This wiki has undergone a migration to Confluence found Here
July 28, 2015 Security WG Conference Call
Jump to navigation
Jump to search
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
| John MoehrkeSecurity Co-chair | Johnathan Coleman | . | Aaron Seib | |||||
| x | Alexander Mense Security Co-chair | . | Ken Salyards | x | Christopher Brown TX | |||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | . | Tim McKay | |||
| x | Kathleen Connor | . | Ioana Singureanu | . | Mohammed Jafari | |||
| x | Suzanne Gonzales-Webb | . | Darrell Woelk | . | Galen Mulrooney | |||
| x | Diana Proud-Madruga | Grahame Grieve | x | William Kinsley | ||||
| x | Rick Grow | x | Chethan Makoahalli | Lloyd McKenzie | ||||
| x | Dave Silver | x | [mailto: Bill Kleinebecker] | [ |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval, Approve July 21 Meeting Minutes
- ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson
- (10 min) ACS model - Mike/Dave Silver
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PSAF Update - Kathleen
- ( 5 min) Status of Provenance and AuditEvent subcommittee - Kathleen/John
- ( 5 min) FHIR Security Discussion Block Vote for approval August 4
- ( 5 min) October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items
- Please send any agenda items to Suzanne
FHIR AuditEvent Block Vote
- 7432 2015May core #720 - AuditEvent requestor (Helen Broberg) Not Persuasive
- 7565 2015May core #856 - Fix link (Kathleen Connor) Not Persuasive with Mod
- 8123 AuditEvent constraints are too tight (Lloyd McKenzie) Persuasive
- 6233 AuditEvent confusion on 'idenfier' elements that are actually strings. Affects understanding as well as search (which should not be token) (John Moehrke) Persuasive with Mod
- 6269 AuditEvent needs a Participant userId type code to explain how to understand the value in userId (e.g. Patient ID in CX form) (John Moehrke) Persuasive with Mod
- 7431 2015May core #719 - AuditEvent source identifier (Helen Broberg) Persuasive with Mod
- 7564 2015May core #855 - AuditEvent.event value set is a mess (Kathleen Connor) Persuasive with Mod
Meeting Minutes
Meeting Minutes for July 21, 2015
- The minutes from the July 21 meeting were unanimously approved
PASS Access Control Conceptual Model (SOA) Update - Diana
Discussion:
- How obligations will fit into the PASS AC Model;
- How obligations are dealt with in terms of SLS; and
- How to put obligations into the AC model at a higher (conceptual) level
- At the SOA meeting on Monday, Diana had a discussion with Don regarding the placement of the SOA diagram
- Pointed to process documents that SOA follows when completing functional model documents
- Based on the template (SOP/development practice), the diagrams of the FM will come after the FM model requirements
- Kathleen would like to know why SLS is more in the weeds than obligations
- ACS is a conceptual model, whereas SLS is more specific
- There are some drawings in the SLS that have been adapted for standards; with a little modification we can use those diagrams to update the SOA Access Control document. Items will be covered conceptually
- Per Kathleen, there are items already in HL7 on obligations and care should be taken to align with those items
- As an interoperability spec, we need to be able to relay that information
- What the contract needs to say between the parties (what is being consumed)
- What labels would be put on the document, including handling instructions which convey some policy.
- When the obligations are a type of polcy that can be conveyed with security labels, but can also be enforced by custodian
ACS Model - Dave
- Revised version of functional model and corresponding requirements statements (v3) sent to Diana and Kathleen for distribution to group and comment
- Biggest change is consolidation/streamlining of the authorization manager
- Consolidated version to be cleaner
- Capabilities list
- These are listed within the functional model diagram and have been reworked into requirements statements
- In most cases, it's background or clarification (including sub-requirements)
- Recommended items should read as shall
- Additional recommendations noted
- Note that guidance is heavily "copy and paste"
- What is the timeline for folks to provide comments?
- Not specified yet
- Items will be posted on GForge and a link will be sent to Security WG
Joint Vocabulary Alignment
- Diana has created a preliminary guide for creating dicitionary definitions
- Basic process outlined in the guide; in using the process, the group has come up with definitions from the viewpoint of EHR which will allow the group to see where the definitions align with Security and Provenance
- Two definitions were processed (not quickly) at the last meeting; several distinctions were relayed at the last meeting making the process not quick and not repeatable. Having a process is better than where we were, but the fine-grained distinctions may not relay to other languages.
- The extended definitions (i.e., in the W3C mold, there is a core, one-sentence, well-crafted definition (following the rules)) cover much more detail and generally cover where the definition is trying to get to
- Definite progress made, but there is concern on how long it will be before the definitions will be completed
- Rules were determined from several places including Wiktionary (dictionary version of Wikipedia)
- Diana presented the proposed process for creating dictionary definitions for EHR Lifecycle terms.
- Two dictionary terms were attempted and agreed upon at this meeting using the proposed process.
PSAF Update - Kathleen
- Sketching out policy information models that were previously worked on in the HCS
In Harmonization:
- an e-mail thread
- technical confidentiality changes
- presentation by Graham/Lloyd and approved by John Moehrke
Meeting adjourned at 1300 PDT
