SafeHealth Docs

SafeHealth Docs

Overview
New? Start here.
Value Creation
Sales Model
Governance Model
Delivery Model
Profile Model
Engagement Model
Revenue Recognition Model
Support Model
Concepts
What is SafeCDx?
Existing Standards as Foundations
Interoperability as a Fundamental Design Pillar
How a Connected Test gets registered and validated on the Platform
Smart Contracts, Consent, and Consent Enforcement
How an Actor gets registered and verified on the platform authenticated, authorized, and audited?
How is data exchange governed between Actors, Services, Applications, and Connectors?
How a Connected Test Transaction Works
Solution Guides
Embedded Connected Diagnostics
Care Automation
Return-to-Lab
At-Home Care
Novel Pathogen Early Detection
Primary Digital Care
Organization and Billing
Login to Safe Health
Organization Setup
Create Organization
Configure Organization
Workspace Setup
Configure Workspace
Create Workspace
Safe Health APIs
Create Service Account
How To
Make API Calls
Control API Access
Design
Architecture vs Design
Design Challenges
Design Goals
Standards Based Design
Data Standards
Design Patterns
Clinical Serialization Standards
Security Standards
Serialization Standards
Terminology Standards
Transport Standards
Stereographic Projection
Event-Driven Design
Cultural-Dependent Design
Service Interface Design
Contract-Based Design
Distributed Transaction Design
Testability Design
Code Generation Design
Science of Great User Experiences
Platform Architecture
CDx Conformance
CDX Model Conformance
CDX Server Conformance
CDX Registry Conformance
CDX Modeling Notation Conformance
CDX ESG Conformance
CDX Sidetree Conformance
Data
Bytes
Wire Protocol
Data Model
Spec Entity
Spec Clinical Entity
Spec Meta Model
Spec Clinical Meta Model
Spec Resources
Ontologies
Lifecycle
Network
Personal Area Network (PAN)
Local Area Network (LAN)
Wide Area Network (WAN)
Jurisdiction Area Network (JAN)
Transports
Transports
Transaction Management
gRPC
HTTP
GraphQL
Security
Our Approach to Security
Privacy
Consent-based Decryption
Performance
Threading Model
Extensibility
Interoperability
Systems
System of Record
Systems of Differentiation
Systems of Engagement
Configurations
Services
Connectors
Systems of Innovation
System Lifecycles
Value Planes
All Planes
Collapsed Planes
Customer Plane
Business Plane
Gateway Plane
Mesh Plane
Workload Plane
Data Plane
Event Plane
Profile Plane
Control Plane
Federation Plane
Hardware Plane
Network Plane
Physical Plane
Journeys
Actors
Users
Patients
Organization Representative
Providers
Partners
Service Accounts
System Owner Journey
System Developer Journey
System Governance Member Journey
System Consumer Journey
Patient Journey
Medical Device
Solutions
Applications
Block Chain
Visual Design
Glossary

SSO

SSO is an Authentication scheme that allows a User to login with a single ID to any of several related, yet independent, software systems. I.e.: by logging into one’s Google Account one can also log in to Trello.

The Message Protocol that is used for implementing SSO is SAML 2.0.

Advantages

Risk mitigation: a website no longer has to manage credentials for its user, another party is doing that.
No need for one more password
Simpler administration
Better network security

Disadvantages

SSO turns the system that provides Authentication into a Single Point of Failure: if that system would become unavailable, the User would no longer be able to login into any site that uses that SSO provider.
If SSO credentials or tokens are compromised, not just one service gets compromised, but many.
SSO can be subject to web filtering. I.e.: many schools block Facebook, which inherently blocks access to any website that allows SSO with Facebook.

Security

SSO is relatively Secure. Some vulnerabilities were reported in 2012 and 2014, but none have been discovered since. Guarding against XSS is crucial, though: in 2020 not having the proper XSS protections in place allowed for hijacking the SSO token, which caused a breach to several federal websites.

SSO should also be combined with Single Log-Out (SLO), which makes sure that if a User logged out from the SSO provider, that he is also automatically logged out from all the websites that use that SSO provider.

Privacy

Technically SSO can work without having to reveal identifying information like an Email Address. But often the User isn’t given the choice what information he wants to share.

Sources