Security Working Group Meeting

Back to Security Main Page

Attendees

• Bill Braithwaite
• Jon Farmer
• Rob Horn
• Vannak Kann
• Jim Kretz
• John Moehrke Security Co-chair
• Milan Petjovic
• Pat Pyette
• Scott Robertson
• Ken Salyards
• Cliff Thompson
• Richard Thoreson CBCC Co-chair
• Serafina Versaggi scribe
• Tony Weida

Agenda

1. (05 min) Roll Call, Accept Minutes September 7th 2010 Security Conference Call, Call for additional agenda items & Accept Agenda
2. (05 min) Pat Pyette - PASS Audit Update
3. (05 min) John Moehrke - John’s updates regarding the Risk Assessment
   • Suzanne Gonzales-Webb - follow up on Action Item, (see below)
4. (45 min) Security and Privacy Ontology project
   • Security Ontology discussion on LOINC table mapping to RBAC objects. Table provides a connection from the ontology to portions of (possibly) SNOMED CT which is part of the project scope.
   • Ontology updates from Tony.

Minutes

1. Action Items

from August 10th -follow up with Education Committee for next steps in advancing the Cookbook for approval as part of the HL7 Development Framework Note: " Modification of the HDF is not an Education Work Group responsibility. Suggested changes to the HL7 development process to include security risk assessment should be made to the Modeling and Methodology IMnM) work group and perhaps the Architectural Review Board (ARB). " per AbdulMalik of the Education Committee (3-mail received on 9/11/2010) 'Suzanne will continue action item and follow up with the MnM and ARB.'

2. Resolutions - none

3. Updates/Discussion

• Suzanne motioned to accept minutes of 9/7/2010; seconded by Scott Robertson. Vote: No negatives; Pat Pyette abstained.

PASS Audit Update

• Please sign up for the ballot and provide comments, if you haven’t already
• We won’t be holding another Monday PASS meeting until after the HL7 WGM in October
• John asked whether there has been discussion within the PASS WG about the upcoming Australia WGM as the co-chairs have been requested to ask each WG to consider whether they will participate.
  • Pat indicates that as yet, the topic has not been raised.

Security Risk Assessment Update

• Security Risk assessments have been conducted for two projects:

1. CDA R2 Implementation Guide for Consent Directives
2. PASS Health Care Audit

• The two pilot risk assessments provided an opportunity to test the process and served as input to a tutorial that will be presented at the Cambridge Work Group Meeting.
• John has drafted the text addressing the one risk consideration identified for the CDA IG which will be added to the post-May 2010 ballot reconciliation version of the publication (section 1.9 – Security Considerations). The text will be reviewed by the CBCC WG during the next hour for approval.

Security and Privacy Ontology Project

• Tony confirmed with Mike that his intent for next steps is to map LOINC to the HL7 Permission Catalog Objects
• Tony looked into SNOMED and compared SNOMED to the 105 Permission Catalog objects. There are 199 concepts in the relevant part of the SNOMED hierarchy, particularly the Record artifact concept and its decedents. His guess is that this part of SNOMED has not received much attention.
  • The organization of the hierarchy is somewhat questionable. But it could be that using LOINC and SNOMED as the source for extending the coverage of the RBAC catalog would make sense.
• John Moehrke mentioned that Bernd Blobel has significant experience in developing ontologies and has suggested BFO as appropriate upper-level ontology upon which to base and advanced clinical genomic trials on cancer ACGT). I don’t know if we’ve looked at these.
  • BFO was discussed early on in this and the SOA ontology project when the project charters were being crafted. There was some reservation on behalf of the ArB regarding the use of BFO, as it was thought to be too academic and not clear what the value would be for us to use it.
• Bernd may bring up the issue during the face-to-face work group meeting in Cambridge.

Tony presented the latest updates to the OWL ontology which is posted at: Include link to current version of the ontology.

