Barry L. Zimmerman, Director Ventura County Human Services Agency

Similar documents
Working with Indicee Elements

Egnyte Single Sign-On (SSO) Installation for OneLogin

DocuSign Quick Start Guide. In Person Signing. Overview. Table of Contents

Cross Site Scripting in Joomla Acajoom Component

Administering Jive for Outlook

Your Guide to Integrations with Digital River

WEBSITE PRIVACY POLICY. Last modified 10/20/11

A detailed walk through a CAS authentication

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

Building Secure Applications. James Tedrick

OpenSSO: Cross Domain Single Sign On

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Implementation Guide SAP NetWeaver Identity Management Identity Provider

External Network & Web Application Assessment. For The XXX Group LLC October 2012

An Insight into Cookie Security

Infor Xtreme Browser References

Interwise Connect. Working with Reverse Proxy Version 7.x

AESDirect WebLink Migration

STABLE & SECURE BANK lab writeup. Page 1 of 21

Getting Started with Clearlogin A Guide for Administrators V1.01

Sage Accpac CRM 5.8. Self Service Guide

Safewhere*Identify 3.4. Release Notes

Authorize.net modules for oscommerce Online Merchant.

Lecture Notes for Advanced Web Security 2015

ExtraHop and AppDynamics Deployment Guide

Table of Contents. Table of Contents 3

Copyright: WhosOnLocation Limited

Virtual Contact Center

Exchange Web Services [EWS] support in The Bat! v7

Social Application Guide

IBM WebSphere Application Server

FortyCloud Installation Guide. Installing FortyCloud Gateways Using AMIs (AWS Billing)

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

Virtual Contact Center. Release Notes. Version Revision 1.0

Easy CramBible Lab DEMO ONLY VERSION Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0

In a browser window, enter the Canvas registration URL: silverlakemustangs.instructure.com

7.0 Self Service Guide

DreamFactory Security Whitepaper Customer Information about Privacy and Security

Setup Guide: Server-side synchronization for CRM Online and Exchange Server

User Guide to the Content Analysis Tool

Gateway Apps - Security Summary SECURITY SUMMARY

Absorb Single Sign-On (SSO) V3.0

My Stuff Everywhere Your Content On Any Screen

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

PI Cloud Connect. Customer Onboarding Checklist

VoIPon Tel: +44 (0) Fax: +44 (0)

P309 - Proofpoint Encryption - Decrypting Secure Messages Business systems

SAML Security Option White Paper

The Social Accelerator Setup Guide

TG Web. Technical FAQ

Workday Mobile Security FAQ

Session 17 Windows 7 Professional DNS & Active Directory(Part 2)

Software Requirement Specification For Flea Market System

Customize Mobile Apps with MicroStrategy SDK: Custom Security, Plugins, and Extensions

Net 2. NetApp Electronic Library. User Guide for Net 2 Client Version 6.0a

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Training module 2 Installing VMware View

F5 BIG-IP: Configuring v11 Access Policy Manager APM

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

OneLogin Integration User Guide

Load testing with. WAPT Cloud. Quick Start Guide

Guide to Analyzing Feedback from Web Trends

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

Alfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0)

Web Application Guidelines

PI Cloud Services --- PI Cloud Connect. Customer Onboarding Checklist

NEXT Analytics User Guide for Facebook

TECHNICAL CONDITIONS REGARDING ACCESS TO VP.ONLINE. User guide. vp.online

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

Security features of ZK Framework

FitCause Privacy Policy

DocuSign for SharePoint

Single Sign On. SSO & ID Management for Web and Mobile Applications

itds OAuth Integration Paterva itds OAuth Integration Building and re-using OAuth providers within Maltego 2014/09/22

CHAPTER 20 TESING WEB APPLICATIONS. Overview

How To Use Saml 2.0 Single Sign On With Qualysguard

Enhanced Security for Online Banking

Marketo GoToWebinar Adapter. User Guide Version 3.5

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

HP Software as a Service

BUSINESS CHICKS, INC. Privacy Policy

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

PREPLY PRIVACY POLICY

Work with PassKey Manager

Virtual Contact Center

BusinessObjects Enterprise XI Release 2

WebMail Forensics. Thomas Akin, CISSP. Director, Southeast Cybercrime Institute Kennesaw State University

E-Learning User Manual

Application Security Testing. Generic Test Strategy

tpischeduler tpischeduler TotalFBO tpischeduler TotalFBO Initial Installation tpischeduler TotalFBO tpischeduler

