This wiki has undergone a migration to Confluence found Here
November 1, 2016 Security Conference Call
Jump to navigation
Jump to search
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | . | David Staggs | . | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
. | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) Approve Security WG October 25, 2016 call minutes
- (15 min) PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
- (15 min) SOA on FHIR Diane and Ken Rubin
- (15 min) Review and Approval of the long overdue Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- (3 min) PASS Audit Conceptual Model – Diana
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- John chaired
- Roll Call, Agenda Approval -- Mike/Glen - Unanimous
- Approve Security WG October 25, 2016 call minutes -- Beth/Diana - unanimous
- Diana and Ken on SOA on FHIR
- Service specification NSCI level II process was pre-FHIR service specification
- After FHIR if you take functions like evaluate and implement in FHIR server
- How to implement FHIR consistand SOA specs into FHIR
- Leverage FHIR artifacts to adapt to service functional model
- Resources and implementation guides used to constitute a FHIR enabled service
- Action items to adapt FHIR peces as a collection as an emerging service
- To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific
- Implementation Guide will stitch all collective pieces to create the service
- FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc
- SFM will continue to be produced
- Alot will happen in parallel
- The process will govern how SOA does its work that is service related using FHIR
- Comment: Security Work group can have FHIR Framework that would have services- Mike Davis
- Recommendation: please include Security services with Health Care services- Mike Davis
- If anyone wants updates they can subscribe to SOA list
- Mike and Dave Silver to discuss any updates to the ballot material.
- TF4FA using model open identity using trust specification
- We have a legal framework for Security and Privacy for requirements and consent
- We included certification criteria
- We included technical framework
- We maybe able to take the Trust model and make it FHIR specific
- Potentially Trust Technical Framework may match the services described for FHIR by Ken
- Models included:
- Trust services model is part of the Trust Services
- Domain Model
- Class Model- Policy info model to realize a domain policy
- Once we have trust framework services it will ultimately involve a legal framework
- Trust Services Model has seven identified services
- Requests would have user attributes, roles, clearances, and other access control information
- The purpose of use would have the User and Request attributes
- Each Domain will have Trust tokens
- Policy information Model is also included
- The context of IT841 is the security policy information File and guidelines
- Policy Vocabulary is included, as well as Policy Handeling instructions
- Kathleen mentioned need to review old ballot results next week Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana