Object Management Group. Healthcare Security Framework Request For Proposal



Similar documents
Overview of CORBA 11.1 I NTRODUCTION TO CORBA Object services 11.5 New features in CORBA Summary

Enterprise Computing. When the Object Management Group (OMG) was formed in 1989, interoperability. omg overview: ~Jon Siegel~ CORBA and the OMA in

Protecting the Hosted Application Server

Any technology CORBA technology. Problem Propagation CPR / CORBA. CPR / Any Any / CORBA. Any Enterprise / Any Technology

Business Object Facilities. A Comparative Analysis æ

A Flexible Security Architecture for the EJB Framework

OMG/CORBA: An Object-Oriented Middleware

REQUEST FOR INFORMATION (RFI) for Time Data Collection Solutions for The CITY OF PHILADELPHIA. Issued by:

Introduction to CORBA. 1. Introduction 2. Distributed Systems: Notions 3. Middleware 4. CORBA Architecture

Security Service Specification 15

Software Testing A Time for Standard Models

Service Oriented Architecture

Offers received without the entire completed three-page RIVP Generated Bidder Certification Form attached may result in disqualification.

ETSO Modelling Methodology for the Automation of Data Interchange of Business Processes (EMM)

Definition of SOA. Capgemini University Technology Services School Capgemini - All rights reserved November 2006 SOA for Software Architects/ 2

Web Services and Seamless Interoperability

Session Abstract by Edward A. Feustel Institute for Defense Analyses

Addendum 1 RFP #154D-16F CityWorks System Cloud Hosting

Connector-oriented Workflow System for the Support of Structured Ad hoc Workflow

Questions and Answers (1) to HQ0034-FVAP-11-BAA-0001

CMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM

OPENIAM ACCESS MANAGER. Web Access Management made Easy

How To Become A Web Vendor For The House Of Reps

Definition of a Software Component and Its Elements

Model-Driven Development of a Biosignal Analysis Framework: Benefits and Impacts on Processes. Nikolas Hofmann

Whitepaper: Data Management Platforms for Publishers. How can a DMP get you there

Service Oriented Architecture 1 COMPILED BY BJ

Service Oriented Architecture

Nikolay Grozev. Supervisor: Juraj Feljan, Mälardalen University Consultant: Sylvia Ilieva, University of Sofia

ARKANSAS DEVELOPMENT FINANCE AUTHORITY REQUEST FOR PROPOSALS FROM MULTIFAMILY CONSTRUCTION AND ASSET MANAGEMENT FIRMS

Sample Request For Your Organization - A Guide to Association Management Resources

Dynamic Scheduling of Object Invocations in Distributed Object Oriented Real-Time Systems Jørgensen, Bo Nørregaard; Joosen, Wouter

Project Proposal Distributed Project Management

Introduction to AS 9100

Introduction to Web Services

A Management Tool for Component-Based Real-Time Supervision and Control Systems

The EMSX Platform. A Modular, Scalable, Efficient, Adaptable Platform to Manage Multi-technology Networks. A White Paper.

An Object Model for Business Applications

Fundamentals of Information Systems, Fifth Edition. Chapter 8 Systems Development

Completeness, Versatility, and Practicality in Role Based Administration

Special Topics in Security and Privacy of Medical Information. Privacy HIPAA. Sujata Garera. HIPAA Anonymity Hippocratic databases.

IHE IT Infrastructure Technical Committee White Paper. Template for XDS Affinity Domain Deployment Planning

2 (18) - SOFTWARE ARCHITECTURE Service Oriented Architecture - Sven Arne Andreasson - Computer Science and Engineering.

MASTER OF ARCHITECTURAL HISTORY Thesis Guidelines Revised 10/2013

September 2009 Cloud Storage for Cloud Computing

SOA Adoption Challenges

REQUEST FOR INFORMATION for Procurement Front-End System Modernization for The CITY OF PHILADELPHIA PROCUREMENT DEPARTMENT

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS

Architecture of the CORBA Component Model CORBA 3.0

ESS EA TF Item 2 Enterprise Architecture for the ESS

What Is the Java TM 2 Platform, Enterprise Edition?

