RHEx+Materials

include component="page" wikiName="siframework" page="RHEx Header" flat = = =Clarifying Documents= =Developer Documentation= The software produced in the RHEx effort is all open source and available to the public via our GitHub site: [].
 * RHEx Overview Brief || [[file:RHEx Overview.pptx]] ||
 * RHEx Slick Sheet || [[file:Final RHEx slick sheet.pdf]] ||
 * RHEx FAQ || [[file:RHEx FAQ.docx]] ||
 * RHEx Final Report || [[file:FY 2012 RESTful Health Exchange Project Report.pdf]] ||

// The software on the RHEx GitHub site contains the following components: //

**Simple User Repository** - [] This software package is an OpenId Connect Identity Provider. An Identity Provider is a service that authenticates users and provides information about those users to other services. This package provides a web interface for creating and editing users. It also contains all of the necessary interfaces for logging in users via OpenId Connect. This project is written in Java, built with Maven and relies heavily on the Spring framework. Additionally, it is designed to work alongside the Direct Project reference implementation. Users created in the Identity Provider can be shared with a Direct HISP. Documentation is included on how to set this up.

**Patient Data Server** - [] This package can be used to simulate a clinical information store, like an electronic health record system. It provides a web interface for viewing clinical information. It integrates with OpenId Connect to log users in. It also provides RESTful web services that allow granular access to clinical data. This granular data access is protected using OAuth 2. This project is written in Ruby and uses the Ruby on Rails web development framework and MongoDB.

**OpenId Connect Gateway** - [] This component serves as a "gateway" to provide OpenId Connect login capabilities to existing web applications. The way this project works is that it is installed "in front" of an existing web application. That means the gateway receives a web request before it is passed along to the existing application. If the web request comes from an unauthenticated user, the gateway handles redirecting them to an OpenId Connect Identity Provider and the associated transactions to log them in and obtain their information. Once logged in, the gateway will pass along information about the user as part of the web request, specifically as an HTTP request header. This component is based on an architectural approach typically taken by single sign on solutions, where the login capabilities are externalized from the existing web application. This project is written in Ruby.

**Simple RHEx Web Application** - [] This is a basic web application that relies on the OpenId Connect Gateway. It allows for the upload and viewing of documents, restricting access using OpenId Connect. It serves as a very basic demonstration of the capabilities of OpenId Connect. It is written in Ruby and relies on Ruby on Rails and MySQL.

**RHEx Test Client** - [] This is a software tool that programmatically tests software services conformance to the RHEx profiles and related standards. It is written in Java.

// The following software components are extensions of existing community open source projects to suit the needs of the RHEx project. The modifications are hosted at the RHEx GitHub site: //

**devise_oauth2_providable** - [] Devise is an open source framework that allows web applications to restrict access to resources. This framework allows developers to create plugins for different forms of authentication. devise_oauth2_providable is an extension to Devise to allow it to work with OAuth2. The community version is designed to work with a relational database. The RHEx team made modifications to work with MongoDB.

**omniauth_openid_connect** - [] Omniauth is a framework similar to Devise. It is provides a system for web developers to authenticate users into web applications. This is a plug in for working with OpenId Connect. Similar to the previous project, the RHEx team modified the existing open source code to work with MongoDB.

**rack-reverse-proxy** - [] Rack is a web server framework for Ruby based applications. This project is designed to allow for the creation of "gateway"-like applications and is used by the OpenId Connect Gateway project. The RHEx team extended the open source code to allow for the adding of HTTP headers to the incoming web request. This is used for the passing of user information. =Profiles=

Draft Profiles
View the [|briefing]and [|meeting notes]for this WebEx || View the [|briefing]and [|meeting notes]for this WebEx || View the [|briefing]and [|meeting notes]for this WebEx ||
 * **Profile** || **Date** || **File** || **Google Group Thread** || **WebEx** ||
 * Draft OAuth2 Profile || 7/27/2012 || [|OAuth2 Profile] || See the public discussion on this Profile here || View the WebEx where this Profile was discussed [|here].
 * Draft OpenID Connect Profile || 7/27/2012 || [|OpenID Connect Profile] || See the public discussion on this Profile here || View the WebEx where this Profile was discussed [|here].
 * Draft Pilot Data Content Profile || 9/7/2012 || [|Data Content Profile] || See the pubic discussion on this Profile [|here] || View the WebEx where this Profile was discussed [|here]

