August 25, 2015 Security WG Conference Call

Attendees

Back to Security Main Page

Agenda DRAFT

1. ( 5 min) Roll Call, Agenda Approval
2. ( 5 min) Approve August 18 Meeting Minutes
3. ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson, Mike, Dave
4. ( 5 min) Joint Vocabulary Alignment Update - Diana
5. ( 5 min) PSAF Update - Kathleen (same as agenda item #7/done at same meeting)
6. ( 25 min) FHIR Security Discussion
   • Note that DSTU2 publication deadline is this Sunday. So all changes must be voted on TODAY. All CPs that we can't come to an agreement on today must be deferred!
   • 8595 add two codes to provenance-participant-role for assembler and composer (Kathleen Connor) Persuasive
     • As discussed by Kathleen last week
   • 5395 RIM mappings
     • Kathleen to provide RIM Mappings
   • 6354 W3C Prov mapping
     • Kathleen offered to determine if there is anything more from this CP beyond what we have already aligned.
   • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) Considered for Future Use
     • Request to pull from block vote. (per Kathleen via e-mail 8/24) Reason: In support of Gary Dickenson, based on consideration during multiple Security and CBCC WG calls to add REL vocabulary to the comprehensive ProvenanceEvent value set, which includes all event codes in selectable sub-value sets] so that implementer can decide which value set is most appropriate to their use case.
     • The block vote recommendation is simply to place the work outside DSTU2 and inside DSTU2.1(3) timeframe
   • 5525 Consent Directive does not appear to be aligned with the 80% (Lloyd McKenzie) Considered for Future Use
     • Request to withdraw for discussion (per Kathleen via e-mail 8/24) Reason: Does not appear to reflect WG position
     • The block vote recommendation is simply to place the work outside DSTU2 and inside DSTU2.1(3) timeframe
   • Motion to approve Block 1
   • Motion to approve both Provenance and AuditEvent as Maturity level 1 -- See FHIR Maturity Model
7. ( 5 min) October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items
   • SOA/Security/CBCC joint Ballot Reconciliation - time requested for TUESDAY Q2
8. (as time allows) Open FHIR Items

FHIR CPs - Block 1

• 3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) Considered for Future Use
• 7701 2015May core #992 - Need to categorize person signing (Ioana Singureanu) Not Persuasive
• 7565 2015May core #856 - Fix link (Kathleen Connor) Persuasive
• 8595 add two codes to provenance-participant-role for assembler and composer (Kathleen Connor) Persuasive
• 5694 Request for new security label for when content is removed from a resource for operational reasons (Grahame Grieve) Persuasive with Mod
• 5935 "Break the Glass" Method Description in Security Labels Section is Very Limiting (Ed Costello) Persuasive with Mod
• 6256 define entity and how is different from agent (Eric Haas) Persuasive with Mod
• 7750 2015May core #1071 - Rationalize the design of Provenance Resource and decouple from AuditEvent. (Kathleen Connor) Persuasive with Mod
• 8359 ATNA REST action codes do not cover DSTU2 operations (Ewout Kramer) Persuasive with Mod
• 8589 QA: All properties are included in the Summary (Brian Postlethwate) Persuasive with Mod

Meeting Minutes

Agenda approved

Meeting Minutes for August 18 approved with one minor editorial (Motion John/Ken) 12 approve; 0 against; 0 abstentions

SOA-PASS Access Control Services Conceptual Model

• 90% complete; remains on track per Diana, Mike
• submission extended to Wednesday 8/26
• main items covered the functional model which laid out the architecture.

Joint Vocabulary Alignment

• met today
• an hour was spent on the definition of verify
• process is slow
• Diana will investigate additional definitions and begin a conversation offline (via e-mail)
• extended definitions
  • multiple definitions are discouraged to avoid orphans
  • suggested that definitions are tied to a specific use case

PSAF

• concentrating on FHIR Provenance
• addressing the CPs, mappings and making the changes to reflect what is in the PSAF model
• some additional modeling can be done in provenance, but a conclusion is needed

FHIR

Note that deferred means that we will be picking up the CP next week.

1. 8595 add two codes to provenance-participant-role for assembler and composer (Kathleen Connor) Persuasive
2. 5395 RIM mappings
   • Kathleen to provide RIM Mappings
   • Motion made to accept this CP (John/Kathleen)
     • Spreadsheet link: http://gforge.hl7.org/gf/download/docmanfileversion/8877/13429/FHIR%20Audit%20and%20Provenance%20v3%20v2%20map.xlsx
   • Call to Vote: All those in favor of CP going forward as proposed

Objections: none; Abstentions: 2 (Serafina, Bill K); Motion Passes: 13

1. 6354
   • agree with Gary, addressed part of the W3C model that we want to put into FHIR
   • Recommend to DEFER the Vote for this CP (John/Kathleen)

Objections: none; Abstentions: none; Motion carried: 15

1. 6303
   • we are still harmonizing the vocabulary; recommend to defer until after this weekend and to pick up next week as we begin DSTU2.1
     • no change, remains in the block vote
2. 5525
   • no change, remains in the block vote

MOTION: approve the block vote as originally published (John/Kathleen), EXCEPT #3654 which was voted to be deferred

Objections: none; Abstentions: none; Motions Passes: 14

(Gary Dickinson joined as part of this vote)

Regarding the maturity model as part of FHIR

MOTION: That the committee vote to increase the maturity model to level ONE. (John/Kathleen)

Discussion: none

Objections: none; Abstentions: none; Motion Passes: 14

Meeting adjourned at 1300 PDT --Suzannegw (talk) 16:05, 25 August 2015 (EDT)