This wiki has undergone a migration to Confluence found Here
Difference between revisions of "November 1, 2016 Security Conference Call"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
m (→Attendees) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 9: | Line 9: | ||
|| x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair | || x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair | ||
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair | ||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair | ||
− | |||| | + | ||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair |
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | ||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair | ||
|- | |- | ||
|| x|| [mailto:mike.davis@va.gov Mike Davis] | || x|| [mailto:mike.davis@va.gov Mike Davis] | ||
||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb] | ||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb] | ||
− | |||| | + | ||||.|| [mailto:drs@securityrs.com David Staggs] |
− | |||| | + | ||||.|| [mailto:mjafari@edmondsci.com Mohammed Jafari] |
|- | |- | ||
|| x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | || x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | ||
− | |||| | + | ||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo] |
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] | ||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] | ||
||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||
Line 24: | Line 24: | ||
|| x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | || x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | ||
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||
− | |||| | + | ||||x|| [mailto:joe.lamy@aegis.net Joe Lamy] |
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] | ||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney] | ||
|- | |- | ||
Line 37: | Line 37: | ||
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||
|- | |- | ||
− | || | + | || .|| [mailto:rgrow@technatomy.com Rick Grow] |
||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
− | |||| | + | ||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | || .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | ||
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ] | ||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ] | ||
− | |||| | + | ||||.|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] |
||||.|| [mailto:grahameg@gmail.com Grahame Grieve] | ||||.|| [mailto:grahameg@gmail.com Grahame Grieve] | ||
|- | |- | ||
Line 57: | Line 57: | ||
==Agenda '''DRAFT'''== | ==Agenda '''DRAFT'''== | ||
# ''(2 min)'' '''Roll Call, Agenda Approval''' | # ''(2 min)'' '''Roll Call, Agenda Approval''' | ||
− | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call | + | # ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes] |
− | # ''(15 min)'' '''PSAF | + | # ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA]''' Mike and Dave Silver to discuss any updates to the ballot material. |
# ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR]''' Diane and Ken Rubin | # ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR]''' Diane and Ken Rubin | ||
#''(15 min)'' '''Review and Approval of the long overdue [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition. | #''(15 min)'' '''Review and Approval of the long overdue [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition. | ||
Line 65: | Line 65: | ||
==Minutes== | ==Minutes== | ||
+ | * John chaired | ||
+ | * Roll Call, Agenda Approval -- Mike/Glen - Unanimous | ||
+ | * Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes] -- Beth/Diana - unanimous | ||
+ | **Diana and Ken on SOA on FHIR | ||
+ | ** Service specification NSCI level II process was pre-FHIR service specification | ||
+ | ** After FHIR if you take functions like evaluate and implement in FHIR server | ||
+ | ** How to implement FHIR consistand SOA specs into FHIR | ||
+ | ** Leverage FHIR artifacts to adapt to service functional model | ||
+ | ** Resources and implementation guides used to constitute a FHIR enabled service | ||
+ | ** Action items to adapt FHIR peces as a collection as an emerging service | ||
+ | ** To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific | ||
+ | ** Implementation Guide will stitch all collective pieces to create the service | ||
+ | * FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc | ||
+ | ** SFM will continue to be produced | ||
+ | ** Alot will happen in parallel | ||
+ | ** The process will govern how SOA does its work that is service related using FHIR | ||
+ | ** Comment: Security Work group can have FHIR Framework that would have services- Mike Davis | ||
+ | ** Recommendation: please include Security services with Health Care services- Mike Davis | ||
+ | ** If anyone wants updates they can subscribe to SOA list | ||
+ | |||
+ | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR] | ||
+ | * Mike and Dave Silver to discuss any updates to the ballot material. | ||
+ | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA] | ||
+ | * TF4FA using model open identity using trust specification | ||
+ | ** We have a legal framework for Security and Privacy for requirements and consent | ||
+ | ** We included certification criteria | ||
+ | ** We included technical framework | ||
+ | ** We maybe able to take the Trust model and make it FHIR specific | ||
+ | ** Potentially Trust Technical Framework may match the services described for FHIR by Ken | ||
+ | ** Models included: | ||
+ | ** Trust services model is part of the Trust Services | ||
+ | ** Domain Model | ||
+ | ** Class Model- Policy info model to realize a domain policy | ||
+ | ** Once we have trust framework services it will ultimately involve a legal framework | ||
+ | ** Trust Services Model has seven identified services | ||
+ | ** Requests would have user attributes, roles, clearances, and other access control information | ||
+ | ** The purpose of use would have the User and Request attributes | ||
+ | ** Each Domain will have Trust tokens | ||
+ | ** Policy information Model is also included | ||
+ | ** The context of IT841 is the security policy information File and guidelines | ||
+ | *** Policy Vocabulary is included, as well as Policy Handeling instructions | ||
+ | |||
+ | * Kathleen mentioned need to review old ballot results next week [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition. | ||
+ | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana |
Latest revision as of 18:18, 4 January 2017
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | . | David Staggs | . | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
. | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) Approve Security WG October 25, 2016 call minutes
- (15 min) PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
- (15 min) SOA on FHIR Diane and Ken Rubin
- (15 min) Review and Approval of the long overdue Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- (3 min) PASS Audit Conceptual Model – Diana
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- John chaired
- Roll Call, Agenda Approval -- Mike/Glen - Unanimous
- Approve Security WG October 25, 2016 call minutes -- Beth/Diana - unanimous
- Diana and Ken on SOA on FHIR
- Service specification NSCI level II process was pre-FHIR service specification
- After FHIR if you take functions like evaluate and implement in FHIR server
- How to implement FHIR consistand SOA specs into FHIR
- Leverage FHIR artifacts to adapt to service functional model
- Resources and implementation guides used to constitute a FHIR enabled service
- Action items to adapt FHIR peces as a collection as an emerging service
- To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific
- Implementation Guide will stitch all collective pieces to create the service
- FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc
- SFM will continue to be produced
- Alot will happen in parallel
- The process will govern how SOA does its work that is service related using FHIR
- Comment: Security Work group can have FHIR Framework that would have services- Mike Davis
- Recommendation: please include Security services with Health Care services- Mike Davis
- If anyone wants updates they can subscribe to SOA list
- Mike and Dave Silver to discuss any updates to the ballot material.
- TF4FA using model open identity using trust specification
- We have a legal framework for Security and Privacy for requirements and consent
- We included certification criteria
- We included technical framework
- We maybe able to take the Trust model and make it FHIR specific
- Potentially Trust Technical Framework may match the services described for FHIR by Ken
- Models included:
- Trust services model is part of the Trust Services
- Domain Model
- Class Model- Policy info model to realize a domain policy
- Once we have trust framework services it will ultimately involve a legal framework
- Trust Services Model has seven identified services
- Requests would have user attributes, roles, clearances, and other access control information
- The purpose of use would have the User and Request attributes
- Each Domain will have Trust tokens
- Policy information Model is also included
- The context of IT841 is the security policy information File and guidelines
- Policy Vocabulary is included, as well as Policy Handeling instructions
- Kathleen mentioned need to review old ballot results next week Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana