This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

May 24, 2016 Security Conference Call

From HL7Wiki
Jump to navigation Jump to search

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
x Mike Davis . Ioana Singureanu x Mohammed Jafari
x Suzanne Gonzales-Webb . Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker x Christopher Shawn
. Oliver Lawless . [mailto . Serafina Versaggi
x Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval
  2. ( 5 min) Approve deferred Security WG April 26, 2016 Minutes and Security WG May 3, 2016 Minutes
  3. (10 min) Montreal WGM Report out, Action Items, and review of draft May 2016 Montreal WGM - Security Minutes
  4. (20 min) Update on the PSAF Security Policy model - Mike
  5. (5 min) Privacy Impact Assessment Cookbook Update - Rick
  6. ( 5 min) PASS Access Control Services Conceptual Model - Diana
  7. ( 5 min) PASS Audit Conceptual Model – Diana

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

  • Chaired by Kathleen
  • Agenda approved by consensus. Minutes approval deferred
  • Approved Security WG April 26, 2016 Minutes and Security WG May 3, 2016 Minutes (Minutes Approved Suzanne, Beth, Kathleen) 3/0/0
  • Montreal WGM Report out, Action Items, and review of draft May 2016 Montreal WGM - Security Minutes

- Minutes are still under construction - various meeting were moved based on availability of participants, Met with CBCC members - Discussed primarily FHIR Consent Directive - Project Manager (Beth) of CBCC to help us meet the Ballot Freeze of July 17th - Compiling minutes due on Sunday

  • Update on the PSAF Security Policy model - Mike

-Introduction (Kathleen): Previous domain analysis Model had both Privacy and Security and Privacy component and merged them into a composite model, Dave and Mike are introducing the purpose or reviewing and rethinking the composite models and evaluate them based on current work -Presented to the Group (Mike): -Reviewed the model to rethink previous work Policy Model of 22600 with group -We believe their is a Gap Shared Policy Model of 22600 -No change to meta policy (Basic Policy) -The composite policy of relationship structure and group is the issue -The composite policy of 7498-2 there are two types of Policies highlighted (1) Initiator identity Base) and the other is (2) Resource tool based -What is missing is the Rules Based policy -10181-3 Labeling Scheme, is the classification of information objects, clearances that users have, and policies that join them -We put this under the Rules based policy -What is also missing is the notion of context -We will complete the draft as a PDF and ask for thoughts and comments -It brings in labeling of the Security labeling work from the past -ABAC Policy not being mentioned. Any scheme has ABAC (Attribute based Access Control) -Example for ABAC: If you look at a role (initiator Identity), it becomes a label, and then is put in a policy domain that relates the label/rule, it becomes a label. The Action is specified by the policy. -Diana's comment: Requests that ABAC note to explain that it has not been ignored and is part of the model -John's comment: is there some way we can be more clear that the actual access control model is not we are normitavely defining in HL7, but we are noramitavely defining the labels and policy and are known and set within ARBAC and ABAC. -Mike's comment: this model is model of policy (Composite Model) , it is not what you implement, but highlights that policy models that are available to us.

  • Privacy Impact Assessment Cookbook Update - Rick

-Formal approval process update: The domain experts of the steering division approved the PSS during the Working Group meeting in Montreal Meeting last week -PSS being forwarded to the TFC for their approval -Allot of progress on the document, working with Diana on process flows in which the standards developer in HL7 would follow -Working on the Diagramming for the Process flow document and standards -Will have it ready for review sometime next week and will distribute -Suggestion by Kathleen: To include a highlevel Diagram or tutorial artifacts from the Security assessment page. Next Step: Rick will consider after discussing with Diana and see if it is beneficial

  • PASS Access Control Services Conceptual Model - Diana

-The PSS was unanimously approved by the Steering Division in Montreal and passed to Ann W. -Ann W. It will be present to TSC -Working to collect comments -Motion Approved: Reconciliation Statement approved on 8 comments resolution for the ACS (Diana, Suzanne, Kathleen approved) 3/0/0


  • Provenance and Audit Event-John

-Putting together Agenda for this afternoons call -Only 19 items left

  • Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda