Authorization+Framework+Page+1

**1.1 Introduction**
The Nationwide Health Information Network (NHIN) Foundation specifications define the primary set of services and protocols needed to establish a messaging, security, and privacy foundation for the NHIN. It is upon this foundation that the functional set of NHIN web service interfaces operates.

This specification does not describe a web service interface. Instead, it defines the required exchange of information describing the initiator of a request between Health Information Organizations (HIOs) participating as nodes on the NHIN. The purpose of this information exchange is to enable a responding NHIO to evaluate the request based on the information contained in the initiating NHIOs assertions and its own local policies and permissions. This Authorization Framework specification is foundational to the NHIN and applies to every message.

**1.2 Intended Audience**
The primary audiences for NHIN Specifications are the individuals responsible for implementing software solutions that realize these interfaces at Health Information Organizations (HIOs) who are, or seek to be, nodes on the NHIN network. HIOs which act as nodes on the NHIN are termed NHIOs. This specification document is intended to provide an understanding of the context in which the web service interface is meant to be used, the behavior of the interface, the Web Services Description Language ( WSDLs) used to define the service, and any Extensible Markup Language (XML) schemas used to define the content.

**1.3 Business Needs Supported by this Specification**
In order to evaluate a request sent by an initiating NHIN node, a responding NHIO must be supplied with a standard set of information which characterizes the initiator of the request. The NHIN Authorization Framework specification defines this information as well as the mechanism for its exchange. Further, the Authorization Framework is required to support two of the NHIN’s central design principles:


 * Local Autonomy** – acknowledges that the decision to release information from one NHIN node to another is a local decision is governed by Federal and State regulations and local policies and permissions specific to the responding node. Given this principle, NHIN transactions must include information about the requestor (or sender, depending on whether it is a push or pull transaction) in order to enable the responding node to make a decision about whether to participate in the requested information exchange.


 * Local Accountability** - each NHIN node is accountable for the accuracy of the information it provides to assist the decision making process embodied in the local autonomy principle. This includes end-user authentication assertions.

Together with the NHIN Messaging Platform, this specification is part of the NHIN’s messaging, security, and privacy foundation. All other service interface specifications assume this foundation.

1.4 Referenced Documents and Standards
The following documents and standards were referenced during the development of this specification. Deviations from or constraints upon these standards are identified below. 1) **Org/SDO name:** OASIS **Reference # / Spec Name:** Assertions and Protocols for Security Assertion Markup Language (SAML)  **Version #:** v2.0  **Underlying Specs:**  **NHIN Deviations or Constraints:**  **Link:** []

2) **Org/SDO name:** OASIS **Reference # / Spec Name:** Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare  **Version #:** v1.0  **Underlying Specs:**  **NHIN Deviations or Constraints:**  **Link:** []

3) **Org/SDO name:** OASIS **Reference # / Spec Name:** Authentication Context for Security Assertion Markup Language (SAML)  **Version #:** v2.0  **Underlying Specs:**  **NHIN Deviations or Constraints:**  **Link:** []

4) **Org/SDO name:** OASIS **Reference # / Spec Name:** Web Services Security: SOAP Message Security  **Version #:** v1.1 (WS-Security 2004)  **Underlying Specs:**  **NHIN Deviations or Constraints:**  **Link:** []

5) **Org/SDO name:** WS-I **Reference # / Spec Name:** Security Profile  **Version #:** v1.1  **Underlying Specs:**   · Transport Layer Security v1.0   · XML Signature v1.0   · Web Services Description Language (WSDL) v1.1   · Symmetric Encryption Algorithm and Key Length AES 128-bit   · X.509 Token Profile v1.0   · Attachment Security v1.0  **Link:** []

**1.5 Relationship to other NHIN Specifications**
This specification is related to other NHIN specifications as described below.

· **Messaging Platform –** specifies a base set of messaging standards and web service protocols which must be implemented by each NHIN node and applies to all transactions. All NHIN inter-nodal messages are SOAP messages over HTTP using web services, must be encrypted and digitally signed. Together with the Messaging Platform, the Authorization Framework defines the foundational messaging, security and privacy mechanisms for the NHIN.

The Authorization Framework is not specifically related as part of a transaction to the NHIN Discovery and Information Exchange Services. Rather, it describes the information which must accompany the requests enabled by each of these NHIN web services. **Home Next Page**