TLS 1.2, Server Name Indication (SNI) and SOAP via CXF
Healthcare Standards
by Keith W. Boone
8M ago
It seems that I am destined to become a deep expert in the vagaries of TLS these days.  My most recent challenge was in figuring out why Server Name Indication (SNI) extensions weren't simply working in my BC-FIPS implementation that I talked about in the last few posts. Background on SNI For a brief moment, let's talk a little about SNI.  TLS is a lower layer session protocol on top of TCP that encrypts communication.  HTTP and HTTPS are higher layer (Application) protocols on top of TLS.  When you connect to an IP address over TCP, then initiate a TLS connection, the appl ..read more
Visit website
Debugging TLS Protocol Failures in BC-FIPS and Spring Applications
Healthcare Standards
by Keith W. Boone
9M ago
Debugging TLS protocol failures can be a nightmare.  With JSSE, you can use the old standby java JVM option:      -Djavax.net.debug=ssl,handshake, data,trustmanager,help   to get detailed reporting of what is happening.  Usually that provides more than enough (in fact too much) information to debug the protocol problem, but when using BCFIPS, guess what, it doesn't work anymore.  Why? Well, while these command line arguments make debugging easier, they also transmit decrypted information to the console, which is a huge leak of encrypted information. So, what ..read more
Visit website
Dynamically Reloading TLS Trust and Identity Material
Healthcare Standards
by Keith W. Boone
9M ago
Wouldn't it be nice if you didn't have to restart your server to dynamically update keys, certificates or trust stores?  I've spend a good bit of time on this across both client and server implementations and so I have a few pointers.  If you've read the last two posts, you know I've been working through requirements and implementation.  Now I'm going to add this auto-renewal of trust and key material to that effort. Most folks will just need to deal with setting up trust and key managers for their web application.  That's fairly straightforward.  The challenge that I ..read more
Visit website
Addressing technical challenges with BC-FIPS
Healthcare Standards
by Keith W. Boone
9M ago
Last week I talked about the requirements for implementing TLS and a certified encryption module (specifically Bouncy Castle FIPS or BC-FIPS).  Today I'm going to tell you a bit more about technically how one my go about this, and the specific technical challenges that you may run into. First of all, BC-FIPS provides some installation instructions that a) no longer work with JDK-11, and b) also don't play well with Spring Boot uber-jar class loading using standard Classpath override mechanisms.  I never found root cause for this problem, all I wound up doing was simply dynamically ..read more
Visit website
TLS, FIPS and the Bouncy Castle Certified Encryption Module
Healthcare Standards
by Keith W. Boone
10M ago
Image Courtesy of Wikipedia History Becoming educated in a topic seems to offer opportunities to become yet further educated, or in other words, once you've demonstrated expertise in a particular technology, more problems related to it will come your way.  So be careful what you work on. Many years ago, I had to work out how to implement the IHE ATNA profile.  I spent quite a bit of time on this project and became rather expert at diagnosing TLS problems, and configuring Tomcat to support the IHE Audit Trail and Node Authentication Profile (ATNA).  So much so that I fir ..read more
Visit website
My HTI1 comments to @ONC_HealthIT
Healthcare Standards
by Keith W. Boone
10M ago
This is what I just submitted for HTI-1 comments.  It's a text file, not a PDF or Word document with a lovely cover letter.  ONC doesn't need all that.  It's generally ordered in the same way as their comment template, but I chose NOT to comment on a bunch of things, and I didn't label it.  Frankly, that all goes back to my first comment: This rule is so extensive, and covers so much new detail that the current deadline for submission of comments is simply too short to process the material adequately. There's a ton of small issues with spelling and grammar.  It's ..read more
Visit website
HTI1 Robin's Eggs
Healthcare Standards
by Keith W. Boone
10M ago
For those who've been reading this blog for a decade or more, you probably know what a Robin's Egg is.  For those who don't, click the preceding link. And while Robin is no longer with us, these eggs live on in her memory.  For those who want their Robin's eggs for HTI-1, you can find them here. There are two files you can grab:  An edited version of ONC's 508 Compliant Word document containing the text of the rule.  Most of the reformatting is simply adding headings to the damn thing so that it has a navigable table of contents. A spreadsheet containing all 36 tables fr ..read more
Visit website
HTI1, the raw tweet stream on the next round of @ONC_HealthIT's CEHRT requirements
Healthcare Standards
by Keith W. Boone
11M ago
 My long overdue tweet-through of @ONC_HealthIT's #HTI1 rule begins.  The stream is over 100 tweets long.  I'm making the raw data available first, I'll summarize it later. Highlights: Certification has new requirements for decision support, patient demographics, and observation and electronic case reporting (eCR), + updates to USCDI. #HTI1  The TOC provides more highlights: ONC learned from experts on commenting on long documents. They make the text available in Word, and provide a comment template. @IHEIntl and @HL7 have benefited f ..read more
Visit website
Claims Attachments and the Document Rewrite Problem -- 15 years later
Healthcare Standards
by Keith W. Boone
1y ago
In 2005 and 2006, I spent a significant amount of time explaining the "Document Rewrite" problem to the HL7 Claims Attachments (now renamed Payer/Provider Information Exchange) workgroup.  In short, if you have an existing CDA (or C-CDA) document, and now, for regulatory reasons (for example, to attach a digital signature to it), you must open and rewrite the document, for a subsequent purpose (e.g., to attach an electronic [digital] signature for Claims Attachments), you've introduced a second artifact that must be separately identified, linked to the original, and stored; increasing c ..read more
Visit website
Using Filebeats on Alpine Linux
Healthcare Standards
by Keith W. Boone
1y ago
One of the critical components for any interoperability component is monitoring.  I've played around with using ElasticSearch with SANER and used it for other projects. One of the important parts of this monitoring component is filebeat, which ships the logs to the Elastic cloud implementation.  Recently, I found that one of my AWS installation scripts stopped working over the April Fool's weekend.  All the more fool I for relying on SBEC (somebody else's code) to keep working. We use Alpine Linux as the base for many of our Docker image deployments, like many others.  ..read more
Visit website

Follow Healthcare Standards on FeedSpot

Continue with Google
Continue with Apple
OR