Novell Access Manager

Web Applications Access Control Single Sign On

GUESTBOOK REWARDS, INC. Privacy Policy

Transcription:

Barry L. Zimmerman, Director Ventura County Human Services Agency

Introducing Foster Health Link Caregiver participation in focus groups and system testing prior to implementation Targeted communication via e-mail blasts, newsletters, Facebook, and FosterVCkids website In-person contact during scheduled home visits by social workers and recruitment staff Ongoing training for caregivers during licensing process Orientation for new staff Business process changes to ensure integration of Foster Health Link into practice Better information for better health decisions

Caregiver Feedback Foster Health Link is easy to navigate Health information for foster children can typically be found quickly The medical dictionary can be helpful because it provides additional information about certain medical conditions I appreciate the easy access to information that I haven t always had when I needed it. I also like having so much information so accessible, including case numbers and immunization records that I may need to supply to schools and clinics. Better information for better health decisions

Ventura County Foster Health Link Medical Records Integration

Requirements Caregiver can view information available in Cerner for each Child Medical record information for Child should be viewable within the context of other Child information on FHL

Constraints Care-giver is not required to authenticate into VC Health econnect Child s medical record information is inaccessible from the same browser after Care-giver logs out of FHL

Solution: Step 1 FHL Web Application makes secure request for Child's medical record information to FHL Web API. The requested information could be Profile, Medications, Documents, Labs, Messages, Appointments etc. FHL Web Application FHL Web API Firewall

Solution: Step 2 FHL Web API calls CernerHealth.com login page and caches cookies. It then authenticates into CernerHealth.com using Child s stored credentials. CernerHealth.com redirects to VCHCA.iqhealth.com. FHL Web Application FHL Web API Cerner health.com Firewall

Solution: Step 3 VCHCA.iqhealth.com returns the landing page for the user along with session cookies. FHL Web API caches iqhealth.com cookies and extracts Cerner ID from landing page. This Cerner ID is required in most subsequent URL requests to VCHCA.iqhealth.com FHL Web Application FHL Web API VCHCA. iqhealth.com Firewall

Solution: Step 4 Now, the FHL Web API has an established session for the Child s account and cookies required for authenticated requests to VCHCA.iqhealth.com in its cache. It makes the request for the information requested by the Care-giver in Step 1. FHL Web Application FHL Web API VCHCA. iqhealth.com Firewall

Solution: Step 5 VCHCA.iqhealth.com returns the requested page (example: Medications). The FHL Web API strips extraneous information, rewrites all URLs to point to a FHL Web API Proxy end-point and returns the main content to the FHL Web Application completing the request. FHL Web Application FHL Web API VCHCA. iqhealth.com Firewall

Solution: Step 6 All FHL Web Application requests for the same Child by the Care-giver during the same session are routed through the Proxy end-point which uses the cached session cookies to make requests to VCHCA.iqhealth.com. The returned web page is processed as described in Step 5 and returned to the FHL Web Application. FHL Web Application FHL Web API VCHCA. iqhealth.com PROXY Firewall

Solution: Step 7 The FHL Web API caches the authenticated session information for VCHCA.iqhealth.com for a sliding 5-minute window. After the initial request and each subsequent request, if the FHL Web Application user does not make additional requests within 5 minutes, the cached cookies are destroyed. FHL Web Application FHL Web API VCHCA. iqhealth.com Firewall

Security Analysis Child s VC Health econnect credentials are never exposed outside the firewall FHL Web API is entirely inside the firewall and VCHCA.iqhealth.com authentication cookies are cached by a server application (i.e. no web browser is part of the transaction) URLs for econnect information are opaque as they point to the FHL Web API Proxy end-point.

Risks The solution is impervious to styling and script changes on VCHCA s site, but is dependent on the ID s of a small number (2-3) elements. If ID s of these elements are changed in the HTML markup, the solution will no longer work. If cookie names on Cerner or VCHCA sites are changed, the solution will no longer work. For both of the above situations, the FHL Web Application can be designed to gracefully degrade by hiding the econnect-related links until the solution can be adapted for the changes.

Benefits Writing code to interact with the Cerner API, fetch information and compose it into a functional UI for the FHL web application would be expensive and timeconsuming. VCHCA already has done the work of fetching and formatting econnect information for display and interaction. Building upon this is efficient and increases the value of public funds invested in building the VCHCA solution.

Barry L. Zimmerman, Director Ventura County Human Services Agency

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information