A Web-Based Real-Time Traffic Monitoring Scheme Using CORBA

Private Circulation Document: IST/35_07_0075

Software Defined Storage

Guidelines for Application RFP Relating next generation monitoring and control system development

1 Introduction. 2 The need for Engineering Workflow. 3 Example engineering workflow -3- NLR-TP

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER

PRE-RFP Analysis for Website Development & Maintenance

Layering a computing infrastructure. Middleware. The new infrastructure: middleware. Spanning layer. Middleware objectives. The new infrastructure

21st Century Tax Systems: COTS or Service Oriented Architectures. August 3, 2009

SERVICE ORIENTED ARCHITECTURES (SOA) AND WORKFLOWS NEED FOR STANDARDISATION?

E-Business Technologies for the Future

Defense Healthcare Management Systems

SOA for Healthcare: Promises and Pitfalls

Work Plan & Project List

INTRODUCTION. Chapter Motivation

CULVER CITY UNIFIED SCHOOL DISTRICT 4034 Irving Place Culver City, CA (310) REQUEST FOR PROPOSALS CONSTRUCTION MANAGEMENT SERVICES

A Framework for Virtual Enterprise Support Services

Developing in the MDA Object Management Group Page 1

Fax No: (0360) , Academic Plan

2011: Section 408 Application Kansas Progress Report

Microsoft HPC. V 1.0 José M. Cámara (checam@ubu.es)

Application Frameworks before System Frameworks. An OOPSLA 2000 Practitioner s Report Jon Hancock - jhancock@patternware.com

Clinical Knowledge Manager. Product Description 2012 MAKING HEALTH COMPUTE

Modelling the Business Case Study 3 Attendance Monitoring Project and Enterprise Architecture

Concepts and Architecture of the Grid. Summary of Grid 2, Chapter 4

BPMN Fundamentals. BPMI Meeting #12. London, United Kingdom May 13-14, Stephen A. White, IBM Notation Working Group Chair

Building Web-based Infrastructures for Smart Meters

Engineering Access Control for Distributed Enterprise Applications

4.2 Project Procurement and Design

Project Description. Understanding PKI

Business Process Management and IT Architecture Design. The T case study. Dr. Jana Koehler Olaf Zimmermann IBM Zurich Research Laboratory

Customer Support Policy

Status of the CORBA Firewall Traversal RFP

Midwest Big Data Hub Le#ers of Intent for NSF

HL7 and Service-oriented Architecture (SOA) Ambassador Briefing

Community Systems Management Open Source COSMOS Creation Review

Abstract

Accelerating Health Data Interoperability Unique Device Identification for Postmarket Surveillance and Compliance Workshop

Connecticut Retirement Security Board Request for Information For

Products & Services Catalog

Enterprise Integration EAI vs. SOA vs. ESB

DEPARTMENT OF THE ATTORNEY GENERAL TAX & CHARITIES DIVISION ANSWERS TO FREQUENTLY ASKED QUESTIONS ABOUT HAWAII'S CHARITY REGISTRATION REQUIREMENTS

Object Caching in a Transactional, Object-Relational CORBA Environment

Red Hat ISV Program Guide

COLLEGE OF WESTERN IDAHO. Request for Proposal WEBSITE REDESIGN SERVICES. Due: November 8, 2010 At 5:00 p.m. Deliver to:

CORPORATION FOR PUBLIC BROADCASTING Request for Proposals Moderated Online Focus Groups and Data Analysis

SUBMISSION FROM CITY OF EDINBURGH COUNCIL

Learning GlassFish for Tomcat Users

Transcription:

Object Management Group Framingham Corporate Center 492 Old Connecticut Path Framingham, MA 01701-4568 Telephone: +1-508-820 4300 Facsimile: +1-508-820 4303 Healthcare Security Framework Request For Proposal OMG Document: corbamed/97-11-04 DRAFT 0.1 Submissions due: <month name e.g. January> <day>, <year> Objective of this RFP The complexity of the healthcare security problem domain requires exercising more sophisticated security policies rather than the general policies used in the CORBA Security service. This complexity leads system developers to proprietary solutions on top of security provided by ORB systems. At the same time, commonality of business domain tasks and security requirements across healthcare computing environments promotes and requires exercising fine grained security policies in a uniform and standard way. This RFP solicits proposals for healthcare security frameworks based on the CORBA Security service. Such a framework will provide a uniform way for healthcare systems to enforce domain-oriented security policies. For further details see Chapter 6 of this document. Healthcare Security Framework RFP November 7, 1997November 6, 1997 1

