Skip to main content

Spine Care Identity Service in the Path to Live environments

An overview of Spine Care Identity Service (CIS) in the Path to Live environments. 

Spine allows information held in the national systems to be securely accessed. One of the ways access is achieved is through the Care Identity Service (CIS), a role-based access control portal. 

The Spine CIS provides a series of web-based applications that administer access to the data in the national systems. The CIS service adminsters Spine users, their roles and positions and their smartcards  It also provides an authentication service used both by Spine and other applications. 
 

Authentication component

The Authentication component allows registered users to access applications using a smartcard.

The smartcard contains a certificate that is authenticated by Spine CIS. Once the card is authenticated, the access rights associated with the user are attached to a token generated by the authentication process.

The user is then presented with a screen, the Spine portal, with a list of applications. Applications the user has rights to will start when selected in the portal.

Card management system

The card management system (CMS) manages all aspects of the smartcard service. This includes creation, deletion and renewal.

The CIS manages the users and their profiles. Users are able to get new access rights based on assigned positions.

Guide to smartcard management in the Path to Live environments

The Guide to smartcard management in the Path to Live environments enables you as users of the Path to Live environments to create and manage your own smartcards to facilitate testing or training.

Under no circumstances should this guide be used for smartcard administration within the Live environment. 

Endpoint registration service

The endpoint registration service (EPR) is used to create and manage the messaging endpoints and products used by transaction messaging service (TMS) endpoints.

EPR also allows products to be associated with endpoints to be created and managed. The basic EPR tasks have been handed over to specific administrators within supplier organisations in the Path to Live environments. to speed the process up., although requests can still be made to: platforms.supportdesk@nhs.net

Endpoint registration service user guide

The Endpoint registration service user guide describes how to manage an endpoint registration request, end to end, using the endpoint registration service. 

Spine Directory Service (SDS)

The Spine Directory Service (SDS) is an LDAP repository of all data used in Spine. This includes all types of message interaction data and associated contract properties. All endpoint and product messaging data, all user profile and position data and all Role Based Access Control (RBAC) data is also held with the Spine CIS LDAP service. 

Certification data such as the Certificate Revocation List (CRL) is stored in SDS. Each Path to Live environment has its own dedicated CA and Sub CA for creating all types of certificates. This means the certificates are not cross transferable between Path to Live environments. The non-functional test environment is an exception to this rule as it uses the Development CA and SubCA to create certificates.

Common issues experienced in the Care Identity Service

Details of common issues experienced in the Care Identity Service and how to resolve them. 

Path to Live environments this service is available in

Spine Care Identity Service (CIS) can be found in the following environments: 

Development

Integration

Deployment

Training

Last edited: 14 June 2019 2:47 pm