This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

July 08, 2014 Security WG Conference Call

From HL7Wiki
Jump to navigation Jump to search

Meeting Information

Back to Security Main Page


x Member Name x Member Name x Member Name x Member Name
x Mike DavisSecurity Co-chair . John MoehrkeSecurity Co-chair . Trish WilliamsSecurity Co-chair . Bernd BlobelSecurity Co-chair
. Chris Clark . Johnathan ColemanCBCC Co-Chair x Kathleen Connor x Duane DeCouteau
. Reed Gelzer x Suzanne Gonzales-WebbCBCC Co-chair x Rick Grow x David Henkel
. Mohammed Jafari . Don Jorgenson x Alexander Mense . Amanda Nash
. Paul PetronelliMobile Health Security Co-chair x Diana Proud-Madruga . Harry Rhodes , Aaron Seib
. Ioana Singureanu . Walter Suarez x Tony Weida . Paul PetronellimHealth Co-chair
. . . . . . . .

Back to Security Main Page


  1. (05 min) Roll Call, Approval of Meeting Minutes
  2. (10 min) Update: Way with Verbs - Tony
  3. (10 min FHIR disposition - review/discussion
  4. (05 min) PSS Patient Friendly Security and Privacy
  1. (05 min) Other business, action items, and adjournment

Minutes Summary

  • The project scope statement for Patient Friendly Natural Language Steering Division eVote ended on July 9, 2014. There were 3 affirmatives, 3 negatives, and 3 abstentions. Suzanne has answered two of the "negatives," but will defer the one question on FHIR to John Moehrke. She has asked the "negatives" to change their vote.

FHIR disposition - review/discussion

  • ID 3298; Summary Binary resources can be subverted for cross-site scripting
    • assigned to Duane to provide thoughts on the implication
    • assigned to Alex

Security labels in the http header that may be exposed (submitted by Kathleen) is missing

  • if you put the security labels in the body of the FHIR payload, it may not necessarily be in the clear

ID 3350; Summary: Request change to Tag

  • assigned to Kathleen; misspelling present, item should be closed.

ID 3312; Summary: Security Event for Tag modification

  • from Richard Schneider
  • Mike does not like the idea of modifying the information at will. There should be some provenance information, including who has modified it and when, etc.
  • Kathleen - this is an issue: how they can create operations and change TAGs
    • security group needs to decide on how to do updates on TAGs.
    • Mike - this could be a major role for Provenance
  • assigned to Kathleen; with help

ID 3318

  • assigned to Mike and others

ID 3310 Add additional notes to the RESTful API about security

  • assigned to Alex Mense

Mike recommends that these items are to be monitored on a weekly basis

Update: Way with Verbs - Tony

  • There are concerns with the project scope statement as well as with the governance.
  • The WwV team will meet to discuss how to move forward given the lack of communication from Steve Hufnagel of the HL7 EHR Interoperability team.
  • Tony Weida is going to take his proposed methodology and put it into a Word document.
  • Diana Proud-Madruga will work on presenting some examples using Tony's methodology while still incorporating the work that Steve is doing.

Action Items


Meeting Adjourned: 1450 PDT --Suzannegw (talk) 21:49, 8 July 2014 (UTC)

Additional minutes provided by --Rgrow (talk) 19:51, 11 July 2014 (UTC)