Differences between secure and unsecure adapter web service requests

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Differences between secure and unsecure adapter web service requests

duncan
I was comparing the secure and unsecure patient discovery adaptor web service requests and was a little surprised at the differences between the two requests and wanted to confirm this is expected.

For example, the first element in the soap envelope in the unsecured request is RespondingGateway_PRPA_IN201305UV02Request while the secure request starts one layer down the hierarchy with the element PRPA_IN201305UV02

Sample Unsecure Request

 <soap:Body>
   <RespondingGateway_PRPA_IN201305UV02Request xmlns="urn:hl7-org:v3" xmlns:ns2="urn:gov:hhs:fha:nhinc:common:nhinccommon" xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns4="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade">
            <PRPA_IN201305UV02 ITSVersion="XML_1.0" nullFlavor="">

Sample Secure Request

<soap:Body>
   <PRPA_IN201305UV02 xmlns="urn:hl7-org:v3" xmlns:ns2="http://www.w3.org/2005/08/addressing" xmlns:ns3="urn:gov:hhs:fha:nhinc:common:nhinccommon" xmlns:ns4="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade" xmlns:ns5="http://www.hhs.gov/healthit/nhin" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns7="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns8="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" ITSVersion="XML_1.0" nullFlavor="">

Is this expected?

The secure request also does not include the assertion in the soap body. Perhaps this is by design, as the information is included in the SAML headers, but makes it reasonably tricky to switch between the two adaptors.

Duncan
Reply | Threaded
Open this post in threaded view
|

RE: Differences between secure and unsecure adapter web service requests

matt w

Hi Duncan, you are correct the wsdls are different because the secured versions translate the CONNECT assertion element into an actual SAML assertion, while the unsecured version just keeps CONNECT assertion element.

 

This is one of those things that is like this because it’s always been like this. I see your point about it raising the bar to go between secured and unsecured, but I also think it would be weird to essentially have the assertion information in the message twice in secured.

 

I think we are open to ideas about how to make these interfaces more usable, but that’s a ways out on the roadmap. One thought I have had is that maybe adapter “secured” should just be SSL/TLS as opposed to SSL/TLS + SAML. At a high level I don’t know that SAML has a place in a message between gateway and adapter, it seems like SSL/TLS should be sufficient. Do you have any thoughts on how you would like it to work?

From: duncan [via CONNECT Forums] [mailto:ml-node+[hidden email]]
Sent: Wednesday, November 13, 2013 9:32 PM
To: Weaver, Matthew (CGI Federal)
Subject: Differences between secure and unsecure adapter web service requests

 

I was comparing the secure and unsecure patient discovery adaptor web service requests and was a little surprised at the differences between the two requests and wanted to confirm this is expected.

For example, the first element in the soap envelope in the unsecured request is RespondingGateway_PRPA_IN201305UV02Request while the secure request starts one layer down the hierarchy with the element PRPA_IN201305UV02

Sample Unsecure Request

 <soap:Body>
   <RespondingGateway_PRPA_IN201305UV02Request xmlns="urn:hl7-org:v3" xmlns:ns2="urn:gov:hhs:fha:nhinc:common:nhinccommon" xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns4="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade">
            <PRPA_IN201305UV02 ITSVersion="XML_1.0" nullFlavor="">

Sample Secure Request

<soap:Body>
   <PRPA_IN201305UV02 xmlns="urn:hl7-org:v3" xmlns:ns2="http://www.w3.org/2005/08/addressing" xmlns:ns3="urn:gov:hhs:fha:nhinc:common:nhinccommon" xmlns:ns4="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade" xmlns:ns5="http://www.hhs.gov/healthit/nhin" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns7="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns8="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" ITSVersion="XML_1.0" nullFlavor="">

Is this expected?

The secure request also does not include the assertion in the soap body. Perhaps this is by design, as the information is included in the SAML headers, but makes it reasonably tricky to switch between the two adaptors.

Duncan


If you reply to this email, your message will be added to the discussion below:

http://forums.connectopensource.org/Differences-between-secure-and-unsecure-adapter-web-service-requests-tp7579222.html

To start a new topic under CONNECT Users, email [hidden email]
To unsubscribe from CONNECT Forums, click here.
NAML