Minutes: MedMid call 08-Sep-05
*Attendees*
Jack Buchanan, U. Tennessee - Memphis (Chair)
Keith Hazelton, U. Wisconsin - Madison
Chad La Joie, Georgetown U. / Project Sentinel Collaboratory
Brent
Putman, Georgetown U. / Project Sentinel Collaboratory
Frank Manion,
Fox Chase Cancer Center, caBIG
Steve Olshansky, Internet2
Ann West,
Internet2
Katherine Strojny, Internet2 (scribe)
*Action Items*
Carryover
[AI] Anyone interested in testing the feasibility of
inter-institutional collaboration on courseware via Shibboleth please
contact Dave Damassa <david.damassa@tufts.edu>.
[AI] Comments on the VistA program, especially related to identity and
access management middleware, are encouraged. Please direct them to the
list. (See mail from SteveO to the list 22-July-05 for related links).
[AI] {SteveO} will follow up with Keith about the AAMC identifier
proposal.
[AI] {Keith} will post a note to the MACE list inquiring about MedMid
related activities in Europe.
*Discussion*
Key points:
- Upcoming events of interest: Fall Internet2 Member Meeting, NCHICA,
BRIITE, and GridWorld.
- Status updates on pilot projects
- Current status of caBIG
- Action items including discussion of VistA
Upcoming Events:
The Fall Internet2 Member Meeting will take place September 19-22 in
Philadelphia. http://events.internet2.edu/2005/fall-mm/
Another upcoming conference is North Carolina Healthcare Information
and Communications Alliance (NCHICA) - "AMC Security and Privacy:
Progress and Prospects". The conference will take place September 26-28
in Research Triangle Park (RTP), NC, and is co-sponsored by Internet2
and AAMC. http://www.nchica.org/Activities/AMC05/intro.htm
The next Biomedical Research Institutions Information Technology
Exchange (BRIITE) meeting will be held Nov 2-4 at the Salk Institute in
San Diego. The general theme of the meeting will be "Enabling
collaboration for scientific research".
https://www.briite.org/events/salk-2005.php
Chad will be presenting on user authentication/authorization in a grid
environment at the upcoming GridWorld (October 3-5, Boston).
http://www.gridworldhome.com
MedMid Pilot Updates:
The Georgetown representatives provided an update on Project Sentinel.
In the past month, they met with the lead architect/developer on Azyxxi
(client server application) and defined the model for Shibboleth
integration. Some portions of their work can be generalized; in
specific, the underlying concepts of their approach to SSO/SLO (Single
Sign-On/Single Logout) functionality can be transferred to the upcoming
Shibboleth v2. Chad has sent a description of generalized SSO/SLO to a
limited distribution for feedback. He intends to make the description
generally available after the Fall Member Meeting, after adding content
from the meeting. He plans to post it to the Shibboleth wiki under
Future Planning. https://authdev.it.ohio-state.edu/twiki/bin/view
caBIG Update:
caBIG security consultants are currently assessing a number of
different technologies (including Shibboleth) for potential inclusion
in caBIG. A white paper will result from the study. So far, Shibboleth
has been successfully installed at the test bed. SteveO encouraged
continued updates and offered to facilitate assistance if required.
The caBIG project is running into some startup hurdles due to the size
of the project and the challenge of merging the objectives of various
groups, whose concept of security architecture may center on different
priorities: medical privacy, the grid layer, or scalability and trust
agreements. A couple of use cases have been floated to the data sharing
and intellectual capital group of caBIG, which is helping to define
security requirements. Responses to the use cases are being composed.
Frank may draw on members of this group for input.
Members provided information on the background of caBIG
(https://cabig.nci.nih.gov/): caBIG as a software release consists of
several subprojects, such as query language and data modeling. Some
parts are extensions to the Globus Toolkit and other software such as
semantic mapping tools. It can be seen as an attempt to build a
well-defined Semantic Web, and to bring formal linguistic and
ontological practices into a number of areas of cancer research, with a
goal of building a federated repository that can be searched. The
caGRID software, one of the products in caBIG, is a collection of grid
tools intended to address security and distributed computing. At this
stage, it includes Globus Grid Security Infrastructure (GSI) Security.
There are four other major components of the caBIG project: 1) A
clinical trial component, which addresses event reporting in order to
assist facilities in meeting governmental/industry reporting
requirements. 2) Tissue banking & histopathology: cancer clinics
are interested in finding out who has tissue samples on a national
scale (so medical privacy becomes an issue). 3) The Integrative Cancer
Research Group consists of 17 groups focused on assessing
bioinformatics tools. 4) A new group is focused on various types of
imaging used in cancer research.
Is there consensus on the issue of de-identification and anonymization
of data, as a medical privacy requirement? It does not appear so at
this time. The current architecture is site-specific. In the future, it
may be necessary to develop a federated architecture that addresses
this security issue.
Action item discussion:
The action items from the last call were carried over (see *Action
Items* section above). There was some discussion on the Veterans
Administration VistA application, which is used to store patient
medical records.
With the federal push to make VistA widely available, is there anything
that the middleware folks should be thinking about in terms of
integrating security architecture? This has possibilities. VistA grew
up as a database on PDP-11 and evolved to the current version, which is
a text-based Intel port with a GUI front end. It has been recognized
that the architecture (which relies on MUMPS) is obsolete and needs to
be redesigned. [Note the following article, published after the
conference call, contains a status update of this
initiative:
http://govhealthit.com/article90704-09-09-05-Web&newsletter=yes]
The next MedMid call will be Thursday Oct 13 at 2pm EDT. We are still
on the 2nd Thursday of the month schedule.