This wiki has undergone a migration to Confluence found Here
Difference between revisions of "March 22, 2016 Security Conference Call"
Jump to navigation
Jump to search
Line 81: | Line 81: | ||
= Minutes = | = Minutes = | ||
− | # | + | #Agenda and Minutes -Chaired by John |
#Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on [http://hl7-fhir.github.io/testscript.htmlFHIR TestScript Resource] | #Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on [http://hl7-fhir.github.io/testscript.htmlFHIR TestScript Resource] | ||
− | # | + | #Approved Security WG March 15 Minutes |
+ | #Review updated P&SbD PSS, Rick | ||
+ | *Discussion: | ||
+ | *Reviewed the scope statement | ||
+ | *Added bullet to show impact on FHIR | ||
+ | *Area's that were changed have been highlighted | ||
+ | *FMG has been added as interested party | ||
+ | *Test Scripts were added | ||
+ | |||
+ | |||
+ | |||
+ | *Project Risk and Issues: | ||
+ | *(John & Kathleen) FHIR test scripts not sufficient, need more detail to Privacy and Security | ||
+ | * what requirements are we exercising the test scripts that are approved by FHIR Management Group | ||
+ | *Possible issue of validating test scripts | ||
+ | *Recourse availability | ||
+ | *Subject Matter Expert availability | ||
+ | *Policy must be declared for test scripts | ||
+ | *The threat Environment is extremely dynamic, may need to pick unrealistic set of threats as example | ||
+ | *Note: HL7 risk is internal (Rick) | ||
+ | *Note: Test scripts are not being balloted, they are being exercised (Kathleen) | ||
+ | |||
+ | |||
+ | *comments/Question: | ||
+ | *John needed more clarity on the last portion of Presentation, why test scripts are attached to PSS? | ||
+ | *Answer: | ||
+ | *Kathleen approached the Standards Governance Board (SGB) they did not want a Guide | ||
+ | *SGB requested the Guide to be exercised by creating FHIR test Scripts. | ||
+ | *CBCC and Security would start creating test script profiles in order to be available for connectathon use | ||
+ | |||
+ | *Next Step: Obtain Standards Governance Board feedback and CBCC and interest parties | ||
+ | |||
+ | *Motion approved (Kathleen, John, Suzanne)3/0/0 : | ||
+ | * Motion to approve if there any substantive changes Security WKG would be able to weigh in on decision | ||
+ | |||
+ | |||
+ | |||
+ | #Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite | ||
+ | * | ||
+ | #PASS Access Control Services Conceptual Model - Diana | ||
+ | * NTR | ||
+ | *Waiting to hear back from Alex | ||
+ | |||
+ | #Joint Vocabulary Alignment Update - Diana | ||
+ | *NTR | ||
+ | *Vocab Alignment meeting was cancelled | ||
+ | |||
+ | #PASS Audit Conceptual Model – Diana | ||
+ | *NTR | ||
+ | |||
+ | #FHIR Security report out - John | ||
+ | *Continued work on signature and harmonization | ||
+ | *No issues to report |
Revision as of 15:22, 29 March 2016
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|
x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
x | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
. | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
. | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | x | Dave Silver | |||
Mike Davis | . | Ioana Singureanu | . | Mohammed Jafari | ||||
x | Suzanne Gonzales-Webb | . | Rob Horn | . | Galen Mulrooney | |||
x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
x | Rick Grow | . | Paul Knapp | x | Mayada Abdulmannan | |||
x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
. | Oliver Lawless | . | [mailto | . | Serafina Versaggi | |||
x | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
. | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve Security WG March 15 Minutes
- (10 min) Review updated P&SbD PSS Rick
- Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
- ( 5 min) PASS Access Control Services Conceptual Model - Diana
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PASS Audit Conceptual Model – Diana
- ( 5 min) FHIR Security report out - John
- Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
Minutes
- Agenda and Minutes -Chaired by John
- Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on TestScript Resource
- Approved Security WG March 15 Minutes
- Review updated P&SbD PSS, Rick
- Discussion:
- Reviewed the scope statement
- Added bullet to show impact on FHIR
- Area's that were changed have been highlighted
- FMG has been added as interested party
- Test Scripts were added
- Project Risk and Issues:
- (John & Kathleen) FHIR test scripts not sufficient, need more detail to Privacy and Security
- what requirements are we exercising the test scripts that are approved by FHIR Management Group
- Possible issue of validating test scripts
- Recourse availability
- Subject Matter Expert availability
- Policy must be declared for test scripts
- The threat Environment is extremely dynamic, may need to pick unrealistic set of threats as example
- Note: HL7 risk is internal (Rick)
- Note: Test scripts are not being balloted, they are being exercised (Kathleen)
- comments/Question:
- John needed more clarity on the last portion of Presentation, why test scripts are attached to PSS?
- Answer:
- Kathleen approached the Standards Governance Board (SGB) they did not want a Guide
- SGB requested the Guide to be exercised by creating FHIR test Scripts.
- CBCC and Security would start creating test script profiles in order to be available for connectathon use
- Next Step: Obtain Standards Governance Board feedback and CBCC and interest parties
- Motion approved (Kathleen, John, Suzanne)3/0/0 :
- Motion to approve if there any substantive changes Security WKG would be able to weigh in on decision
- Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
- PASS Access Control Services Conceptual Model - Diana
- NTR
- Waiting to hear back from Alex
- Joint Vocabulary Alignment Update - Diana
- NTR
- Vocab Alignment meeting was cancelled
- PASS Audit Conceptual Model – Diana
- NTR
- FHIR Security report out - John
- Continued work on signature and harmonization
- No issues to report