DSML: new XACML transport binding for e-healthcare projects

Readers of this blog and avid followers of the XACML TC will of course remember that the XACML standard does not provide any particular transport binding for its request / response protocol making XACML a particularly loosely coupled and versatile standard. To date, the XACML TC has defined one profile, the SAML 2.0 Profile of XACML, which does offer the means to transport XACML requests and responses inside a signed SAML assertion. But it is possibly not enough for all deployments and there has been a lot of buzz around a REST-based transport binding.

A few years ago, Axiomatics was chosen to implement XACML-based fine-grained authorization for patient data in the National Patient Record service in Sweden. The idea is to enable secure patient data exchange across multiple sites nationwide (from clinics to hospitals to doctors) with the patient’s consent and of course keeping in mind a ‘break-the-glass‘ strategy. All these are fairly standard features of XACML.

I was lucky enough to talk to Finn Frisch, VP Business Development at Axiomatics, about this project and the new developments it brought about. Sweden is a large country, extremely rural with the exception of a handful of cities mainly in the south. Mr. Frisch added that due to the ruggedness of the country and the harsh climatic conditions, transport was a critical aspect to a successful nationwide patient data exchange service. In his own words, existing transport protocols e.g. SAML, SOAP and RMI all of which Axiomatics support, would not scale in such conditions. Mr. Frisch, a native of neighboring (and equally hostile weather-wise) Norway, then devised a new transport for XACML requests and responses which he dubbed DSML as in Dog Sled Markup Language (illustration below).

“No matter the weather conditions or the location of clinics, surgeries, or medical centers, fine-grained authorization can now be delivered nationwide, 24/7, in any circumstances” explains Mr. Frisch. “This is a milestone in e-healthcare and we are proud to be leaders in that space” he concluded.

A new transport binding for XACML
