The “Direct Project” Reference Implementation Architecture · Direct Reference Implementation 3 Open-source reference implementation and associated libraries implementing the

The “Direct Project” Reference Implementation Architecture

1

NwHIN Direct Approach

2

Develop specifications for a secure, scalable, standards-based way to establish universal health addressing and transport for participants

Send encrypted health information directly to known, trusted recipients over the Internet (Push Model)

Participants include providers, laboratories, hospitals, pharmacies and patients

Standards and service descriptions designed to address the key Stage 1 requirements for Meaningful Use

http://wiki.directproject.org/home



Direct Reference Implementation

3

Open-source reference implementation and associated libraries implementing the Direct Project specification

Implementations in Java and in C Sharp(.Net)

Actually implemented and used in several pilot projects. New York Hudson Valley and Rhode Island have hooked their pilots together (HISP to HISP)

Multiple EHRs vendors in the pilots

http://wiki.directproject.org/Reference+Implementation+Workgroup

4

HISP Security Domain

ConfigurationService

SMTP Service(Gateway )

Apache Mailet API

Security Agent

SQL

Configuration Web UI

“Real” SMTPServer

XDR Source(Sending System)

JAVA REFERENCE IMPLEMENTATION PLUS DIRECTORY SERVICES

XD* SOAP SERVICE

Apache Mailet API

XD* Agent

Internal Email Client

XDR Service(Receiving System)

POP/SMTP

Provider Directory Services

CertificateDirectoryServices

External Direct Health

Information Services (HISPS)

SMTP(SMIME)

EHR to EHR

5

cmp EHR to EHR

XDR Source (Sending System) HISP/HIE Direct XD* Serv ice XDR Serv ice (Receiv ing

System)

Configuration Serv iceProv ider Directory Serv ice

ProvideAndRegister

Mutual Authentication

Get Local Endpoint

ProvideAndRegister


Search For Provider

Search For Entity

EHR to EHR Sequence

6

sd EHR to EHRSequence

XDR Source (Sending

System)

Provider Directory

Service

HISP/HIE Direct XD*

Service

Configuration Service XDR Service (Receiving

System)

SearchForProvider(SearchForProviderRequest)

:SearchForProviderResponse

MutualAuthentication()

ProvideAndRegister(ProvideAndRegisterRequest)

GetLocalEndpoint(DirectAddress)


:ProvideAndRegisterResponse


Why the SMTP Backbone ?

Allows for the inclusion of providers without EHRs in the Direct model

Allows for a security model that does not rely on a strong federation

Strongly federated security with dictated CA structure, like the “Federal Bridge”, seem to be difficult to implement

Without strong federation, unanticipated push between two random TLS based SOAP systems is not simple (possible?)

Using the Direct “Certificate Directory” model allows for unanticipated SMIME with “dynamic certificate exchange”

7

8




Apache Mailet API

Security Agent

SQL




THE MAILET, ENABLING SECURE SMTP BASED SERVICES

XD* SOAP SERVICE

Apache Mailet API

XD* Agent



POP/SMTP





SMTP(SMIME(XDM))

SMTP (XDM)

What Apache Mailets Get You

“In-flow” programmatic access to the (S)MIME message without cumbersome polling or queuing

Allows for dynamic certificate exchange, decryption and signature validation

Allows for dynamic conversion to more SOA friendly protocols

Extremely simple “injection” mechanism

Configuration based

9

SOAP to SMTP

10

cmp EHR toSMIME Out

XDR Source (Sending System) HISP/HIE Direct XD* Serv ice HISP/HIE Direct Mail Serv ice

Configuration Serv iceProv ider Directory Serv ice Certificate Repository Serv ice

External Direct SMTP Serv ices

Get Provider Private

Key (Sender, Sign)

SMIME(XDM) Over SMTP

Get Current Certificates

(Recipient, Encrypt)

XDM Over SMTP

Get Local Endpoint

ProvideAndRegister


Search For Provider

Search For Entity

SOAP to SMTP Sequence

11

sd EHR to SMIME Out Sequence

XDR Source (Sending

System)

Provider Directory

Service

HISP/HIE Direct XD*

Service

Configuration Service Certificate Repository

Service

HISP/HIE Direct Mail

Service

External Direct SMTP

Services

SearchForProvider(SearchForProviderRequest)

:SearchForProverResponse



GetLocalEndpoint(DirectAddress)

SMTP(XDM)

GetProviderPrivateKey()

GetCurrentCertificates()

SMIMEOverSMTP(XDM)

:Ack

:Ack


12




Apache Mailet API

Security Agent

SQL




THE MAILET, ENABLING SECURE SMTP BASED SERVICES

XD* SOAP SERVICE

Apache Mailet API

XD* Agent



POP/SMTP





SMTP(SMIME)

XDR

SMTP to SOAP

13

cmp SMIME to EHR In

XDR Serv ice (Receiv ing

System)

HISP/HIE Direct XD* Serv iceHISP/HIE Direct Mail Serv ice

Configuration Serv ice

XD Step Up Serv ice

Certificate Repository Serv ice

External Direct SMTP Serv ices

Get Local Endpoint

ProvideAndRegister


ProvideAndRegisterForwardMessage

Get Local Endpoint

Get Provider Private Key

(Recipient, Decrypt)

Get Current Certificates

(Sender, Validation)

SMIME Over SMTP

SMTP to SOAP Sequence

14

sd SMIME to EHR In Sequence

External Direct SMTP

Services

HISP/HIE Direct Mail

Service

Certificate Repository

Service

Configuration Service XD Step Up Service HISP/HIE Direct XD*

Service

XDR Service (Receiving

System)

SMIMEOverSMTP()

GetProviderPrivateKey()

GetCurrentCertificates()

GetLocalEndpoint()

ForwardMessage(Payload)





:ProvideAndRegisterReponse

:Ack

:Ack

Conclusions and Questions ?

The Direct specification and reference implementation has been an incredible example of cooperative open source development

Multiple “connectathons” and extensive jUnit testing help make the implementation rock solid

Architecture seems as clean as possible with multiple protocols

Still firming up the Provider Directory detailed requirements

Certificate Directory now uses DNS, may or may not change

15

Documents

The “Direct Project” Reference Implementation Architecture · Direct Reference Implementation 3 Open-source reference implementation and associated libraries implementing the