Note: TOI won't be fully resolved in SDPi 1.0. But a VERY simple guidance will be added (Vol1, SDPi-P SES)
From SDPi 1.0 Workshop: David will provide a general description in SDPi-P, SES. Needs to be revisited at a later date together with Accelerator program.
Update SDPi 1.1/1.2 workshop: We have three different concerns to solve: Access control, transport layer security and establishing vendor to vendor trust. In this version, we'll document the current status.
Access control:
In the responsibility of the hospital
Currently only supported by technologically advanced hospitals
For the time beeing, we use allowlists to supplement the non-existing infrastructure (also replaces revocation of certificates) - this is burdensome for the customers but solves the problem (Format of the allowlist will be specified in version 1.3)
Technologically advanced hospitals can use their own certificates for network access but should not be involved in the trust debate
---> come up with recommendations, but no requirement for devices.
Transport layer security:
Done by TLS
Currenly mixed with layer three
Will be placed on the Glue and PKP revision agenda
---> Briefly describe current status
Compliance to standards - vendor to vendor trust
Vision: Will be done by an independent organization in the future. Supported by a SDPi conformity assessment program to pave the way.
For the time beeing, vendors sign their own certificates. Trust is established based on agreements between vendors.
---> Describe the current status and future vision.
Follow up actions are described in the related tickets (#197, #198 , #199 ).
See Topic: Security Certificate Provisioning.
Note: TOI won't be fully resolved in SDPi 1.0. But a VERY simple guidance will be added (Vol1, SDPi-P SES)
From SDPi 1.0 Workshop: David will provide a general description in SDPi-P, SES. Needs to be revisited at a later date together with Accelerator program.
Update SDPi 1.1/1.2 workshop: We have three different concerns to solve: Access control, transport layer security and establishing vendor to vendor trust. In this version, we'll document the current status.
Access control:
Transport layer security:
Compliance to standards - vendor to vendor trust
Follow up actions are described in the related tickets (#197, #198 , #199 ).