Feburay 27, 2018 PSAF Call
|.||Member Name||.||Member Name||.||Member Name||.||Member Name|
|.||John Moehrke Security Co-chair||x||Kathleen Connor Security Co-chair||.||Alexander Mense Security Co-chair||.||Trish Williams Security Co-chair|
|x||Christopher Shawn] Security Co-chair||x||Suzanne Gonzales-Webb||x||Mike Davis||x||David Staggs|
|.||Mohammed Jafari||x||Beth Pumo||.||Ioana Singureanu||.||Rob Horn|
|x||Diana Proud-Madruga||x||Francsico Jauregui||.||Joe Lamy||.||Galen Mulrooney|
|.||Paul Knapp||.||Grahame Grieve||.||Johnathan Coleman||.||Aaron Seib|
|.||Ken Salyards||.||Jim Kretz||.||Gary Dickinson||x||Dave Silver|
|.||Oliver Lawless||.||||.||David Tao||x||Greg Linden|
- (3 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of the Feb. 20th Minutes
- (2 min) TF4FA NIB Submitted - See below.
- (50 min) Security and Privacy Domain Analysis Model updates Focused discussion on updates to the TF4FA Model - Mike Davis and Chris Shawn
NIB: HL7 Security WG is developing an overarching Privacy and Security Framework Architecture [PSAF] based on foundational standards: ISO/IEC 10181-3 and ISO 22600. PSAF is the unifying framework for all HL7 Privacy and Security standards, and now includes a Trust Framework for Federated Authorization [TF4FA]. TF4FA includes a conceptual information and behavioral model in separate volumes. It has been balloted once for comment and twice as informative, and is being balloted in May as normative. Since the last ballot of this material in YYYYMMM 2017MAY, the following changes have been made: The May 2018 Normative version of TF4FA addresses the ballot comments from the last informative ballot in May 2017 by ensuring alignment with the policy model aspects of ISO/IEC 10181-3 and ISO 22600 needed to establish trust among exchange partners, and setting aside consideration of how access control policies are implemented within trust domains. This simplification is intended to create a distinct Trust Conceptual Information and Behavioral Model component within PSAF, which can be coupled with the Privacy Access and Security Services (PASS) Access Control, Audit, and Security Labeling Services Conceptual Models. In time, we expect to update the current normative Composite Security and Privacy Domain Analysis Model to be the overarching PSAF Conceptual Information Model, which will encompass all of the new and revised classes used in the PSAF components. TF4FA includes both (1) a high-level conceptual information model, which represents the privacy, security, and trust policies within each domain that is party to a federated authorization trust contract; and (2) a high-level behavioral model of the services needed to establish such a contract at run-time. In this ballot document, the focal Trust Framework contract is an agreement among policy domains on federated authorization policies. Unique Ballot ID: V3_PSAF_R1_N1_2018MAY
- Chris chaired.
- Minutes were reviewed. Mike moved to approve. Kathleen seconded. Beth abstained because she did not attend the PSAF call on the 13th. Minutes approved 6-1-0
- Mike reviewed the updated TF4FA model, which is more closely aligned with the ISO 22600 and PONDERS model. The information model is focused only on trust rather than access control. Specifically he walked the group through both the current draft TF4FA conceptual information model, which he noted is under revision, and a TF4FA One Pager.
- PSAF calls will continue as the TF4FA ballot material is finalized.