This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "March 22, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 81: Line 81:
  
 
= Minutes =
 
= Minutes =
#TBD Chaired. Agenda and Minutes -
+
#Agenda and Minutes -Chaired by John
 
#Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on [http://hl7-fhir.github.io/testscript.htmlFHIR TestScript Resource]
 
#Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on [http://hl7-fhir.github.io/testscript.htmlFHIR TestScript Resource]
#
+
#Approved Security WG March 15 Minutes
 +
#Review updated P&SbD PSS, Rick
 +
*Discussion:
 +
*Reviewed the scope statement
 +
*Added bullet to show impact on FHIR
 +
*Area's that were changed have been highlighted
 +
*FMG has been added as interested party
 +
*Test Scripts were added
 +
 
 +
 
 +
 
 +
*Project Risk and Issues:
 +
*(John & Kathleen) FHIR test scripts not sufficient, need more detail to Privacy and Security
 +
* what requirements are we exercising the test scripts that are approved by FHIR Management Group
 +
*Possible issue of validating test scripts
 +
*Recourse availability
 +
*Subject Matter Expert availability
 +
*Policy must be declared for test scripts
 +
*The threat Environment is extremely dynamic, may need to pick unrealistic set of threats as example
 +
*Note: HL7 risk is internal (Rick)
 +
*Note: Test scripts are not being balloted, they are being exercised  (Kathleen)
 +
 
 +
 
 +
*comments/Question:
 +
*John needed more clarity on the last portion of Presentation, why test scripts are attached to PSS?
 +
*Answer:
 +
*Kathleen approached the Standards Governance Board (SGB) they did not want a Guide
 +
*SGB requested the Guide to be exercised by creating FHIR test Scripts. 
 +
*CBCC and Security would start creating test script profiles in order to be available for connectathon use
 +
 
 +
*Next Step: Obtain Standards Governance Board feedback and CBCC and interest parties
 +
 
 +
*Motion approved (Kathleen, John, Suzanne)3/0/0 :
 +
* Motion to approve if there any substantive changes Security WKG would be able to weigh in on decision
 +
 
 +
 
 +
 
 +
#Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
 +
*
 +
#PASS Access Control Services Conceptual Model - Diana
 +
* NTR
 +
*Waiting to hear back from Alex
 +
 
 +
#Joint Vocabulary Alignment Update - Diana
 +
*NTR
 +
*Vocab Alignment meeting was cancelled
 +
 
 +
#PASS Audit Conceptual Model – Diana
 +
*NTR
 +
 
 +
#FHIR Security report out - John
 +
*Continued work on signature and harmonization
 +
*No issues to report

Revision as of 15:22, 29 March 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
x Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
. Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
Mike Davis . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp x Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker . Christopher Shawn
. Oliver Lawless . [mailto . Serafina Versaggi
x Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: TBD ]

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval
  2. ( 5 min) Approve Security WG March 15 Minutes
  3. (10 min) Review updated P&SbD PSS Rick
  4. ( 5 min) PASS Access Control Services Conceptual Model - Diana
  5. ( 5 min) Joint Vocabulary Alignment Update - Diana
  6. ( 5 min) PASS Audit Conceptual Model – Diana
  7. ( 5 min) FHIR Security report out - John
    • Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.

Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda

Minutes

  1. Agenda and Minutes -Chaired by John
  2. Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on TestScript Resource
  3. Approved Security WG March 15 Minutes
  4. Review updated P&SbD PSS, Rick
  • Discussion:
  • Reviewed the scope statement
  • Added bullet to show impact on FHIR
  • Area's that were changed have been highlighted
  • FMG has been added as interested party
  • Test Scripts were added


  • Project Risk and Issues:
  • (John & Kathleen) FHIR test scripts not sufficient, need more detail to Privacy and Security
  • what requirements are we exercising the test scripts that are approved by FHIR Management Group
  • Possible issue of validating test scripts
  • Recourse availability
  • Subject Matter Expert availability
  • Policy must be declared for test scripts
  • The threat Environment is extremely dynamic, may need to pick unrealistic set of threats as example
  • Note: HL7 risk is internal (Rick)
  • Note: Test scripts are not being balloted, they are being exercised (Kathleen)


  • comments/Question:
  • John needed more clarity on the last portion of Presentation, why test scripts are attached to PSS?
  • Answer:
  • Kathleen approached the Standards Governance Board (SGB) they did not want a Guide
  • SGB requested the Guide to be exercised by creating FHIR test Scripts.
  • CBCC and Security would start creating test script profiles in order to be available for connectathon use
  • Next Step: Obtain Standards Governance Board feedback and CBCC and interest parties
  • Motion approved (Kathleen, John, Suzanne)3/0/0 :
  • Motion to approve if there any substantive changes Security WKG would be able to weigh in on decision


  1. Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
  1. PASS Access Control Services Conceptual Model - Diana
  • NTR
  • Waiting to hear back from Alex
  1. Joint Vocabulary Alignment Update - Diana
  • NTR
  • Vocab Alignment meeting was cancelled
  1. PASS Audit Conceptual Model – Diana
  • NTR
  1. FHIR Security report out - John
  • Continued work on signature and harmonization
  • No issues to report