Transcript DirectTrust Interoperability Benchmarking

Wicked Problems, Righteous Solutions:
Learnings from Two Years of DirectTrust PKI and
Interoperability Testing Experiences
DirectTrust Technical Break-out Session
March 22, 2015
Greg Meyer, Distinguished Engineer, Cerner Corporation
Luis C. Maas III, MD, PhD, CTO, EMR Direct
Real World Challenges
•
•
•
•
Technical HISP-to-HISP Solutions
Certificate Authority Solutions
Payload Realities: Collaboration between EHR Counter Parties
Workflow Definitions
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
2
Purpose of Testing:
Strengthen DirectTrust Network
• New HISP to HISP connections often result in unexpected interop issues
• Strong signaling from customer community about expectations for DirectTrust Network (and Direct in
general)
– It should “just work”
– Customers cannot tolerate unpredictable failures
• “30+ potential reference models”
– 2 Reference Implementations, a few “clean room” implementations, but no two deployments of Direct
behave exactly the same
– Pairwise testing across this variety of systems reveals unique issues
– No good way to automate HISP-to-HISP testing at a single point
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
3
Purpose of Testing:
Strengthen DirectTrust Network
• Strong community of collaborators exists within DirectTrust
– History of connect-a-thon participation, good communication
– DirectTrust Network removes uncertainty in exchange through security policies, a common Certificate
Profile, preliminary inspection by anchor bundle committee, removing incompatible certificates
• Interop testing can be performed on a continuous basis, with very little time commitment
• Demonstrate current level of success, take inventory of shortcomings
• Feedback to policy making and accreditation process
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
4
Network Interoperability Over Time
February 11 and 28, 2014
14 HISPs
May 21, 2014
26 HISPs
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
March 10, 2015
39 HISPs
5
Network Interoperability Over Time
March 13, 2015: 30 HISPs Testing
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
6
Solution Guide
General Takeaways:
1. Generate payloads, messages, MDN requests & responses as
closely to specs as possible.
2. Accept as broadly as possible.
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
7
More Specific Takeaways
• Benefits of Interoperability forum
–
–
Real human points of contact
Central location for posting common issues and status of each pairwise interaction
• Direct is transport, not workflow
–
–
–
Loose coupling between transport & workflow
Many use cases can be supported, not just Transitions of Care, View/Download/Transmit
Expecting a text part before a CCDA—coupling transport with workflow
• Trust Network Membership—a product marketing/customer messaging challenge
–
–
DirectTrust HISP can also trust non-DirectTrust HISPs outside the network
DirectTrust CA can also issue non-DirectTrust addresses that don’t interoperate with DirectTrust network
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
8
SATC Consensus Statements
November, 2014
•
•
•
•
•
Send Processed MDN unless sending immediate failure due to address not existing or otherwise
Send C-CDA as application/XML; receive as application/XML or text/XML
Direct addresses, including their domain parts, are case-insensitive
Stylesheet URIs should not reference external websites
All EHRs should support receiving of application/zip and application/octet-stream XDM
– In the short term, XD* HISPs may send outbound messages as Vanilla Direct instead of XDM ZIP for recipients who are
known to not process XDM
– Outbound XDM should be in application/zip format
• Wildcard “catch-all” addresses are permitted
• Conventional spam filtering on message content should not be performed on messages from trusted
recipients
• Blind Forwarding
– Edge protocol needs to have a mechanism for failures and require that it be used when addresses are not in use
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
9
Interoperability Solutions
(FROM: A REPORT ON DIRECTTRUST INTEROPERABILITY TESTING AND
RECOMMENDATIONS TO IMPROVE DIRECT EXCHANGE)
•
•
•
•
•
•
Better constrain the C-CDA payload
C-CDAs both via MIME and via XDM Zip are valid MU2 payloads
EHR endpoint interoperability testing
Guide to converting the XDM Zip to MIME
MDN ambiguities resolution
Resolve service level issues
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
10
Questions?
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
11