OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) TC


  1. What does the OASIS XSPA Technical Committee do?

    The OASIS XSPA TC focuses on the development of healthcare profiles of existing OASIS standards used to exchange interoperable security and privacy attributes within and between organizations. "XSPA" stands for Cross-Enterprise Security and Privacy Authorization. The full charter is at http://www.oasis-open.org/committees/xspa/charter.php.

  2. What is the need for such a standard?

    The need for an XSPA profile has been identified by the security and privacy working group of the U.S. Healthcare Information Technology Standards Panel (HITSP). Operating under a contract administered by the Office of the National Coordinator for Health Information Technology (ONC), HITSP is administered by the American National Standards Institute (ANSI). Creation of the XSPA profile will meet the growing need for an interoperable standard that will allow healthcare organizations to appropriately authorize access to healthcare information.

  3. Who will benefit from XSPA?

    Healthcare providers, hospitals, pharmacies, vendors and Government healthcare regulators will benefit. Ultimately, the goal of the TC is to provide a benefit to patients that require timely access to healthcare information.

  4. What will the OASIS XSPA TC produce?

    The XSPA will produce healthcare profiles of OASIS Standards such as SAML, WS-Trust, and XACML. To accomplish this, the TC may create and approve specifications, and extensions or profiles of specifications, as needed to fulfill identified functions and use cases not satisfied by existing stable open standards. Our work will include conformance and test information as a guide for implementers of this profile. Members of the TC will participate in a planned 2009 Interoperability Demonstration of the XSPA profiles applied to HITSP security specifications.

  5. How does this work relate to other standards efforts?

    The XSPA profile will require the participation of subject matter experts in several areas, including WS-Trust, SAML, and XACML. OASIS has the unique combination of member expertise necessary to combine these standards to complete our work. Additionally, our effort will be capable of using international healthcare standards involving security and privacy authorizations from ISO and Health Level Seven (HL7) to promote interoperability.

  6. Where are the archives for the OASIS XSPA TC mailing lists?

    The archives are located at http://lists.oasis-open.org/archives/xspa/. These are publicly viewable.

  7. Who should be involved in the OASIS XSPA TC?

    Companies supporting healthcare providers, healthcare regulators, hospitals, pharmacies, patients and anyone with an interest in defining how security and privacy controls should be used in the exchange and access of healthcare information are invited to participate in XSPA.

  8. When does the OASIS XSPA TC meet?

    Meetings are held by teleconference every other week on Friday at 1pm EST. The schedule for meetings is located at http://www.oasis-open.org/committees/calendar.php?wg_abbrev=xspa.