This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 FHIR Security 2016-3-15

From HL7Wiki
Jump to navigation Jump to search

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics


Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver x Rob Horn x Judy Fincher
x Diana Proud-Madruga . Beth Pumo x Oliver Lawles


  • Roll; approval of agenda and March 1, 2016 minutes
  • Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
  • CPs for Review
    • Security CP 9563 Add onBehalfOf to Signature datatype - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer.
      • Review John's interaction diagrams for Provenance and AuditEvent showing how these may be generated by both the user system and the recipient server.
      • Discuss Homework for alternatives using XADES and for "onBehalfOf" - such as UCC "personal representative" as the name of the proposed Signature datatype element. Also, alternative and broader definitions not limited to delegation.
      • See John's comment in this CP for additonal information.
    • Review deferred Security PC 9407 Align AuditEvent and Provenance action/activity element definition Continue work on activity definitions.
    • RE: 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod: Consider use cases and modeling to clarify whether both and Provenance.entity should both have associated lifecycle elements in terms of W3C PROV differentiation of "activity" such as "generate" and the attribute edges that indicate lifecycle such as "was generated by".

Other CPs for Review

    • 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
    • 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
    • 9150 Provenance TODO section cleanup (John Moehrke) None
    • 9151 AuditEvent has TODO section to be removed (John Moehrke) None
    • 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
    • 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
    • 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
    • 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
    • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None


  • TBD chaired.
  • TBD approval of agenda and minutes.
  • Discussed John's planned interaction diagrams to shows:
    • Provenance Interactions
      • Generation of a Provenance Resource recording the user agent activity that caused the
      • Possible linking of the user's Provenance Resource to a Resource that the user POSTS/PUTS on or TRANSFERS to a FHIR Server and possible persistence by the Server.
      • Generation of a Provenance Resource recording the Server's CREATE/UPDATE
    • AuditEvent Interactions
      • Generation of AuditEvent Resource recording the actions on the system triggered by the user agent and facilitating agent activities [e.g., user authenticating, system handshakes required for transfers, etc.]
      • Generation of AuditEvent Resource recording the actions by the Server.
  • RE: Security CP 9563Add onBehalfOf to Signature datatype
  • Alternative approaches were discussed, including using XADES delegation and countersigning capabilities.
  • Oliver asked how certificate management is handled for Signature. John walked us through the FHIR XML Signature discussion, which recommends using XADES-X-L or XADES-X where certificates are well managed and CRLs [certificate revocations] are well managed. He gave some background about the development of these recommendations.
  • Conclusion: Create comparable structure of "who" for a new "representing" element with URI and reference. Rename Signature.blob to "Signaure.evidence". John moved, Glenn seconded. Motion carried 7-0-0.
  • Discussion of Security CP 9417 Add lifecycle elements to Provenance - Diana, Glenn, and John discussed the history of the Lifecycle codes in RFC 3881. Glenn and John both stated that Gary Dickinson had provided these as an initial way to track lifecycle. Diana and Kathleen pointed out that the usage described indicated that this was the lifecycle of data objects, which may be much more granular than record entries. Kathleen noted that since Gary has addressed the use of lifecycle codes in DSTU2 EHRS Functional Model - Record Lifecycle Events Implementation Guide there was no reason to add the lifecycle element to Provenance. She asked for a motion that this CP be withdrawn. John moved, and Glenn seconded. 7-0-0.