Previous: HL7 Email List setup »

Australian IHE Connectathon

Oct 12, 2012

I have been at the IHE Australian connectathon all week. I came to test the HL7Connect XDR implementation - send and receive CDA documents/packages as part of an XDS infrastructure. There’s need a little bit of confusion about XDR, quite what it is. XDR is a document push using the same interface as XDS, but without the XDS roles and so forth to back it up.So it’s just a way to transfer content. There’s no expectation about the particular contect, nor what happens after it’s transferred. From my point of view, this is interesting because it establishes the capability for placing an interface engine between the document source and the document repository in order to do the kinds of things that interface engines do - patch the data to deal with differences between the source and destination context.

Of course, people are working hard to ensure that this isn’t actually needed, but for now I’m confident that these kinds of requirements aren’t going away anytime soon. Of course, digital signature requirements stand in the way of this, and it’s going to be interesting as the goal for integrity and assurance in the documents runs into the very real world obstacles that stand in the way of integrity and assurance (and these aren’t the technical ones that the people who push the security line are thinking of).

Anyhow, the connectathon has been an interesting process, and I’ve met a bunch of new and interesting people, which has been great.

Unfortunately, I haven’t passed the tests, and haven’t gained certification. It’s not that my ATNA/XDR implementations aren’t up to scratch - they are, and we’ve been passing content around insecurely just fine. The problem is that you have to do this securely, and my SSL / certificate hacking skills haven’t been up to the task of making the IHE test certificates work. It’s not at all helped by the obscurity and arcanery of the toolkits I have available - one that won’t load the private keys with error “wrong format or password”, and one that reports “-1” whenever anything goes wrong. Even when I can step them, I don’t learn anything.

If I’m going to pass a connectathon, my knowledge and tools need to improve and order of magnitude. It troubles me somewhat that my skills to pass the connectathon testing will need to be greater than I’d need in the real world (get a proper cert from a proper CA, and use it). The connectathon requires multiple certificates from multiple custom CAs… it’s been too much for me. Of course, the problems I have might be in my SSL/TLS tooling (particularly around the network binding) - I don’t know enough to get CA verification working with them, and I don’t know why it’s not working.

I don’t know whether this IHE checking is good or not - evidently some secure communications is needed, but spending half the connectathon fighting with the libraries to get them to use the IHE certificates (I’m not the only one)… I don’t think this is a good use of connectathon time. But I don’t know what else IHE can do.

Anyway, my XDR and ATNA works, both ends. I’ll retreat and lick my wounds and work on my security skills. And for those people who think we should add security requirements for FHIR Connectathons… I don’t think that’s a good idea.