June 03, 2014 Security WG Conference Call
Attendees
| Member Name | Present | Member Name | Present | Member Name | Present | ||
|---|---|---|---|---|---|---|---|
| Mike Davis Security Co-chair | x | John Moehrke Security Co-chair | x | Trish Williams Security Co-chair | |||
| Bernd Blobel, Security Co-chair | Johnathan Coleman | x | Kathleen Connor | x | |||
| Duane DeCouteau | . | Reed Gelzer | Suzanne Gonzales-Webb CBCC Co-chair | x | |||
| Rick Grow | x | David Henkel | x | Mohammed Jafari | |||
| Don Jorgenson | Diana Proud-Madruga | . | Harry Rhodes | ||||
| Ioana Singureanu | . | Alexander Mense | x | Ross Freeman | . | ||
| Amanda Nash | Walter Suarez | . | Tony Weida | x | |||
| Chris Clark | . | Paul Petronelli | . | Aaron Seib | . | ||
| Alexander Mense | . | . | . |
Agenda
- (05 min) Roll Call, Approval of May 27 Meeting Minutes
- (10 min) Security WG Resolution to FMG/TSC that the development and management of FHIR Resources within scope of Security WG projects be under the control of the Security WG - Kathleen
- (10 min) Clarification for FHIR Liaison duties - Paul Petronelli
- (10 min) Trust Policy Vocabulary - Kathleen
- (05min) Other business, action items, and adjournment
Meeting Minutes DRAFT
Minutes Summary
HL7 Security WG May 27, 2014 Conference Call - Minutes were approved.
Role of FHIR Liaison - Security and CBCC should have the same relationship with their FHIR Liaison.
- Kathleen proposed to make an official statement to the Security WG affirming that we own our FHIR resources.
- Kathleen also proposed that any and all Security-related discussions be handled on the Security WG listserv; John will bring these discussions forward to the teleconference as an open forum.
- It was determined that we would go to John on decisions and updates that are being made in reference to FHIR
MOTION: (Kathleen/John M) John Moehrke will officially be made the Security Representative with FHIR with all the rights and privileges thereof. Objections: None, Unanimous approval
Role of RBAC in FHIR - Mike does not see a large role for RBAC in FHIR, except within an organization to provide rules for an individual to access the resources. He does not see a need for cross-organizational roles to be developed here.
- Mike, however, is much happier with ABAC, where individuals would have attributes or clearances. He questioned what RBAC would be doing in FHIR.
- It is different terminology. When John thinks of roles that users are assigned to, they are based on grouping mechanisms for users instead of grouping mechanisms for permissions. That requires nothing....
- Mike added: "I'd assert that resources are ready by default. We've added security tags to the resources, which allow us to do attributes, which then allows us to tag specific pieces of an object."
Trust Policy Vocabulary - Kathleen Diagram shown (add link)
PSS for Natural Language - Suzanne confirmed that the PSS is moving forward.
Meeting Adjourned at 2:58 PDT --Rgrow (talk) 17:25, 6 June 2014 (UTC)
