On the Usage of SAML Delegate Assertions in an Healthcare Scenario with Federated Communities

  • Massimiliano Masi
  • Roland Maurer
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 69)


The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions. Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data in different organizations. Concepts like interoperability, security and confidentiality are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchange amongst clinics and hospitals or even regions. For these scenarios, the problem of having authenticated transactions is crucial, in order to provide a form of authorization while accessing patient healthcare information. The IHE initiative addresses the problem by mean of SAML assertions, i.e. XML documents containing authentication statements. In this paper, we focus on the problem of propagating the authentication information of healthcare professionals amongst hospitals or regions (in the IHE jargon, communities) by relying on the delegation mechanism introduced by SAML.


Healthcare Professionals Authentication Direct Brokered Trust Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Masi, M., Maurer, R.: On the usage of SAML delegate assertions in an healthcare scenario with federated communities (full version). Technical report, DSI, Univ. Firenze - Tiani Spirit, Wien (2010),
  2. 2.
    ARGE-ELGA: Die Österreich Elektronische Gesundheitsakte (2008),
  3. 3.
    The epSOS project: a European eHealth Project (2010),
  4. 4.
    The South African Department of Health: the EHR project in South Africa (2009),
  5. 5.
    GIP DMP: Dossier Médical Personnel (2009),
  6. 6.
    The Nationwide Health Information Network (NHIN): an American eHealth Project (2009),
  7. 7.
    The IHE Initiative: IT IT Technical Framework (2009),
  8. 8.
    Health Level Seven organization: Hl7 standards (2009),
  9. 9.
    ACR-NEMA: Digital Imaging and Communications in Medicine (DICOM) (1995)Google Scholar
  10. 10.
    OASIS Security Services TC: Assertions and protocols for the OASIS security assertion markup language (SAML) v2.02 (2005),
  11. 11.
    OASIS/ebXML Registry TC: ebXML business process specification schema technical specification v2.0.4. (2006),
  12. 12.
    OASIS Web Services Security TC: WS-Trust 1.3 (2007),
  13. 13.
    Witting, K.: Cross Community Access profile (2008),
  14. 14.
    OASIS Web Services Security TC: Trust Models Guidelines (2004)Google Scholar
  15. 15.
    OASIS Web Services Security TC: SAML V2.0 Condition for Delegation Restriction Version 1.0 (2009),
  16. 16.
    Masi, M., Meoni, M.: Using Integrating the Healthcare Enterprise (IHE) profiles for an healthcare DataGRID based on AliEn. In: Emmit, AITIM (2008)Google Scholar
  17. 17.
    IHE Technical Committee: XCPD (2009),
  18. 18.
    Armando, A., et al.: Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps. In: FMSE. ACM, New YorkGoogle Scholar
  19. 19.
    OASIS Web Services Security TC: Ws-security: SOAP message security (2006),
  20. 20.
    Masi, M., Pugliese, R., Tiezzi, F.: On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 55–70. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    OASIS eXtensible Access Control Markup Language TC: Cross Enterprise Security and Privacy Authorization Profile for XACML for healthcare (2009),
  22. 22.
  23. 23.
    eXtensible Access Control Markup Language TC v2.0 (XACML): Extensible access control markup language (XACML) version 2.0 (2005),
  24. 24.
    eXtensible Access Control Markup Language TC v2.0 (XACML): SAML 2.0 profile of XACML v2.0 (2005)Google Scholar
  25. 25.
    The Liberty Alliance: Project Liberty (2010),
  26. 26.
    The IHE Initiative: IHE Access Control White Paper (2009),

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2011

Authors and Affiliations

  • Massimiliano Masi
    • 1
    • 2
  • Roland Maurer
    • 1
  1. 1.Tiani “Spirit” GmbHWienAustria
  2. 2.Università degli Studi di FirenzeFirenzeItaly

Personalised recommendations