February 8, 2011 Security Conference Call
Security Working Group Meeting
- Chirag Bhatt
- Mike Davis Security Co-chair
- Jaime Delgado
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Michelle Johnston
- Diana Proud-Madruga
- Eva Rodriguez
- Richard Thoreson CBCC Co-chair
- Tony Weida
- Craig Winter
Agenda and Meeting Minutes
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) Responses to DMAG-UPC HL7 Comments2.docx Jaime Delgado, Tony Weida
- (15 min) Demonstration of recent updates to the Security-Privacy ontology Tony Weida
- (15 min) Ontology - Discussion of next steps Tony Weida, Mike Davis
Discussion notes are below. Links to documents referenced are as follows:
- DMAG UPC HL7 Comments
- Comments2 responses from Tony
- Responses to DMAG-UPC HL7 Comments2.docx
- DMAG Contribution to HL7 Security and Privacy Ontology, discussed and 2011 Jan 18 meeting
- slide deck
Tony – this is my personal opinion; if the group wishes to go in a different direction we will go with that. Jaime – If you are convinced that this is the right solution then we are okay with this.
Second Section (Number 2) On the Class restrictions to model assignment of users to roles relates NurseNightingale to nurse roles; part of the description is the fact (not sure if this is mine or Jaime’s) the point is there is a class restriction on the role that there is some 'NursePractionerFunctionalRole' which is being assigned without naming it specifically where as when we assign the user as part of the assignment we give a name (NurseNightingale) this goes back to a discussion from a previous role.
The position of Spain was we were to include more individuals in the examples in order to instantiate more of the exams; in this case in terms of OWL representation. In the end I agree to add the individual; object property restrictions have local implication for object proper assertions. If I’m understanding this turning to a specific example when we define this assignment we give it a logical restriction ‘so-called a some restriction; assignsRole some 'NursePractitionerFunctionalRole'; that instance of NursePractionerRole; even if we do not create the practitioner; the reason knows the practitioner is there. This is referred to in OWL as an anonymous individual; It’s not that there isn’t an individual; where it was previously represented it was anonymous because we had not assigned it a 'name' (it wasn’t as clear as it could’ve been; particularly for those not used to subtleties of using OWL, i.e. people who read the ballot) having exclusively named individuals may help them to understand better. Furthermore there are other advantages in naming an individual as we can take advantage of roles; rules languages have limitations of their own and work better when they have named individuals.
Jamie – I understand you are going to provide more examples for this? It will be a big help to have written direction on assigned position so that we can further discuss on this.
Tony – this will certainly involve presenting the example (text) for readers for the future consideration of ballot; should we consider modeling the ontology for a while and for long term. Should we be writing a document for readers? We can develop the document in parallel.
Jaime – Working during the ontology development would be better; I think this would be the best way. When you need to change the documentation during the implementation it would be very useful.
Tony – we can do this sooner and periodically we can add the examples where the readers can see and (text to be added)
The 3rd section is about clarification on the assignment of 'user to role in MVCO' would correspond to role in our ontology in RBAC. Collective and role are different ideas; would definitely be the best choice in corresponding to role;
Section 4 – Being able to model the activation/deactivation of role (important in RBAC); introduces a concept of session. --there is a class in session (there always have been this in the ontology)
Jaime –How is this discussed in the assignment; it does not seem to be related in the assignment or maybe the examples are incomplete.
Tony – there may have not been an instance of (text to be added)
Turning to some of the examples; this is the representation of protégé (demo-local security ontology demoLocalSecuryandPrivacy http://www.apelon.com/ontologies/DemoLocalSecurityAndPrivacy.owl the activations (which are tied directly to the session) in this representation
slide-show this captures many of the hierarchy. this diagram helps me see how the classes fit together.Just as a reminder there are organizations that have policies that have role sets and user assignment sets--which connect user identities. A user can participate in a session, as part of being in that session they can have an activation in a security role or multiple security roles and as time goes on; they can perform an access on a certain objet; that access can only be allowed.
Example: (still referring to slide deck) Hospital has an individual constraint catalog; individual roles sets; What Tony is highlighting is an individual role; appending the suffix ‘singleton'; I’m only intending to create one instance of this role; modeling decision; when modeling for hospital; I am only creating gone instance of 'AllopathFunctionalRole Singleton'; when activating the role they will be activate the same instance of the role; it does have a connection to AllopathFunctionalRole as well as
Note: There is no penalty to have more than one informational ballot in succession; this allows us to receive/review feedback. We can continue the succession unless HL7 objects. We could get early feedback for the ontology before we flesh out the privacy portion of the ontology.