This wiki has undergone a migration to Confluence found Here
Difference between revisions of "July 28, 2015 Security WG Conference Call"
Jump to navigation
Jump to search
| Line 44: | Line 44: | ||
|- | |- | ||
|| x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | || x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||
| − | |||||| [ | + | ||||x|| [mailto: Bill Kleinebecker] |
|||||| [ | |||||| [ | ||
|- | |- | ||
| Line 74: | Line 74: | ||
==Meeting Minutes== | ==Meeting Minutes== | ||
| + | ''Meeting Minutes for July 21''' | ||
| + | * Meeting Minutes for July 21 were unanimously approved | ||
| + | |||
| + | * no additional agenda items suggested or added | ||
| + | |||
| + | '''PASS Access Control Conceptual Model (SOA)''' Update - Diana | ||
| + | * discussion on how obligation will fit into the PASS AC Model | ||
| + | * how obligations are dealt with in terms of SLS, and how to put obligations into the AC model at a higher (conceptual) level | ||
| + | * SOA meeting on Monday, discussion w/Don; placement of SOA diagram | ||
| + | ** pointed to process documents that SOA follows when completed functional model documents | ||
| + | ** based on the template (SOP/development practice) the diagrams of the FM will come after the FM model requirements | ||
| + | |||
| + | ** Kathleen would like to know why SLS is more in the weeds than obligations | ||
| + | ** ACS is a conceptual model, whereas SLS is more specific | ||
| + | |||
| + | there are some drawings in the SLS that have been adapted for that standards, with a little modification we can use those diagrams to update the SOA AC. Items will be convered ''conceptually'' | ||
| + | * in terms of behavioral modeling, | ||
| + | * Per Kathleen, there are items already in HL7 on obligations and care should be taken to align with those items. | ||
| + | |||
| + | * as an interoperability spec, we need to be able to relay that information | ||
| + | |||
| + | what the contract needs to say between the parties (what is being consumed) | ||
| + | what labels would be put on the document, including handling instructions which convey some policy. | ||
| + | |||
| + | when the obligations are a type of polcy that can be conved w security lables, but can also be enforced by custodian | ||
| + | Discussion | ||
| + | |||
| + | '''ACS Model - ''' | ||
| + | * revised version of functional model and corresponding requirements statements (v3) to Diana,Kathleen for distribution to group/for comment | ||
| + | ** biggest changes is consolidation/streamlined the authorization manager and started to promote to green level | ||
| + | ** consolidated to be cleaner (and to what Muhammad has recommend) | ||
| + | otherwise generally the same | ||
| + | |||
| + | Capabilities listing | ||
| + | * within the functional model diagram, reworked into a requirements statement | ||
| + | * in most cases, its background, or clarification. a subrequirement | ||
| + | ** recommend items should read as ''shall'' | ||
| + | ** additional recommendations noted | ||
| + | * note that guidance is heavily 'copy and paste' | ||
| + | |||
| + | what is the timeline for folks to provide comments? | ||
| + | * not specified yet | ||
| + | * items will be posted on GForge and link sent to Security WG | ||
| + | |||
| + | '''Joint Vocabulary Alignment''' | ||
| + | * preliminary guide for creating dicitionary vocabulary | ||
| + | * basic process outlined in the guide, in using the process group has come up with definitions in the viewpoint in EHR which will allow Security, Provenance and ___ and where they fit | ||
| + | * two definitions were processed (not quickly) at the last meeting; several distinctions were relayed at the last meeting making the process not quick, not repeatable. Having a process is better than where we were but the fine-grained distinctions may not relay to other languages. | ||
| + | * the notion of the extended definitions i.e. W3C mold, there is a core, one-sentence/well-crafted definition (following the rules), the extended definition contains much more detail, and in general where the definition is trying to get to. A broader description | ||
| + | * definite progress made, but there is concern on how long it will be before the definitions will be completed | ||
| + | * rules were determined from several places including Wiktionary (dictionary version of Wikipedia) | ||
| + | |||
| + | Example shown | ||
| + | |||
| + | '''PSAF Update''' - Kathleen | ||
| + | sketching out policy information models previsoulsy working on the HCS | ||
| + | in Harmonization: | ||
| + | * an e-mail thread | ||
| + | * technical conficitiaonly changes | ||
| + | * presentation by Graham/Lloyed and approved by JOhn Moehrke | ||
| + | ** in the proposal it said that the Security WG - | ||
| + | ** provenance observation | ||
| + | issue raised on governance | ||
Revision as of 20:16, 28 July 2015
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
| John MoehrkeSecurity Co-chair | Johnathan Coleman | . | Aaron Seib | |||||
| x | Alexander Mense Security Co-chair | . | Ken Salyards | x | Christopher Brown TX | |||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | . | Tim McKay | |||
| x | Kathleen Connor | . | Ioana Singureanu | . | Mohammed Jafari | |||
