By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Can Thinking Younger Make You Live Longer?
    April 20, 2011
    Image
    Obesity’s Outlook Unchanged
    June 13, 2011
    When It’s An Emergency Elderly Not Treated As Well in Hospitals
    July 16, 2011
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: How To Use WebID to Create Single Sign On (SSO) Across Healthcare Systems
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > How To Use WebID to Create Single Sign On (SSO) Across Healthcare Systems
eHealth

How To Use WebID to Create Single Sign On (SSO) Across Healthcare Systems

ShahidShah
Last updated: April 15, 2013 7:49 am
ShahidShah
Share
10 Min Read
clip_image002
SHARE

 

 

I have been speaking and writing often these days about how single sign on (SSO) technologies are probably one of the most important components of health IT data integration. To help figure out how to integrate multiple systems using standards-based SSO approaches I reached out to Shahid Qadri, a Data Scientist and Software Developer for Applied informatics Inc. Qadri works on health data integration and semantic web and when I heard that he created a solution (which won second place) for an ONC single sign on challenge I thought he’d be the perfect engineer to help the rest of us. Here’s what Qadri had to say about WebID:

The Simple Sign-on challenge sponsored by the ONC through the Health 2.0 challenge was an exciting opportunity for us to learn about a sophisticated technology protocol and then being able to hack several open source system to implement a single sign on solution based on the protocol. This was a challenge that was truly a “challenge” for me, but an exciting and rewarding one (our solution was the second place winner!).

More Read

4 Tips for Using HealthCare Social Media to Attract New Patients
Is Social Media a Fit for Doctors?
Emcompassing Theory of Online Patient Diagnosticians Somewhat Overblown
The Three Pillars of Wearable Healthcare Technology
Five Reasons Why Physicians Need to Use Social Media

The challenge involved using the W3C WebID protocol to enable a single sign on across different systems used by the HealthData.gov Platform (HDP). The eventual goal of the HDP is to allow various administrators, contributors and even machines to be authenticated and authorized to access different open source systems. In a nutshell, our solution, OneLogin creates a “wrapper” over each of the systems (Drupal, Ontowiki, Virtuoso, Tomcat) that programmatically creates users within these systems with a given role and associates a given WebID with these users. Each tool’s wrapper is independent of the system and can be configured across different machines. The source code for OneLogin is available on GitHub.

clip_image002

In rest of the blog post, I will describe the background and technical details of the solution.

WebID is a W3C open standard for identity and password-less login on the Web. WebID is designed to alleviate the difficulty (and pain) of remembering different logins, passwords and settings for different websites. WebID in itself is essentially a URL pointing to a description of yourself in FOAF format. FOAF stands for Friend Of A Friend and is essentially an RDF vocabulary which allows you to describe your social web) combined with a self-signed X.509 certificate. X.509 certificates (X-men like sounding terms) are the certifications used to verify the identity of web servers via the SSL protocol. It is a secure authentication protocol utilizing FOAF profile information as well as the SSL security layer available in virtually all modern web browsers. Operationally, once you have a WebID with private key stored in your browser, logging into a website is as simple as selecting your WebID and clicking “log in”. Additionally, there are other benefits of creating a WebID. Other people can to reference you and declare social relations on the web (such as that you are their friend, colleague, parent, etc.) even when their profile is hosted on a different web server than yours. Thus the WebID can be a trusted and verified way to enable the Social Web, i.e., social networks between individuals, citizens, companies, universities, governments, while allowing each player to remain in control of their data they publish.

How Does WebID Work?

As mentioned before, the WebID is a URL, which points to a FOAF file. Now if you want to log into some site you simply provide the WebID which means to select a certificate from a list in your web browser. The server will then fetch the FOAF, extract the

certificate’s public key from it, and then ask you to prove your identity. Since you are the only one having the private key of the certificate that is easily done. And that’s it. From a high level point of view it is very simple, but getting to the nuts and bolts of it can be a challenge.
clip_image004

(Source: http://www.w3.org/wiki/WebID)

Is WebID Really Secure?
In order to secure and protect your identity two things need to be made ensured:

1. The FOAF file that your WebID URL points to should be under your control or that of a trustworthy entity, and

2. Make sure nobody steals your private key! Though, if you do lose your private key, disabling the WebID is as easy as removing the public key from your FOAF profile. Importantly, and this is a useful mechanism of decoupling the public key from the WebID url, is that replacing your public key certificate with a new one will never invalidate your WebID since it stays as a permanent identifier for yourself in the semantic web, independent of the certificate.

Building the Single Sign-on OneLogin Application

clip_image005

First we started with Drupal and added a module in Drupal for providing WebID authentication. But configuring that got a bit tricky as we got few errors while using the module. For example, after digging into the module code we found there was a bug in the import statements. After resolving this we wrote code to automatically create a user in Drupal with the specified role who can use the his/her specified WebID to log in to Drupal.

WebID Provider

Next step involved setting up our own WebID provider (the service that generates a WebID). To do this, we chose to use the open source system, Virtuoso (an enterprise grade RDF store) that we installed on one of our servers over SSL/https. It generated WebID correctly, however, the WebIDs generated from it did not pass verification test. After close inspection we found that although the certificate was generated correctly, it was not getting the FOAF data in RDF format. So we installed an RDF mapper module to fix this and then we were able to generate WebIDs correctly.

Next we worked within Virtuoso to associate its internal users with a WebID, as it had a built-in support for WebIDs. We needed to write a wrapper that can programmatically create an account in Virtuoso and associate a WebID. So we developed a wrapper in PHP and ISQL for the same (the code can be viewed here)

After configuring Virtuoso, we installed OntoWiki. We found that this platform also supports WebID authentication though it had been disabled in the current version in favor of OpenID. So we first got it enabled. Next we wrote the code to create a user and associate a WebID to it. The WebID user creation depends on the external plugin Erfurt in OntoWiki. After solving dependencies and other things we got our code working.

clip_image006

Next and last was the associating WebID with Tomcat/Solr. After basic search we found that there is a library for providing WebID authentication to Tomcat/Solr. This library was not easy to use as we needed lot changes in installation and as well as configuring this library with Tomcat/Solr, but after rigorous efforts we were able to configure it correctly (more technical details are on our blog).

In order to build the code to programmatically create users and associating a WebID we had to tweak the tomcat-users.rdf file. This is where the user list and WebID are stored as nodes. We used a PHP XML parser to append users to the RDF file (view code) .

Finally, the application was build that created users and associated a role in each system and used WebID to login to each system. Included below is a screen shot of the Application with a link to the GitHub repository of the application. A demo video is also available here.

clip_image008

Screenshot of the OneLogin Single Sign on System

TAGGED:Health IT
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

eHealthTechnology

Top 5 Emerging Technologies in Healthcare that Can Improve a Doctor’s Daily Practice

November 21, 2019
Image
Mobile Health

Mobile Health Around the Globe: C8 MediSensors in Spain

September 17, 2012

Thomas Jefferson University Hospitals Embrace Telehealth

March 4, 2015

Hospital Sued After Patient Sees Photos of Herself on Social Media

December 9, 2013
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?