Final Profiles
=Meeting Takeaways= RHEx Kickoff || 6/28/2012 || ||  || View on Vimeo || RHEx Charter || 7/12/2012 || ||  || View on Vimeo || RHEx Security Approach || 7/26/2012 || ||  || View on Vimeo || RHEx Security Profiles || 8/9/2012 || ||  || [|View on Vimeo] || RHEx Content Approach || 8/23/2012 || ||  || [|View on Vimeo] ||
 * **Profile** || **Date** || **File** ||
 * OAuth2 Profile || 9/26 || [[file:RHEx Pilot-Final Draft OAuth2 Profile v1-1-21 September 2012.doc]] ||
 * OpenID Connect Profile || 9/26 || [[file:RHEx Pilot_Final Draft OpenID Connect Profile v1-1_21 September 2012.doc]] ||
 * Pilot Data Content Profile || 9/26 || [[file:RHEx Pilot-Final Draft Data Content Profile-21 September 2012.docx]] ||
 * **Meeting** || **Date** || **Briefing** || **Meeting Minutes** || **Recording** ||
 * FHA Managing Board || 6/15/2012 || N/A || [[file:FHA Managing Board Q&A.pdf]] || N/A ||
 * NwHIN Power Team || 7/26/2012 || [[file:RHEx-NwHIN PowerTeam-2012-07-26-final_approved for public release_12-3256.pptx]] || N/A || Click for Audio ||
 * WebEx #1:
 * WebEx #2:
 * WebEx #3:
 * WebEx #4:
 * WebEx #5:
 * WebEx #6: RHEx Content Profiles || 9/13/2012 || [[file:WebEx 6-RHEx Data Content Profile.pptx]] || [[file:WebEx 6_Content Profile.docx]] || [|View on Vimeo] ||
 * WebEx #7: RHEx Test Framework || 9/20/2012 || [[file:WebEx 7-RHEx Test Framework Overview.pptx]] || [[file:WebEx 7_Test Framework.docx]] || [|View on Vimeo] ||
 * WebEx #8: RHEx Pilots and Lessons Learned || 9/27/2012 || [[file:Web Ex 8 - RHEx Pilots final.pptx]] || [[file:WebEx 8_Pilots and Wrap Up.docx]] || [|View on Vimeo] ||

