Saturday, March 2, 2013

SecurIt Trustbuilder

One of the sessions I am looking forward to at Pulse is "IAM-1390 : A Cloud Security Platform Offering Simple, Secure and Fast Digital Access to Flemish Authorities Resources" which is presented by Marc Vanmaele from SecurIT.

This implementation was done leveraging a product from SecurIT called Trustbuilder which looks like a good way to implement a couple of quite thorny but very interesting use cases.

Healthcare payers and provider 

In the US healthcare systems there is a lot of billing transactions happening between the provider of services and the payers of services as well as intermediaries in the chain. The actual entering of claims is usually done by specialized professionals called medical coders. It is very common that a specific medical coding professional works for multiple provider organizations which requires that a single physical user can take on multiple roles (i.e. on Monday GP coding for hospital A, on Tuesday to Thursday oncology coding for practitioner group B, on Fridays dental coding for doctor Z). This requirement is hard to meet in OOTB TAM but it seems like you have added an abstraction layer to better support context aware identification. 
This capability is also very useful in Medical Health Record systems such as drug manufacturers patient registries. The conventional solution would be custom code or XACML but it would be interesting to see how Trustbuilder stacks up. A little more detail on patient registries.

FDA regulated organizations and digital signatures 

The step up authentication capability could be used to meet the regulations from Food and Drug Administration on digital signatures (21 CFR part 11). Standard TAM lacks the ability to enforce an additional atomic authentication event triggered by access to a certain sets of URLs. You could of course implement this with a callback from the application code to the TAM authorization server but this requires modification of the application code which may be impractical or impossible if you’re a using a commercial of the shelf application. 

Pre pulse 2013

Pulse 2013 is coming up fast and furious and I am packing my bags.

If anyone of my readers is interested in meeting me in person and are attending Pulse I will be part of the panel for "IAM-2297: Best Practices in Adopting Identity and Access Management" which will take place in MGM-Grand  Room 122 at Tuesday 5-6 pm.

The talk will be centered around two questions:
  • How do you run a successful IAM program?
  • How do you mature the IAM program to a business service?
If this sounds interesting then please come and listen to me and hopefully I won't bore you too much.

This years program contains a long list of very interesting sessions but as I have been unable to figure out how you make the Pulse homepage when and where a specific session happens still haven't got a real plan for what sessions to attend.

One session I will make sure to attend is the "IAM-1390: A Cloud Security Platform Offering Simple, Secure and Fast Digital Access to Flemish Authorities Resources" that is presented by Marc Vanmaele from SecurIT. SecurIT won the IBM 2012 Beacon award for TrustBuilder which is an extension of IAM/TAM that adds some very interesting capabilities in some areas that are quite far away from the state och federal government sectors.