Windows CardSpace & Silverlight help Singapore to get easier and safer access to health data

In short: few hours ago there was the launch of the a pilot for the web portal myhealth.sg, a platform for allowing individuals to manage information about health, fitness, nutrition and so on. For the time being, the pilot will be limited to a restricted number of users. Linda was there and sent me the nice picture above. The project is the result of a partnership between the Changi General Hospital (CGH), Microsoft, NCS Group and RadianTrust. This is a fantastic app with great features, and yet another proof of the power of Siverlight. From where I stand, however, the coolest thing about this project is that the users authenticate with the application using a managed information card, backed by a hard token (Singapore’s DORIS token). Ah, and that’s also the fact that it accounts for a good percentage of the Singapore immigration stamps I got on my passport in the last year an a half/2 years (besides this and others I can’t talk about yet ;-)). The Singapore team that made this happen (among which: my dear friend Linda Chong & the excellent Lee Theng Chia from Microsoft Singapore, the superstar Lee Lup Yuen from NCS) is absolutely outstanding.

As for the post I’ve made at the conclusion of the Otto project, I can’t go in any details of the architecture here (beyond the obvious facts that you can figure out on your own). I will just walk you through the user experience, obfuscating the personal identifiable details. Also, take into account that you can’t perform the walkthrough yourself unless you are proper user of the application (with all the authentication factors).

 

The first step is, of course, landing on the main page.

Clicking on Login brings to this screen, where the user is prompted to insert his/her hard token.

Pressing OK leads to the familiar Identity Selector:

Selecting the card and clicking on retrieve starts the STS invocation; the user is prompted for the passphrase associated to the hard token.

..and we are in! After the strong authentication phase, the user can now access a number of high value services.

 

That’s it! The use of the application in itself after the authentication is out of scope for my blog so I won’t go further, however rest assured that it is really beautiful & functional at the same time.

I would like to stress even further the great value that CardSpace brings to this project.

Health care data are, perhaps even more than finance, among the most private data we own. Add to this that Singapore is one of the most security conscious countries I’ve ever visited: the level of knowledge of computer security matters among citizens, from the cab driver to the executive, never ceases to amaze me. For a security geek like me it’s paradise :-). it’s no surprise that in such an environment highly sophisticated initiatives like the N-factors DORIS hard token arise; it’s also no surprise that one would want to leverage that level of authentication for accessing high value data such as health care records.
CardSpace is the perfect mean of seamlessly blending the usage of DORIS, an already existing hard token, in the user experience of the application. The card provides a very handy metaphor for users of all levels of computer literacy; the software necessary for taking advantage of the cryptographic capabilities of the hard token is already in CardSpace itself (apart from the CSP); and the adherence to the identity metasystem roles ensures correct flow of the information and opens the door for future participation to the wider ecosystem.

For the time being I won’t go further, but there still a lot to be said on this project. Again congratulations to CGH, to Microsoft Singapore, to NCS and to RT!

Let me close with the same sentence I used in a similar post, some months ago:

Kim, here’s some energy for fueling the Identity Big Bang. How about that? 🙂

 V.