Part 2, Conversation with Martin Rosner, Continua Health Alliance About Identity Management

This week, we feature the second part of our conversation with Martin Rosner, director of standardization at Philips – North America. Rosner chairs Continua Health Alliance security and privacy discussions and contributes to relevant security initiatives within the healthcare industry. Continua Health Alliance is a non-profit, open industry organization of more than 230 healthcare and technology vendors focused on delivering interoperable health solutions. VPN Haus: Let’s talk about identity management. What is it and what role does Continua play in this process? Martin Rosner: We’ve included identity management tools in the upcoming 2011 Continua specifications to assure correct association of health information to patients’ identities. A person will typically have different identifiers at each system in a distributed architecture. For example, end users may have different credentials and means to identify and authenticate themselves across all devices deployed. The measurement device may only be able to identify the current user and assign a short and locally unique identifier to them. Such local identifiers must then be mapped to credentials on the Application Hosting Device (AHD) such that the measured data is properly linked with the correct user. Finally, such credentials on the AHD may further be mapped to multiple online systems that require uniqueness in their respective security domains. (See figure above for a diagram of the Continua interoperability paradigm including AHD.) All this implies that linking and cross-referencing identities on AHD, WAN and HRN systems should be possible. VPN Haus: Is cross-referencing these identities necessary? How would it be done? Rosner: Up to now, service providers often created a vertically integrated solution and dealt with this using manual methods,...

The World After IPv6 Day: A Conversation with Comodo's Paul Lee

We’re happy to report the Internet is still standing nearly a week after IPv6 Day. More than 400 organizations — including heavyweights like Google and Facebook – enabled the much talked-about IPv6 standard on their websites. Overall, no major outages were reported. Now what? Well, Facebook plans to leave its developer site dual-stacked, supporting both IPv4 and IPv6 and Google will enable IPv6 access for only the users of its Google over IPv6 program. At VPN Haus, we spoke with Paul Lee, director of IT at Comodo, about what his company learned from IPv6 Day. VPN Haus: Can you tell me how Comodo enabled its main page to IPv6 enabled? Paul Lee: We implemented dual stack on both the webservers (our NGINX platform that runs them), the kernel of said machines, firewalls and all of our core and edge Juniper comms equipment. We used GRE tunnels internally. [Comodo enabled 22 sites, in addition to its main page.] VPN Haus: What are the key issues and lessons that came to light as a result of this experiment – both for Comodo and on a higher-level for all participating organizations? Lee: When taking full routes from upstream providers, IPv6 has a lot more address space and so simple things like more RAM for routers is needed to hold the greater number routes (as IPv6 adoption takes hold, this will be a bigger problem). Ensuring that the kernel of machines is IPv6 enabled as well as any software running on them (can cause unforeseen issues). We learned that adoption is very small at the moment, with a greater proportion of users in...

The World After IPv6 Day: A Conversation with Comodo’s Paul Lee

We’re happy to report the Internet is still standing nearly a week after IPv6 Day. More than 400 organizations — including heavyweights like Google and Facebook – enabled the much talked-about IPv6 standard on their websites. Overall, no major outages were reported. Now what? Well, Facebook plans to leave its developer site dual-stacked, supporting both IPv4 and IPv6 and Google will enable IPv6 access for only the users of its Google over IPv6 program. At VPN Haus, we spoke with Paul Lee, director of IT at Comodo, about what his company learned from IPv6 Day. VPN Haus: Can you tell me how Comodo enabled its main page to IPv6 enabled? Paul Lee: We implemented dual stack on both the webservers (our NGINX platform that runs them), the kernel of said machines, firewalls and all of our core and edge Juniper comms equipment. We used GRE tunnels internally. [Comodo enabled 22 sites, in addition to its main page.] VPN Haus: What are the key issues and lessons that came to light as a result of this experiment – both for Comodo and on a higher-level for all participating organizations? Lee: When taking full routes from upstream providers, IPv6 has a lot more address space and so simple things like more RAM for routers is needed to hold the greater number routes (as IPv6 adoption takes hold, this will be a bigger problem). Ensuring that the kernel of machines is IPv6 enabled as well as any software running on them (can cause unforeseen issues). We learned that adoption is very small at the moment, with a greater proportion of users in...

What We're Reading, Week of 6/6

eWeek, World IPv6 Day Ends, Everyone Goes Back to IPv4 InformationWeek, Should Mobile Health Apps Be Regulated By FDA? Enterprise Networking Planet, Remote Access VPN Appliances Buyer’s Guide SC Magazine, NCP increases secure enterprise VPN server capability to offer connectivity for all mobile platforms Politico, ‘Super Wi-Fi’ network in...

What We’re Reading, Week of 6/6

eWeek, World IPv6 Day Ends, Everyone Goes Back to IPv4 InformationWeek, Should Mobile Health Apps Be Regulated By FDA? Enterprise Networking Planet, Remote Access VPN Appliances Buyer’s Guide SC Magazine, NCP increases secure enterprise VPN server capability to offer connectivity for all mobile platforms Politico, ‘Super Wi-Fi’ network in...