=Glossary of Terms= A set of instructions that determine how a computer application interacts with the operating system. This contrasts with application binary interface, which interacts with the operating system and the hardware. Reference: Wiley Electrical and Electronics Engineering Dictionary || Specifies the syntax and supplies a framework for specifying the full semantics of a clinical document Reference: [|HL7 Website] || Reference: [|CONNECT Community Portal] || Reference: Direct Project Wiki || An E-Government Line of Business initiative managed by the Office of the National Coordinator for Health IT. FHA was formed to coordinate health IT activities among the more than 20 federal agencies that provide health and healthcare services to citizens. Reference: [|Department of Health and Human Services Website] || An HL7 Project to develop a pragmatic methodology for creating simplified schemas that can be transformed directly to or from normative CDA. Reference: [|HL7 Website] || Reference: [|Project hData Website] || A non-profit organization involved in development of international healthcare informatics interoperability standards Reference: [|HL7 Website] || RESTful specification for access to health data information; used in the RHEx Profile. hTs provides the HTTP semantics for accessing health data and will be secured by the mechanisms defined in RHEx Phase 1. Reference: RHEx Wiki || Enacted as part of the American Recovery and Reinvestment Act of 2009, to promote the adoption and meaningful use of health information technology. Reference: [|Department of Health and Human Services] || The United States government’s principal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Reference: [|Department of Health and Human Services] || Organizations providing the capability to electronically move clinical information among disparate health care information systems while maintaining the meaning of the information being exchanged Reference: [|American College of Rheumatology] || Describes the document content summarizing a consumer's medical status for the purpose of information exchange. The content may include administrative (e.g., registration, demographics, insurance, etc.) and clinical (problem list, medication list, allergies, test results, etc) information Reference: [|HITSP 32 Website] || A healthcare standard which uses XML for encoding of documents and breaks down the document in generic, unnamed, and non-templated sections. Reference: [|HL7 Standards] || An application-level request/response protocol that uses extensible semantics and MIME-like message payloads for flexible interaction with network-based hypertext information systems. Reference: [|Internet Engineering Task Force (IETF)] || An online service that authenticates users on the Internet by means of security tokens. Reference: [|EmpowerID] || A lightweight text-based open standard designed for human-readable data interchange. It is derived from the JavaScript scripting language for representing simple data structures and associative arrays, called objects. Reference: [|JSON.Org] || A token format for claims to be transferred between two parties encoded as a JSON object, then digitally signed. Reference: [|OAuth Working Group] || Reference: [|Department of Health and Human Services] || Set of standards, services and policies that enable secure health information exchange over the Internet. The network will provide a foundation for the exchange of health information across diverse entities, within communities and across the country, helping to achieve the goals of the HITECH Act. References: [|Department of Health and Human Services] || Multiagency team providing guidance and feedback to ONC for the development of objective criteria for evaluating the readiness of specifications for adoption as national standards. References: [|Office of National Coordinator for Health Information Technology] || Standards that specify how to perform a RESTful exchange of health data on the Nationwide Health Information Network (NwHIN). Informed by the RHEx Profile. Reference: RHEx Wiki || Reference: [|OAuth] || A consortium, originally aimed at setting standards for distributed object-oriented systems, and is now focused on modeling (programs, systems and business processes) and model-based standards. Reference: [|Object Management Group] || A staff division of the Office of the Secretary, within the U.S. Department of Health and Human Services (HHS). It is primarily focused on coordination of nationwide efforts to implement and use health information technology and the electronic exchange of health information. Reference: [|Office of the National Coordinator] || Reference: [|OpenID Connect] || Reference: RHEx Wiki || A style of software architecture for distributed systems such as the World Wide Web Reference: [|Roy Fielding] || Reference: [|Roy Fielding] || An exploratory project commissioned by Federal Health Architecture to develop a standards profile and reference implementation for a RESTful approach to exchanging health information. Reference: RHEx Wiki || A partnership with an outside organization to demonstrate the use of RHEx as a means to provide secure RESTful access to health data. Reference: RHEx Wiki || Phase of the RHEx project focused on Identity and Authentication. Phase 1 will pilot the use of OAuth2 and OpenID Connect to secure access and exchange of health data over any kind of web endpoint. Reference: RHEx Wiki || Reference: RHEx Wiki || A collection of RHEx standards (i.e., TLS/SSL), together with any constraints or additions to those standards (e.g., required use of TLS for all RHEx messages), and how they are applied to achieve the projects goal. Reference: RHEx Wiki || Protocols and specifications utilized by RHEx (i.e., Oauth2, OpenID Connect, TLS, HTTP, and hData) Reference: RHEx Wiki || HTTPS based access to health data with authentication/authorization provided by OpenID Connect and OAuth2 Reference: RHEx Wiki || Reference: RHEx Wiki || An application that allows a user to login via OpenID Connect Reference: [|OpenID Connect] || A collaborative community of volunteers from the public and private sectors who are focused on providing the tools, services and guidance to facilitate the functional exchange of health information. The S&I Framework