OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) TC
Enabling the interoperable exchange of healthcare privacy policies, consent directives, and authorizations
Completed:
The Technical Committee was closed by OASIS TC Administration on 16 October 2020 and is no longer active. Archives of its work remain publicly accessible and are linked from this page. OASIS appreciates the efforts of all those who participated in this TC.Table of Contents
- Announcements
- Overview
- Subcommittees
- TC Liaisons
- Technical Work Produced by the Committee
- Expository Work Produced by the Committee
- External Resources
- Mailing Lists and Comments
- Additional Information
Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare Version 2.0 has been approved as a Committee Specification. This supersedes Version 1.0.
The XSPA profile defines a set of SAML attributes and corresponding vocabularies for healthcare information exchange applications. The core use-cases are the cross-enterprise exchange of protected data objects from a Service Provider (SP) to a Service Consumer (SC).
For more information, see the announcement.
The XSPA Technical Committee has regrouped and expanded its focus to develop data segmentation and healthcare security classification profiles in harmony with HL7 and IHE. The TC has elected new leadership and is starting a new round of activities. New members are welcome.
Participation in the XSPA TC is open to all interested parties. Organizations that support healthcare providers, healthcare regulators, hospitals, pharmacies, patients and anyone with an interest in defining how security and privacy controls should be used in the exchange and access of healthcare information are invited to join. Contact member-services@oasis-open.org for more information.
The OASIS XSPA TC works to standardize the way healthcare providers, hospitals, pharmacies, and insurance companies exchange privacy policies, consent directives, and authorizations within and between healthcare organizations. The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee will specify healthcare profiles of existing OASIS standards to support reliable, auditable methods of confirming personal identity, official authorization status, and role attributes. This work aligns with security specifications being developed within the U.S. Healthcare Information Technology Standards Panel (HITSP).
For more information, see the TC Charter and FAQ
No subcommittees have been formed for this TC.
No TC Liaisons have been announced for this TC.
Technical Work Produced by the Committee
Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare Version 2.0. Edited by John M. Davis, Duane DeCouteau, and Mohammad Jafari. 23 April 2019. OASIS Committee Specification 01. https://docs.oasis-open.org/xspa/saml-xspa/v2.0/cs01/saml-xspa-v2.0-cs01.html. Latest version: https://docs.oasis-open.org/xspa/saml-xspa/v2.0/saml-xspa-v2.0.html.
Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of WS-Trust for Healthcare Version 1.0. Edited by Mike Davis, Duane DeCouteau, David Staggs, and Jiandong Guo. 01 November 2010. OASIS Standard. http://docs.oasis-open.org/xspa/ws-trust-v1.0/xspa-ws-trust-profile-os.html. Latest version: http://docs.oasis-open.org/xspa/ws-trust-v1.0/xspa-ws-trust-profile.html.
Wiki for OASIS XSPA TC member collaboration
Expository Work Produced by the Committee
Although not produced by the OASIS XSPA TC, the following information offers useful insights into its work:
Cross-Enterprise Security and Privacy Authorization (XSPA) Profile
Cover Pages 17 October 2008
xspa: the list used by TC members to conduct Committee work. TC membership is required to post. TC members are automatically subscribed; the public may view archives.
xspa-comment: a public mail list for providing input to the OASIS wsrp Technical Committee members. Send a comment or view archives.
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.