Embed Size (px)
DESCRIPTION
NHIN-Direct SMTP/Email Notes. 6/10/2010. Why we chose Email. Concepts match the charter exactly Implementations match the charter exactly* Well understood by end users Well understood by existing ISP industry Well understood by existing vendors - PowerPoint PPT Presentation
Citation preview
NHIN-Direct SMTP/Email Notes
6/10/2010
Why we chose Email• Concepts match the charter exactly• Implementations match the charter exactly*
• Well understood by end users• Well understood by existing ISP industry• Well understood by existing vendors
• Almost no new code - security agent only (same code that is a subset of other implementations)
• ISPs can participate with their existing infrastructure and skill set
Implementation Overview
• Really, it’s just email.• Security agent plugged in at
any point in the pipeline between Client (Source) and Server (Source HISP)
• Channels can be TLS-encrypted to protect routing information
• Email Client• EHR, PHR
EmailServer
EmailServer
• Email Client• EHR, PHR
SMTP, MAPI
POP3, IMAP, MAPI
SMTP
POP3, IMAP, MAPI
SMTP, MAPI
S SH DH D
Key Technologies
• Content Packaging: RFC 5322 + MIME• Addressing: endpoint@domain• Security & Trust: S/MIME• HISP-HISP Transport: SMTP(S)• Client-HISP Transport: SMTP, POP3, IMAP,
MAPI, etc…• Certificate distribution: DNS CERT
Structure, metadata and innovation
• Scalable structure– Body Text (always available, Individual Involvement)– Unstructured attachments (PDF)– Structured attachments (CCx, SCRIPT, etc.)– Explicit metadata MIME part (XDM)
• Transport has proven itself over 20+ years• Innovate in the payload
Security Agent• S/MIME Sign and Encrypt of messages fully supports
requirements of Security & Trust Workgroup• Certificate distribution by DNS CERT records
• Scalable approach to PKI Management – starts easy as TLS, adds ability to scale down to individual– HISP manages certificates– Organization manages certificates– Individual manages certificates
• Ability to use across implementations demonstrates the value of taking a transport-independent approach
Sample Message “On the wire”
thread-index: AcsGjnbwhdd7B5CFQSuA2mgm0a8D9Q==Received: from umeshma4 ([131.107.0.72]) by nhind.hsgincubator.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 7 Jun 2010 15:12:05 -0700Message-ID: <[email protected]>From: "Dr Biff Hooper" <[email protected]>To:"Dr. Alsip" <[email protected]>, daa858cb-a066-4c76-885f-ffa67242d6c3.9c24b165-7429-4ee2-a646-3bd7986b9968@hvnhind.hsgincubator.comSubject: Fw: Patient ReferralDate: Mon, 7 Jun 2010 15:11:44 -0700Organization: Biff's ClinicContent-Transfer-Encoding:base64MIME-Version: 1.0Content-Type:application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"X-Priority: 3X-MSMail-Priority: NormalImportance: NormalX-Mailer: Microsoft Windows Live Mail 14.0.8089.726X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4657Content-Class: urn:content-classes:messagePriority: normalReturn-Path: <[email protected]>X-OriginalArrivalTime: 07 Jun 2010 22:12:05.0717 (UTC) FILETIME=[76B95050:01CB068E]
MIMDtx4GCSqGSIb3DQEHA6CDA7cOMIMDtwkCAQAxggJvMIG6AgEAMCMwFTETMBEGA1UEAxMKVU0tQU1BTEdBMQIKFmbg8QAAAAAAGDANBgkqhkiG9w0BAQEFAASBgMrVicD/tjx0ZZ0daK0nN2GMLqJgFalBuKGxe+ZZATxHxJPCD4rg80pI5vLt/s8A3sRrCrrOSniwpl1kzg6Nunlq6wz/PpK7QTVofwptH0ZGYMRin/CxQD4tlf9YFmLuXNdvrvG7AkgRdMS7MZZzBliEdCdUZncb6qnyEf9Y1JlsMIIBrgIBADCBlTCBhzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1pc3NvdXJpMQ8wDQYDVQQKEwZDZXJuZXIx...fEL7VbSd34tez2pUHCL9FbtRBWReSW1hcLEvlsJjeCBaVAKFrW6VZqzTt+M=
Reliable Messaging
• Store and forward model is critical in a massively distributed network – because it is likely that destinations will be unavailable– Daily issues, upgrades, disaster, remote
• Ability to route across intermediate hops will be important in a heterogeneous network– Corporate intranet gateways
Why Existing Services Matter• Operations– Administration and provisioning– Backups– System health monitoring– Patch and upgrade process
• Security history, minimal new attack surface• Multi-tenant issues worked out• Training and industry skill set– admin, NOC, customer service
• Account support: quota management, billing, fraud detection, etc.
Demo: Step 1• Source: Outlook + Windows SMTP• Destination: Thunderbird + Postfix
• Notes– Attached CCD document– Read receipt
Demo: Step 2• Source: Millennium + IronPort• Destination: Thunderbird + Postfix
• Notes– EHR integration– Flexible attachment types
Demo: Step 3• Source: Thunderbird + Postfix• Destination: Windows Live Mail + Windows SMTP
• Notes– Simple text message– Out of Office
Demo: Step 4• Source: Windows Live Mail + Windows SMTP• Destination: HealthVault & Thunderbird
• Notes– Multiple recipients– Structured PHR integration
Demo Technologies
• Clients– Cerner Millennium– Thunderbird– Outlook– Windows Live Mail– HealthVault
• DNS– Bind
• Servers– Windows SMTP– Postfix
• Operating Systems– Amazon EC2– Windows Server– Linux
Demo Topology
Since Tuesday
• Secure Exchange Solutions has successfully sent and received NHIN-D messages using the SMTP implementation
• A “desktop gateway” is available that enables any currently-live mail service (Gmail, Hotmail) to be used for NHIN-D messaging
– We believe that with the SMTP solution, the bar for the largest webmail providers to offer NHIN-D service is low enough that we can expect to see offerings emerge.
