OASIS Members Demonstrate Interoperability of XACML Access Control Standard in HITSP Health Care Scenario

San Francisco, CA, USA; 7 April 2008 — At the RSA Conference today, members of the OASIS open standards consortium, in cooperation with the Health Information Technologies Standards Panel (HITSP), demonstrated interoperability of the eXtensible Access Control Markup Language (XACML) version 2.0. Simulating a real world scenario provided by the U.S. Department of Veterans Affairs, the demo showed how XACML ensures successful authorization decision requests and the exchange of authorization policies.

"XACML is widely regarded as the standard for solving complex access control problems in the enterprise," noted James Bryce Clark, director of standards development at OASIS. "Today’s demo shows that XACML can play a key role in health care. By successfully enforcing fine-grained access control decisions to protected health information, XACML meets HITSP’s requirements for security and privacy."

"We’re pleased to work with OASIS on addressing the very sensitive issues related to the access of patient information," said John (Mike) Davis, standards architect with the VHA Office of Information in the Department of Veterans Affairs, and a member of the HITSP Security, Privacy and Infrastructure Technical Committee. "XACML helps ensure that patients, physicians, hospitals, public health agencies and other authorized users share critical information appropriately and securely."