Spine Care Identity Service in the Path to Live environments

Spine allows information held in the national systems to be securely accessed. One of the ways access is achieved is through the Care Identity Service (CIS), a role-based access control portal. 

The Spine CIS provides a series of web-based applications that administer access to the data in the national systems. The CIS service administers Spine users, their roles and positions and their smartcards  It also provides an authentication service used both by Spine and other applications. 

The Authentication component allows registered users to access applications using a smartcard.

The smartcard contains a certificate that is authenticated by Spine CIS. Once the card is authenticated, the access rights associated with the user are attached to a token generated by the authentication process.

The user is then presented with a screen, the Spine portal, with a list of applications. Applications the user has rights to will start when selected in the portal.

The card management system (CMS) manages all aspects of the smartcard service. This includes creation, deletion and renewal.

The CIS manages the users and their profiles. Users are able to get new access rights based on assigned positions.

Smartcard management is performed using the CIM application full guidance for using CIM can be found here

The endpoint registration service (EPR) is used to create and manage the messaging endpoints and products used by transaction messaging service (TMS) endpoints.

EPR also allows products to be associated with endpoints to be created and managed. The basic EPR tasks have been handed over to specific administrators within supplier organisations in the Path to Live environments. to speed the process up., although requests can still be made to: [email protected]

Endpoint registration service user guide

The Endpoint registration service user guide describes how to manage an endpoint registration request, end to end, using the endpoint registration service. 

The Spine Directory Service (SDS) is an LDAP repository of all data used in Spine. This includes all types of message interaction data and associated contract properties. All endpoint and product messaging data, all user profile and position data and all Role Based Access Control (RBAC) data is also held with the Spine CIS LDAP service. 

Certification data such as the Certificate Revocation List (CRL) is stored in SDS. Each Path to Live environment has its own dedicated CA and Sub CA for creating all types of certificates. This means the certificates are not cross transferable between Path to Live environments. The non-functional test environment is an exception to this rule as it uses the Development CA and SubCA to create certificates.

Details of common issues experienced in the Care Identity Service and how to resolve them. 

Spine Care Identity Service (CIS) can be found in the following environments: 

Development

Integration

Deployment

Training