• There have been a number of download attempts for both the OWL files and the supporting material (Word documents) so people are showing interest.
• Tony has not received comments in response to the material to date, but he is not assuming that no word means there are no issues or concerns that others may have.
• Some proposed naming conventions for some of the concepts within the ontology:
  • Constraint catalog – to bundle constraints
  • Permission catalog – to bundle permissions
  • Roleset– a bundle of collection of security roles that organization might be administering
• This is a slightly different naming convention. Tony proposes to use the term Catalog to represent more formalized, re-usable resources such as HL7 and the VA are developing and the term Set for things that are used to bundled things together alone.
  • So the Roleset class is just the thing that aggregates all the security roles that an organization has following that naming convention.
  • Feel free to provide feedback regarding the proposed naming convention and/or anything else within the draft ontology
• The initial focus has been to complete the representation of the HL7 RBAC Permission Catalog. As time goes on, we’ll be able to use the ontology as a vehicle for talking about hoe connections can be made in terms of areas of privacy and areas of security. And we can tie in other ontologies like SNOMED to be able to capture the medical subjects of privacy/security concerns.
• The recent objective has been to load the record and workflow objects form the Permission Catalog – so now all 8 workflow objects as well as a collection of record objects are included in the ontology.
  • Protégé adds single quotes to a name if the name includes parenthesis (e.g., ‘Admission, Discharge and Transfer (ADT)’). The quotation mark is not part of the actual name however.
  • We’re also reusing several built-in types of annotations that come with this release of Protégé; most of these are from the Dublin Core data initiative.
• Looking at some of the record objects, we see from the annotation notes that some of these objects are from the EHR functional model.
• Now that the record and workflow objects have been loaded into Protégé, we can move on to talk about strategies for categorize the objects to take advantage of using those categories to be able to express permissions at the appropriate level of abstraction
• Probably best to review the ontology off-line and come back for more detailed discussions, questions and answers.
• Two additional items that have been identified to be added to the ontology include the ASTM structural roles which are part of the VA structural roles catalog ,which we will put in as an example in a separate namespace (Veterans Health Administration), along with the functional roles. The separate namespace allows us to distinguish them from other elements that are part of the ontology.

Following the presentation, Tony took questions and comments from the group. This is the discussion that followed:

• Richard asked Tony to reiterate the goal for the ontology effort:
  • The primary goal of the ontology is to serve as a common definitive reference to the types of things we’re talking about in security and privacy so that we’re all using the same names for the same things and that they’re grounded in logical definitions.
  • The initial focus has been to complete the representation of the HL7 RBAC permission catalog and supporting elements like the examples of roles that are taken from the VA catalog. This is about Privacy as well as Security, so as time goes on, we’ll be able to use the ontology as a vehicle for talking about how connections can be made between areas of areas of privacy concerns and areas of security concerns. This will also be a vehicle to tie in other ontologies like SNOMED where appropriate, for example, to be able to capture clinical subjects of privacy concerns.
  • HL7 could present the ontology as a basis for interoperability and could be used by vendors as a point of reference material for building compliant access control decision systems. Vendors can decide whether they want to use the ontology directly in their systems or use some other approach. HL7 wouldn’t insist or even imply that this should be used directly in their systems.
• While you could use the classifier within Protégé to make decisions, there are tradeoffs to be made when you decide how to represent things in the ontology. In one approach, you could go for a very clear and direct representation of the things you’re talking about, which is good for is communication as a basis standards organizations; on the other hand, setting things up in a way to take maximum advantage of the reasoner to make decisions.
  • Example: Separation of duty constraints in RBAC – certain roles can’t be assigned to the same person at all. This is called static separation of duties. A related notion is dynamic separation of duties. In this case, while a person can have different permissions assigned at different times, the same person can’t be assigned more than one role during a single session.
• In terms of a language for representing formal ontologies, OWL has emerged as the overwhelming choice.
• In terms of tools for working with OWL, Protégé is the dominant, freely available tool, but there are also commercial tools available as well.
• There are specific representations of ontologies in the area of security and Privacy. A number of different groups, mostly academic, have looked at different perspectives as to how to represent RBAC and have come up with their own ontologies.
• People have also looked at representing XACML constructs in OWL.
• The power of OWL is not unlimited when it comes to reasoning, so often people use rules-based systems in conjunction with an OWL based ontology.
• Next week there will be more related to structural and functional roles to review in the next iteration of the ontology.
• The latest updated draft version of the Security and Privacy Ontology expressed in OWL 2 suitable for viewing with the Protégé 4.1 OWL editor can be found at:
  • http://gforge.hl7.org/gf/download/docmanfileversion/5845/7542/Ontologies2010-09-17.zip
• Updated Word document with screenshots and other information for those not using Protégé:
  • http://gforge.hl7.org/gf/download/docmanfileversion/5846/7543/HL7SecurityandPrivacyOntologyUpdate-2010-09-17.docx

• The meeting was adjourned at 2:00 PM EDT
• No significant motions or decisions were made.

Back to Security Main Page