6.0 Specific Requirements on Proposals 6.1 Problem Statement CORBAservices and CORBAfacilities provide a general-purpose infrastructure for developing distributed object systems in a broad range of specialized vertical domains. The CORBA Security service is one of this kind. The CORBA Security service is meant to provide a versatile set of mechanisms to enforce diverse security models. Some of these models require application systems to be aware of security. Upcoming CORBAmed specifications and experience from the first medical application systems based on CORBA technology reveal the necessity of sophisticated security models in medical systems. Such security models currently require application system vendors to implement complex security policies. This RFP seeks to provide a security framework based on CORBA Services and CORBA Facilities, specifically on the CORBA Security service, that will allow exercising healthcare domain-oriented complex security policies in a portable and interoperable fashion across healthcare enterprises. 6.2 Scope of Proposals Sought Healthcare Security Framework (HSF) is sought to be a framework that will allow application systems to be unaware of advanced security policies existing in healthcare enterprises where those systems are deployed. The first step in designing HSF is to find solutions for currently clarified problems. Other iterations of HSF will address issues that are subtle or do not even exist today. The main challenge of expressing real-life healthcare security constraints in terms of OMA-based specifications layered on top of existing CORBA Security is a necessity to enforce, and administrate finer granularity security policies. The granularity of such policies has to be up to the level of method input arguments and output results. For a discussion of this issue, see CORBAmed Security White Paper listed in section 6.4. Healthcare Security Framework RFP November 7, 1997November 6, 1997 2

6.3 Relationship to Existing OMG Specifications HSF is sought to reuse CORBAservices and CORBAfacilities extensively. The CORBA Security service is expected to be the main building foundation for the framework. 6.4 Related Documents and Standards Object Management Group, CORBAservices: Common Object Services Specification, Security Service Specification Person Identification Service (PIDS) specification work in progress Draft "CORBAmed Security White Paper" OMG document number: corbamed/97-11-03 Green paper on Applicability of CORBA Security to the Healthcare Problem Domain OMG document number: corbamed/97-09-11 6.5 Mandatory Requirements Proposals shall reuse the CORBA Security service as a foundation for the intended framework and honor the ideology of the service design. Proposals shall provide capabilities of enforcing fine granularity security policies on the following entity types: Domain::Interface::Method input argument values Domain::Interface::Method output argument values and return result value Proposals shall provide capabilities of enforcing fine granularity security policies, listed in this subsection, on minimally security-aware applications. I.e. an application shall not do more than consulting with decision objects that are external to the application. The list of types of security policies that proposals shall provide is the same as the CORBA Security service specifies. Proposals shall provide an administrator interface to manage such policies. Healthcare Security Framework RFP November 7, 1997November 6, 1997 3

6.6 Optional Requirements Proposals may provide capabilities of enforcing and therefore administrating fine granularity security policies on the following entity types: Day and time when service is accessed Location of an invoking principal Proposals may support the ability to specify security policy administration capabilities that utilize the notion of person identification and/or traits associated with it, according to the final specification of the Person Identification Service that is soon to be adopted. 6.7 Issues to be discussed Proposals should discuss how new CORBAmed specifications will employ HSF. Proposals should discuss how existing CORBAmed specifications are to be modified. 6.8 Evaluation Criteria The following criteria will be applied during the evaluation process: Whether the proposals are consistent with the CORBA Security service ideology. Whether the proposals allow enforcement of security policies described in the Mandatory Requirements section on security unaware applications. Whether the proposed solutions are potentially scalable. 6.9 Other information unique to this RFP TBD Healthcare Security Framework RFP November 7, 1997November 6, 1997 4

6.10 RFP Timetable Approx Day The timetable for this RFP is given below. Note that the TF may, in certain circumstances, extend deadlines while the RFP is running, or may elect to have more than one revised submission step. The latest timetable can always be found in the Member Services section of OMG s Web page (URL http://www.omg.org/) Event or Activity Actual Date Preparation of RFP by TF Approval of RFP by Architecture Board Review by TC ( Three week rule ) 0 TC votes to issue RFP <approximate month> 60 LOI to submit to RFP due January <day>, <year> 120 Initial submissions due January <day>, <year> 134 Voter registration closes January <day>, <year> 141 Initial submission presentations January <day>, <year> Preliminary evaluation by TF 240 Revised submissions due January <day>, <year> 261 Revised submission presentations January <day>, <year> Final evaluation and selection by TF Recommendation to AB and TC Approval by Architecture Board Review by TC ( Three week rule ) 330 TC votes to recommend specifications <approximate month> 360 BOD votes to adopt specifications <approximate month> Healthcare Security Framework RFP November 7, 1997November 6, 1997 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information