of Interoperability forum– Real human points of contact– Central location for posting common issues and status of each pairwise interaction
• Direct is transport, not workflow– Loose coupling between transport & workflow– Many use cases can be supported, not just Transitions of Care, View/Download/Transmit– Expecting a text part before a CCDA—coupling transport with workflow
• Trust Network Membership—a product marketing/customer messaging challenge– DirectTrust HISP can also trust non-DirectTrust HISPs outside the network– DirectTrust CA can also issue non-DirectTrust addresses that don’t interoperate with DirectTrust network
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
SATC Consensus StatementsNovember, 2014
• Send Processed MDN unless sending immediate failure due to address not existing or otherwise• Send C-CDA as application/XML; receive as application/XML or text/XML• Direct addresses, including their domain parts, are case-insensitive• Stylesheet URIs should not reference external websites• All EHRs should support receiving of application/zip and application/octet-stream XDM
– In the short term, XD* HISPs may send outbound messages as Vanilla Direct instead of XDM ZIP for recipients who are known to not process XDM
– Outbound XDM should be in application/zip format
• Wildcard “catch-all” addresses are permitted • Conventional spam filtering on message content should not be performed on messages from trusted
recipients• Blind Forwarding
– Edge protocol needs to have a mechanism for failures and require that it be used when addresses are not in use
www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036
Interoperability Solutions(FROM: A REPORT ON DIRECTTRUST INTEROPERABILITY TESTING AND RECOMMENDATIONS TO IMPROVE DIRECT EXCHANGE)
• Better constrain the C-CDA payload• C-CDAs both via MIME and via XDM Zip are valid MU2 payloads• EHR endpoint interoperability testing• Guide to converting the XDM Zip to MIME • MDN ambiguities resolution• Resolve service level issues