uses a set of integrated functions, processes, and tools that enable execution of specific value-creating initiatives. Reference: S&I Framework || SOAP is fundamentally a stateless, one-way message exchange paradigm, but applications can create more complex interaction patterns (e.g., request/response, request/multiple responses, etc.) by combining such one-way exchanges with features provided by an underlying protocol and/or application-specific information. Reference: [|World Wide Web Consortium] || transfer electronic mail reliably and efficiently. SMTP is independent of the particular transmission subsystem and requires only a reliable ordered data stream channel. Reference: [|The Internet Engineering Task Force Website] || An office of the headquarters of the US Army Medical Research and Materiel Command (USAMRMC), performing medical reconnaissance and special operations to address critical gaps that are underrepresented in DoD medical research programs. TATRC fosters research on health informatics, telemedicine/m-Health, medical training systems, and computational biology, and promotes and manages science and engineering in other key portfolios. Reference: [|TATRC] || The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol (e.g., TCP [TCP]), is the TLS Record Protocol. The TLS Record Protocol provides connection security that has two basic properties; the connection is private and the connection is reliable. Reference: [|The Internet Engineering Task Force Website] || Short strings that identify resources in the web: documents, images, downloadable files, services, electronic mailboxes, and other resources. They make resources available under a variety of naming schemes and access methods such as HTTP, FTP, and Internet mail addressable in the same simple way. Reference: [|World Wide Web Consortium] || A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable Reference: [|World Wide Web Consortium] ||
 * **API** || **Application Program Interface**
 * **CDA** || **Clinical Document Architecture**
 * **CONNECT** || An open source software and community that promotes IT interoperability in the U.S. healthcare system. CONNECT enables secure electronic health data exchange among healthcare providers, insurers, government agencies and consumer services using SOAP protocol.
 * **Direct** || An NwHIN project to develop specifications for a secure, scalable, standards-based way to send encrypted health information directly to known, trusted recipients over the Internet using SMTP protocol.
 * **FHA** || **Federal Health Architecture**
 * **GreenCDA** || **Green Clinical Document Architecture**
 * **hData** || A specification for exchanging electronic health data designed for ease of implementation and improved efficiency by reducing the size of the data set, implementing a single way to represent data, and using standard web best practices
 * **HL7** || **Health Level Seven**
 * **hTS** || **hData Transport Specifications**
 * **HITECH Act** || **Health Information Technology for Economic and Clinical Health**
 * **HHS** || **Department of Health and Human Services**
 * **HIO** || **Health Information Exchange Organizations**
 * **HITSP C32** || **Healthcare Information Technology Standards Panel**
 * **HL7 CDA** || **Health Level 7 Clinical Document Architecture**
 * **HTTP** || **Hypertext Transfer Protocol**
 * **IdP** || **Identity Provider**
 * **JSON** || **Java Script Object Notation**
 * **JWT** || **Java Script Object Notation Web Token**
 * **Meaningful Use** || Starting in 2015, providers are expected to have adopted and be actively utilizing an EHR in compliance with the “meaningful use” definition or they will be subject to financial penalties under Medicare.
 * **NwHIN** || **Nationwide Health Information Network**
 * **NwHIN Power Team** || **Nationwide Health Information Network Power Team**
 * **NwHIN REST Profile** || **Nationwide Health Information Network Representational State Transfer Profile**
 * **OAuth2** || An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. Java and Ruby Open ID Connect IdPs and Authentication Module will be RHEx Reference Implementations.
 * **OMG** || Object Management Group
 * **ONC** || Office of the National Coordinator
 * **OpenID Connect** || A suite of lightweight specifications that provide a framework for identity interactions via RESTfulAPIs
 * **Patient Data Server** || RHEx Reference Implementation of the hData Transport Specification
 * **REST** || **Representational State Transfer**
 * **RESTful** || Conforming to REST constraints
 * **RHEx** || **RESTful Health Exchange**
 * **RHEx Pilot** || **RESTful Health Exchange Pilot**
 * **RHEx Phase 1** || **RESTful Health Exchange Phase 1**
 * **RHEx Phase 2** || Phase of the RHEx project focused on specifying a REST specification for access to health data information. The specification identified is the hData Transport Specification which provides the HTTP semantics for accessing health data and will be secured by the mechanisms defined in Phase 1.
 * **RHEx Profile** || **RESTful Health Exchange Profile**
 * **RHEx Standards** || **Restful Health Exchange Standards**
 * **RHEx System** || A system that implements RHEx standards, according to the RHEx profile, for access to and exchange of health data. The system will provide:
 * An OpenID Connect authentication module to identify and authenticate individuals
 * An OAuth2 authorization module to authorize services to access data on the behalf of a user
 * An OpenID Connect Identity Provider (idP) for authenticating local users at other RHEx systems
 * **RHEx Reference Implementation** || A series of software components that adhere to the RHEx profile (i.e. Patient Data Server, Ruby Open ID Connect Authentication Module, and Java OpenID Connect Identity Provider and Authentication Module)
 * **RP** || **Relying Party**
 * **S&I Framework** || **Standards and Interoperability Framework**
 * **SOAP** || **Simple Object Access Protocol**
 * **SMTP** || **Simple Mail Transfer Protocol**
 * **TATRC** || **Telemedicine and Advanced Technology Research Center**
 * **TLS/SSL** || **Transport Layer Security/Secure Sockets Layer**
 * **URI** || **Uniform Resource Identifiers**
 * **XML** || **Extensible Markup Language**

include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"