Identyfikacja lekarza okiem developera

O systemie medpass


Medpass to niezależny system logowania dla medycyny, który w zależności od uprawnień pozwala uzyskać dostęp do specjalistycznej wiedzy w portalach medycznych.

Instalacja medpass


Instalacja Medpass jest prosta i bezpłatna. Skorzystaj z gotowych bibliotek i przykładów (php, ruby, asp).
więcej.

Medpass API


Medpass API pozwala właścicielom stron komunikować się z systemem Medpass i budować bezpieczne społeczności lekarzy i pacjentów.
więcej

5 listopada 2010

[eng] How to implement MEDPASS?

Filed under: Inne

Medpass is an independent authentication system for medical industry, which provides an access to the expert knowledge on the medical web sites and applications. It is also available for third-party sites and frees users from having to set up separate login accounts for them. The installation of the Medpass is easy and cost free. OpenID standards, which are used in Medpass, are well known for many web developers but here is some description of how to integrate Medpass for a web site or application.

Interaction sequence

As user wants to log on web site with Medpass authentication, he has to pass his Medpass login account. This login should be represented as unique login part and the openID server part. It is better to request from user just login but before sending it to server, it should be changed to full version that includes server address in it, for example: http://jkowalski.medpass.pl. Then, the web site redirects the browser to the medpass.pl, where the user can authenticate himself against the OpenID provider. After successful authentication, either with a traditional method (username and password) or with more advanced techniques (such as certificate exchange), the OpenID provider redirects the browser back to the originating web site, along with the verified user credentials.

Working with OpenID
It is important to select an OpenID compliant library compatible with you programming language. There are libraries available for Java, Python, PHP, and others. Medpass authentication has been tested against the OpenID for Rails, PHP and .NET library. For some more libraries check:

• http://www.janrain.com/openid-enabled
• http://wiki.openid.net/Libraries
• http://code.google.com/p/openid4java/wiki/QuickStart – for java

For the user, on the third-party web site, there is only basic login form with login input text-field and submit button. All the rest is done on the safe Medpass server side, which returns the status dependent on the result of logging process.

Pic. Example of login form
When an error occurs, status is set to ‘failure’. When user is authenticated successfully and redirected to the starting page (or application) from OpenID provider, there is identity and status ‘success’ returned. This identity can be used to recognize user and open new session for him. The privileges should be set based on the session.
Logging out is done on the third-party application side by closing session of the user.
It is recommended to handle the errors with some information for the user. Usually the text displayed on the screen that something has gone wrong is good enough.
Here are some working opened implementations for different programming environments. Based on data-flow in them, system Medpass can be easily adapted to any other programming language.
PHP – http://medpass.pl/medpass_login_php.zip
Rails – http://medpass.pl/medpass_login_rails.zip
.NET – http://medpass.pl/medpass_login_asp_net.zip
What do we expect from third-party web developers to be localized by the login form?
Links to:
- Password recovery procedure: http://medpass.pl/profile/forgot_password
- Registration procedure: http://medpass.pl/medpass/register
- Information about Medpass: http://medpass.pl/article/medPassLekarze
- Medpass regulations: http://medpass.pl/medpass/eula

Contact to operating personnel (help desk):
Activeweb Sp. z o.o.
3/2 Bronikowskiego st.
02-796 Warszaw
biuro@activeweb.pl
tel. +48 (22) 894 06 33
fax +48 (22) 894 66 22

Pic. Example of handling error
• http://openid.net/specs/openid-authentication-2_0.html
• http://openid.net/specs/openid-attribute-exchange-1_0.html

Working with Medpass API
Medpass is not only OpenID server. It offers also a SOAP based webservice with a lot of methods returning data about the users registered on Medpass. After authentication, there is user’s identity returned. It can be used as one of the arguments to receive information about that user.
SOAP webservice is safe and has its own security system. For more information please contact our company.

Some examples of the methods:

getUserBulletins 
Returns bulletins, which user is signed up for.
Parameters: 
- openid_url
Returns: 
- String build of firstname, firstname and lastname, login or phrase for anonymous users.
example:
<?xml version="1.0" encoding="UTF-8" ?>
<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:env=http://schemas.xmlsoap.org/soap/envelope/
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Body>
<n1:GetBulletinsResponse xmlns:n1="urn:ActionWebService"
env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<return n2:arrayType="n1:BulletinSoap[53]"
xmlns:n2=http://schemas.xmlsoap.org/soap/encoding/
xsi:type="n2:Array">
<item>
<name xsi:type="xsd:string">Poradnik Medyczny</name>
<b_id xsi:type="xsd:int">1</b_id>
<link xsi:type="xsd:string">http://poradnikmedyczny.pl</link>
</item>
</return>
</n1:GetBulletinsResponse>
</env:Body>
</env:Envelope>
getDesiredName 
Returns name of the user in accordance with the private policy.
 
Parameters: 
- openid_url
Returns: 
- String build of firstname, firstname and lastname, login or phrase for anonymous users.
example: "Jan Kowalski"
"anonimowy użytkownik"
userGetGroup
Returns group (by id) of the user (is he doctor or maybe medical student?).
Parameters: 
- openid_url
Returns: 
- Integer – Id of user’s group set in Medpass 2.0.
example:
2 #doctor
5 #Phamacist
userIsDoctor 
Returns answer (true or false) for question if user is a doctor.
Parameters: 
- openid_url
Returns: 
- Boolean
example:
True # is a doctor
False # is not a doctor

For more methods, further information and implementation details please contact our company.

Przekaż dalej znajomym:
  • Print
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Flaker
  • Grono
  • Pinger
  • Technorati
  • Twitter

Brak komentarzy »

Brak komentarzy.

Kanał RSS z komentarzami do tego wpisu. TrackBack URL

Dodaj komentarz