September 22, 2015 Security WG Conference Call
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | x | Duane DeCouteau | . | Chris Clark | |||
| John MoehrkeSecurity Co-chair (audio only) | Johnathan Coleman | . | Aaron Seib | |||||
| Alexander Mense Security Co-chair | . | Ken Salyards | Christopher D Brown TX | |||||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | Dave Silver | ||||
| x | Kathleen Connor | . | Ioana Singureanu | Mohammed Jafari | ||||
| x | Suzanne Gonzales-Webb | Rob Horn | . | Galen Mulrooney | ||||
| x | Diana Proud-Madruga | Ben Goodman | William Kinsley | |||||
| x | Rick Grow | [mailto: Paul Knapp] | x | Glen Marshall, SRS | ||||
| x | Debbie Bucci | . | Bill Kleinebecker | Chris Shawn | ||||
| Oliver Lawless | Rob Horn | Serafina Versaggi |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve September 15 Meeting Minutes
- ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson, Mike, Dave
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 35 min) FHIR Security Discussion from 9/15 report out - John/Lloyd/Kathleen
- FHIR ProvenanceEvent Value Set - Kathleen
- ( 5 min) PSAF Update - Kathleen
Meeting Minutes DRAFT
Approval of September 15 meeting minutes
Meeting minutes approved with amendment - Change motion that was passed at the September 15 HL7 Security WG meeting to:
"Publish now and submit additional documentation (which Kathleen distributed on the relationship of Provenance and Audit). Ask FMG for a possible extension allowing us to publish the additional documentation in 2.1"
Kathleen - Also, make it clear in the minutes that we don't have any guarantees that the additional documentation will be included in 2.1.
PASS Access Control Conceptual Model (SOA) Update
The deadline for submitting comments is Monday, Sept. 28.
Joint Vocabulary Alignment Update
- Project participants agreed to avoid arguing over nuances in the Lifecycle Event definitions.
- They will address the nuances in the identification of properties.
- The properties can be used as test criteria to see whether the term is being used in the context of a Lifecycle Event versus another context.
Question: How are you doing with the definitions?
We are already wrestling with some of the definitions from EHR to security.
(Mike) For the definitions we have, we're trying to make them perfect. We accept reasonably close things. The functional description becomes a test of the properties of the thing. In the case of ORIGINATE, it means a new or transient object that has not yet been persisted. Those are its characteristics. The things that meet those characteristics meet the characteristics of ORIGINATE. We apply an overlay to the coloring of terms that is not shared...the functionality test is an effort to eliminate that. We want to make the test the normative thing, not the vocabulary.
Summary of 9/15 FHIR discussion
Kathleen - I'd like to bring before the group the documentation that I agreed to write on the relationship between audit event and provenance resource. Mike, you said that you couldn't parse the distinction. Either we use something comparable to what I put in, or we delete it.
Mike - I tend to think that if your explanation is more confusing, it'd be better to remove it and leave it for a better day ... I'd rather that we not attempt to revise anything without John's presence. It could be a topic for the meeting when we have everybody present.
Kathleen - Unfortunately, this deal is sealed. This week is the last opportunity we have to do anything with the documentation for 2015.
Mike - Our agreement with FMG was that we could make changes in 2.1 as well...
Kathleen - No, we didn't agree to that. Per Lloyd, that is not an option. Our vote was to go with a draft and request that it be added to 2.1 over Lloyd's objections to it.
Mike - I'd oppose any motion that makes changes to where we're at right now without John's presence.
Kathleen - Okay. Then we go with the confusing statements.
Mike - So, would you like to add anything further to the report-out from September 15, Kathleen?
Kathleen - No. Other than that the co-chairs should make sure they contact FMG and clarify the revisions allowed for 2.1.
FHIR ProvenanceEvent Value Set
Included Mike's mapping, W3C, and the full set of HL7 codes related to provenance (these weren't added to the build).
PSAF Update'
Discussion w/Gary on his Track 4 and how we can exercise our understanding of FHIR Provenance and Audit Event (very much a part of PSAF in the Connectathon).
VA intends to provide support for the FHIR Audit effort and Track 4.
- Duane is on the call and is our FHIR representative for that purpose; Mike will forward the FHIM call information
No additional agenda items brought forward
Meeting adjourned 12:40 PST --Suzannegw (talk) 15:40, 22 September 2015 (EDT)
