This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

February 17, 2015 Security WG Conference Call

From HL7Wiki
Jump to navigation Jump to search

Meeting Information

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name
x Mike DavisSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards . Don Jorgenson
. Trish WilliamsSecurity Co-chair . Gary Dickinson . Tim McKay
x Kathleen Connor . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Paul Knapp . Galen Mulrooney
x Diana Proud-Madruga . Reed Gelzer x William Kinsley
x Rick Grow . [mailto: Oliver Lawless] . [mailto: Lloyd McKenzie]

Back to Security Main Page

Agenda DRAFT

//Need to update//

  1. (05 min) Roll Call, February 10 Meeting Minutes
  2. HL7 Security January 2015 WGM Minutes Review and approve
  3. (10 min) FHIM S&P Modeling Project Wiki and Call Logistics - Kathleen
  4. (10 min) Vocabulary Alignment Project - Diana/Reed
  5. (as time allows) FHIR disposition - review/discussion, ongoing agenda item
    1. Prepared to be ready to Vote
      1. 5393 -- Jan 2015 Ballot Comment #282
      2. 5394 -- Jan 2015 Ballot Comment #283
      3. 3945
      4. 5658 -- Update the ASTM signature purpose with definitions from the ASTM specification
    2. Ready for Discussion
      1. 3411 --Source should be removed from Provenance Agent Role valueset (deferred)
        1. I think we should evaluate all of the vocabulary in Provenance Agent Role against W3C. It seems that when we looked at this last week the W3C had a very small value-set that was more clear that it was roles that could create/update content. Where as the vocabulary today in FHIR is larger and less clear.
        2. Need someone to suggest the harmonized list. I think Kathleen said she would show us this trimmed version.
      2. 5398 Jan 2015 Ballot Comment #287
        1. Expand on Provenance.agent.reference to include the same capability to reference specific FHIR objects as SecurityEvent has. I think this is ready for vote, but likely needs discussion first.
      3. 5541 -- Add best practice narrative on suppressing data for client access of a resource
        1. I think this is a duplicate of 3945, in the to be voted on list above. Presume when we add the item, we add narrative. Or we could change 5541 into narrative for the security page, or http page, or query page… need discussion.
      4. 3298 Binary resources can be subverted for cross-site scripting
        1. Need someone knowledgeable in the vulnerability and attack to write a paragraph
      5. 5525 -- Consent Directive does not appear to be aligned with the 80%
        1. Read all the comments in the CP and discuss.
  6. (05 min) Other business, action items, and adjournment

Meeting Minutes

Approval of meeting minutes and agenda

  • Meeting minutes from February 10 were unanimously approved.
  • Meeting minutes from the HL7 WGM in San Antonio in January were unanimously approved.

Update: FHIM S&P Modeling Project - Kathleen

  • Discussions are continuing, and are focused on the ambiguity about the type of provenance involved and the boundaries between the types of provenance, and the functionality of FHIR SecurityEvent and provenance. Graham Grieve states provenance is prospective and SecurityEvent is retrospective.
  • The provenance discussions will have to be settled and John needs to receive all input and changes to the FHIM model by March 22.

Update: Vocabulary Alignment Project - Diana

  • At this week's EHR Interoperability WG meeting, members agreed to develop the project to include the development of a model that will enable the group to communicate its progress with the broader HL7 community.

FHIR Dispositions: FHIR disposition - review/discussion, ongoing agenda item

    1. Prepared to be ready to Vote
      1. 5393 -- Jan 2015 Ballot Comment #282 see 2/10 vote
      2. 5394 -- Jan 2015 Ballot Comment #283 see 2/10 vote
      3. 3945 -- add a new value to the issue type valueset MOTION: Suzanne, second: Alex, clarification discussion; objections: 0, abstentions:0 Motion Passes: 7-0-0
      4. 5658 -- Update the ASTM signature purpose with definitions from the ASTM specification
    2. Ready for Discussion
      1. 3411 --Source should be removed from Provenance Agent Role valueset
        1. I think we should evaluate all of the vocabulary in Provenance Agent Role against W3C. It seems that when we looked at this last week, the W3C had a very small value-set that was more clear that it was roles that could create/update content, whereas the vocabulary today in FHIR is larger and less clear.
        2. Need someone to suggest the harmonized list. I think Kathleen said she would show us this trimmed version.
      2. 5398 Jan 2015 Ballot Comment #287
        1. Expand on Provenance.agent.reference to include the same capability to reference specific FHIR objects as SecurityEvent has. I think this is ready for vote, but likely needs discussion first.
      3. 5541 -- Add best practice narrative on suppressing data for client access of a resource
        1. I think this is a duplicate of 3945, in the to-be-voted-on list above. Presume when we add the item, we add narrative. Or we could change 5541 into narrative for the security page, or http page, or query page...needs discussion.
      4. 3298 Binary resources can be subverted for cross-site scripting
        1. Need someone knowledgeable in vulnerability and attack to write a paragraph
      5. 5525 -- Consent Directive does not appear to be aligned with the 80%
        1. Read all the comments in the CP and discuss.
Retrieved from "https://wiki.hl7.org/w/index.php?title=February_17,_2015_Security_WG_Conference_Call&oldid=97153"