Fwd: RESTful API to Identity Directories

60 views
Skip to first unread message

Lynn Felhofer

unread,
Jul 30, 2014, 9:26:47 AM7/30/14
to ihe-hpd-im...@googlegroups.com, Moehrke, John (GE Healthcare)
Dear HPD implementors,

Please see the following note below to the IHE ITI Technical Committee mailing list.  

Lynn


Begin forwarded message:

From: "Moehrke, John (GE Healthcare)" <John.M...@med.ge.com>
Subject: [ititech:4592] RESTful API to Identity Directories
Date: July 30, 2014 at 12:05:34 AM CDT

It has come to my attention that there is an IETF Draft standard for a RESTful API to directories. IHE could profile this standard for our HPD, CSD, and PWP needs. Those actively working on the HPD federation should also look at this as it is specifically designed to support ‘cross-domain identity management’.

 

Vendors in this space, is this implemented?

 

Providers using directories, does your deployed directory support this RESTful API?

 

See: http://www.simplecloud.info

 

 

 

John Moehrke
Principal Engineer: Standards - Interoperability, Privacy, and Security
GE Healthcare

 

M +1 920 912 8451

John.M...@med.ge.com
www.gehealthcare.com

productsecurity.gehealthcare.com

 

3200 N. Grandview Blvd

Mail stop:  WT-881

Waukesha, WI  53188

 

GE imagination at work

 


Greg Carver

unread,
Jul 30, 2014, 1:17:35 PM7/30/14
to ihe-hpd-im...@googlegroups.com, John.M...@med.ge.com
No, and no.

It's not clear to me how this is specifically designed to be cross-domain.  The closest thing I could find is the section on tenancy... which isn't a bad idea, but it proceeds to say it has nothing to say about you make that happen.  But that misses the mark for HPD+ federation anyway which is about directories distributing queries to other directories on behalf of clients.  To facilitate this, query clients are given some (minor) control over how that happens.  Nothing about SCIM seems to say you can't do that internally, but the initial HPD specifications didn't have anything there, either.  Indeed, half the point of formally specifying the federation aspect is to give the query client some control over the process without requiring every client to be aware of every possible directory it would connect to.

Finally, imo the last thing we need is another directory standard.

Greg

Moehrke, John (GE Healthcare)

unread,
Jul 30, 2014, 1:43:23 PM7/30/14
to Greg Carver, ihe-hpd-im...@googlegroups.com

I am asking not just to add another standard to the mix, but rather that we make an ‘informed decision’. The use of SOAP doesn’t inherently make your federated query easier. However it useful discussion the client applicability of REST vs SOAP.  Are we considering the ease of the client implementation, or the ease at which server implementation is?

 

Note that SCIM can still be used as the client API, with the backend based on SOAP. This is indeed what I have been developing with MHD (RESTful API) to XDS.

 

The datamodel gaps between HPD and SCIM are far more compelling. It is not clear to me how SCIM would handle extensions of the user/group datamodel.

 

John

Greg Carver

unread,
Jul 30, 2014, 2:16:06 PM7/30/14
to ihe-hpd-im...@googlegroups.com, gregory...@gmail.com
So I hope I didn't give the impression that I'm raising an objection based on soap vs json.  I have a whole lot to say about that (and lets just say I'm plenty satisfied with soap for these things), but I didn't get the impression that's what you were asking about in the original inquiry.  I think you're asking:

"Hey, have you seen this SCIM thing? It was built to federate. Is anyone using it?  Perhaps we should consider this instead of the hpd-federation cp that's coming out."

I would say that SCIM doesn't make anything easier for us.  I don't see it saying anything about federation.  It's starts with a completely different data model.  And the message format changes from dsml to some json schema they defined.  In short, it changes everything.  Imo, it doesn't address any actual issues operationalizing an hpd directory, and just sets backs adoption even further as we flounder over incompatible apis.

Greg

Gary Teichrow

unread,
Jul 30, 2014, 8:13:30 PM7/30/14
to Greg Carver, ihe-hpd-implementors
+1 generally on Greg's reply.  Interesting effort but same concerns.  Will try and read more carefully when I get a chance.  Thanks for passing along John!

g


--
You received this message because you are subscribed to the Google Groups "ihe-hpd-implementors" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ihe-hpd-implemen...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system.
Reply all
Reply to author
Forward
0 new messages