| x | Suzanne Gonzales-Webb | . | Darrell Woelk | . | Galen Mulrooney | |||
| x | Diana Proud-Madruga | Grahame Grieve | x | William Kinsley | ||||
| x | Rick Grow | x | Chethan Makoahalli | Lloyd McKenzie | ||||
| x | Dave Silver | x | [mailto: Bill Kleinebecker] | [ |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval, Approve July 21 Meeting Minutes
- ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson
- (10 min) ACS model - Mike/Dave Silver
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PSAF Update - Kathleen
- ( 5 min) Status of Provenance and AuditEvent subcommittee - Kathleen/John
- ( 5 min) FHIR Security Discussion Block Vote for approval August 4
- ( 5 min) October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items
- Please send any agenda items to Suzanne
FHIR AuditEvent Block Vote
- 7432 2015May core #720 - AuditEvent requestor (Helen Broberg) Not Persuasive
- 7565 2015May core #856 - Fix link (Kathleen Connor) Not Persuasive with Mod
- 8123 AuditEvent constraints are too tight (Lloyd McKenzie) Persuasive
- 6233 AuditEvent confusion on 'idenfier' elements that are actually strings. Affects understanding as well as search (which should not be token) (John Moehrke) Persuasive with Mod
- 6269 AuditEvent needs a Participant userId type code to explain how to understand the value in userId (e.g. Patient ID in CX form) (John Moehrke) Persuasive with Mod
- 7431 2015May core #719 - AuditEvent source identifier (Helen Broberg) Persuasive with Mod
- 7564 2015May core #855 - AuditEvent.event value set is a mess (Kathleen Connor) Persuasive with Mod
Meeting Minutes
Meeting Minutes for July 21'
- Meeting Minutes for July 21 were unanimously approved
- no additional agenda items suggested or added
PASS Access Control Conceptual Model (SOA) Update - Diana
- discussion on how obligation will fit into the PASS AC Model
- how obligations are dealt with in terms of SLS, and how to put obligations into the AC model at a higher (conceptual) level
- SOA meeting on Monday, discussion w/Don; placement of SOA diagram
- pointed to process documents that SOA follows when completed functional model documents
- based on the template (SOP/development practice) the diagrams of the FM will come after the FM model requirements
- Kathleen would like to know why SLS is more in the weeds than obligations
- ACS is a conceptual model, whereas SLS is more specific
there are some drawings in the SLS that have been adapted for that standards, with a little modification we can use those diagrams to update the SOA AC. Items will be convered conceptually
- in terms of behavioral modeling,
- Per Kathleen, there are items already in HL7 on obligations and care should be taken to align with those items.
- as an interoperability spec, we need to be able to relay that information
what the contract needs to say between the parties (what is being consumed) what labels would be put on the document, including handling instructions which convey some policy.
when the obligations are a type of polcy that can be conved w security lables, but can also be enforced by custodian Discussion
ACS Model -
- revised version of functional model and corresponding requirements statements (v3) to Diana,Kathleen for distribution to group/for comment
- biggest changes is consolidation/streamlined the authorization manager and started to promote to green level
- consolidated to be cleaner (and to what Muhammad has recommend)
otherwise generally the same
Capabilities listing
- within the functional model diagram, reworked into a requirements statement
- in most cases, its background, or clarification. a subrequirement
- recommend items should read as shall
- additional recommendations noted
- note that guidance is heavily 'copy and paste'
what is the timeline for folks to provide comments?
- not specified yet
- items will be posted on GForge and link sent to Security WG
Joint Vocabulary Alignment
- preliminary guide for creating dicitionary vocabulary
- basic process outlined in the guide, in using the process group has come up with definitions in the viewpoint in EHR which will allow Security, Provenance and ___ and where they fit
- two definitions were processed (not quickly) at the last meeting; several distinctions were relayed at the last meeting making the process not quick, not repeatable. Having a process is better than where we were but the fine-grained distinctions may not relay to other languages.
- the notion of the extended definitions i.e. W3C mold, there is a core, one-sentence/well-crafted definition (following the rules), the extended definition contains much more detail, and in general where the definition is trying to get to. A broader description
- definite progress made, but there is concern on how long it will be before the definitions will be completed
- rules were determined from several places including Wiktionary (dictionary version of Wikipedia)
Example shown
PSAF Update - Kathleen sketching out policy information models previsoulsy working on the HCS in Harmonization:
- an e-mail thread
- technical conficitiaonly changes
- presentation by Graham/Lloyed and approved by JOhn Moehrke
- in the proposal it said that the Security WG -
- provenance observation
issue raised on governance
