This wiki has undergone a migration to Confluence found Here

HL7 FHIR Security 2015-11-24

From HL7Wiki
Jump to navigation Jump to search

Back to HL7 FHIR security topics

Attendees

  • John Moehrke
  • Kathleen Connor
  • Suzanne Gonzales-Web
  • Glen Marshall
  • Gary Dickinson
  •  ???
  •  ???

I seem to recall two other people KC - this is the list that I recorded.

Agenda

Kathleen

  • 9051 Remove AuditEvent.participant.role binding to http://hl7.org/fhir/ValueSet/dicm-402-roleid. Bind this value set to AuditEvent.particpant.userid (Kathleen Connor) None
  • 9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
  • 9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
  • 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None

Related to RBAC

  • 3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) Considered for Future Use

Ready for Vote

  • 9082 Update the ASTM signature purpose with definitions from the ASTM specification (John Moehrke) Persuasive

To Discuss

  • 9056 Provenance for multiple activities (John Moehrke) None
  • 7598 2015May core #889 - Can Provenance apply to a resource or just a data element (Ioana Singureanu) Considered for Future Use
  • 9078 HTTP Caching Warning for FHIR GET REST services (Kathleen Connor) None
  • 8638 how does Provenance work when deleting records (Grahame Grieve) None
  • 7597 2015May core #888 - This resource is missing any reference to the "action" performed on the entity. Is there a default "create" action or is it an omission? (Ioana Singureanu) Considered for Future Use

Other Open

  • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) Considered for Future Use
  • 7563 2015May core #854 - Expand on how to use Provenance (Kathleen Connor) Considered for Future Use
  • 7567 2015May core #858 - Provenance isn't sufficiently aligned with w3c spec (Kathleen Connor) Considered for Future Use
  • 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) Considered for Future Use
  • 7569 2015May core #860 - Clarify relationship agents and entities used in activity (Kathleen Connor) Considered for Future Use
  • 7570 2015May core #861 - Clarify relationship agents and entities used in activity (Kathleen Connor) Considered for Future Use
  • 8731 Canonicalization for signatures (Lloyd McKenzie) None
  • 8738 Unapplied QA changes around security and services (Michelle Miller) None
  • 8790 Give guidance on AuditEvent that codes don't need DisplayName populated (Paul Knapp) None
  • 8803 Provenance for a subset of a resource (Chris Grenz) None
  • 8827 Signature datatype does not include counter-signature type (John Moehrke) None
  • 9035 AuditEvent harmonizing with Provenance (John Moehrke) None
  • 9036 Handling of meta values that should force version, such as security_labels (John Moehrke) None
  • 9037 Security page should recognize HEART (John Moehrke) None
  • 7752 2015May core #1073 - Replace value set with FHIR Signer Type value set (Kathleen Connor) Not Related

Minutes

  • Discussion of AuditEvent.participant.role relative to participation role vs ACS roles.
    • Need to make the element clear as the pariticipation role
    • Need to add back into FHIR the concept of a participant.type -- human, system, process, device, other
    • Need to make clear where to pub ACS roles 9035
    • Would be good to rename the "participant" element in AuditEvent to be "agent"... as specified in
  • Motion to approve 9082 -- Kathleen / Glen : 4-0-0
  • Gary discussion of W5

Action Items