This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "November 1, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by 3 users not shown)
Line 9: Line 9:
 
||  x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 
||  x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
 
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+
||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
|-
 
|-
 
||  x|| [mailto:mike.davis@va.gov Mike Davis]
 
||  x|| [mailto:mike.davis@va.gov Mike Davis]
 
||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
 
||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]
||||x|| [mailto:drs@securityrs.com David Staggs]
+
||||.|| [mailto:drs@securityrs.com David Staggs]
||||x|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
+
||||.|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
 
|-
 
|-
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
+
||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
 
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
 
||||.|| [mailto:robert.horn@agfa.com Rob Horn]  
 
||||.|| [mailto:robert.horn@agfa.com Rob Horn]  
Line 24: Line 24:
 
||  x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 
||  x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ]
 
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ]
||||.|| [mailto:joe.lamy@aegis.net Joe Lamy]
+
||||x|| [mailto:joe.lamy@aegis.net Joe Lamy]
 
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 
||||.|| [mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 
|-
 
|-
Line 37: Line 37:
 
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
|-
 
|-
||  x|| [mailto:rgrow@technatomy.com Rick Grow]
+
||  .|| [mailto:rgrow@technatomy.com Rick Grow]
 
||||.|| [mailto:bkinsley@nextgen.com William Kinsley]
 
||||.|| [mailto:bkinsley@nextgen.com William Kinsley]
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
 
||||.|| [mailto:pknapp@pknapp.com Paul Knapp]   
||||.|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
+
||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
 
|-
 
|-
 
||  .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
 
||  .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
||||x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
+
||||.|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
 
||||.|| [mailto:grahameg@gmail.com Grahame Grieve]
 
||||.|| [mailto:grahameg@gmail.com Grahame Grieve]
 
|-
 
|-
Line 58: Line 58:
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
 
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes]  
 
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes]  
# ''(15 min)'' '''PSAF Ballot v.next'''  Mike and Dave Silver to discuss any updates to the ballot material.
+
# ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA]'''  Mike and Dave Silver to discuss any updates to the ballot material.
 
# ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR]''' Diane and Ken Rubin
 
# ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR]''' Diane and Ken Rubin
 
#''(15 min)'' '''Review and Approval of the long overdue [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.  
 
#''(15 min)'' '''Review and Approval of the long overdue [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.  
Line 65: Line 65:
  
 
==Minutes==
 
==Minutes==
 +
* John chaired
 +
* Roll Call, Agenda Approval -- Mike/Glen - Unanimous
 +
* Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes] -- Beth/Diana - unanimous
 +
**Diana and Ken on SOA on FHIR
 +
** Service specification NSCI level II process was pre-FHIR service specification
 +
** After FHIR if you take functions like evaluate and implement in FHIR server
 +
** How to implement FHIR consistand SOA specs into FHIR
 +
** Leverage FHIR artifacts to adapt to service functional model
 +
** Resources and implementation guides used to constitute a FHIR enabled service
 +
** Action items to adapt FHIR peces as a collection as an emerging service
 +
** To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific
 +
** Implementation Guide will stitch all collective pieces to create the service
 +
* FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc
 +
** SFM will continue to be produced
 +
** Alot will happen in parallel
 +
** The process will govern how SOA does its work that is service related using FHIR
 +
** Comment:  Security Work group can have FHIR Framework that would have services- Mike Davis
 +
** Recommendation: please include Security services with Health Care services- Mike Davis
 +
** If anyone wants updates they can subscribe to SOA list
 +
 +
** [http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR]
 +
* Mike and Dave Silver to discuss any updates to the ballot material.
 +
** [http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA]
 +
* TF4FA using model open identity using trust specification
 +
** We  have a legal framework for Security and Privacy for requirements and consent
 +
** We included certification criteria
 +
** We included technical framework
 +
** We maybe able to take the Trust model and make it FHIR specific
 +
** Potentially Trust Technical Framework may match the services described for FHIR by Ken
 +
** Models included:
 +
** Trust services model is part of the Trust Services
 +
** Domain Model
 +
** Class Model- Policy info model to realize a domain policy
 +
** Once we have trust framework services it will ultimately involve a legal framework
 +
** Trust Services Model has seven identified services
 +
** Requests would have user attributes, roles, clearances, and other access control information
 +
** The purpose of use would have the User and Request attributes
 +
** Each Domain will have Trust tokens
 +
** Policy information Model is also included
 +
** The context of IT841 is the security policy information File and guidelines
 +
*** Policy Vocabulary is included, as well as Policy Handeling instructions
 +
 +
* Kathleen mentioned need to review old ballot results next week [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
 +
* FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana

Latest revision as of 18:18, 4 January 2017

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair x Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb . David Staggs . Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson . Dave Silver
. Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker . Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . Paul Petronelli , Mobile Health . Russell McDonell

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (3 min) Approve Security WG October 25, 2016 call minutes
  3. (15 min) PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
  4. (15 min) SOA on FHIR Diane and Ken Rubin
  5. (15 min) Review and Approval of the long overdue Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
  6. (3 min) PASS Audit Conceptual Model – Diana
  7. (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call

Minutes

  • John chaired
  • Roll Call, Agenda Approval -- Mike/Glen - Unanimous
  • Approve Security WG October 25, 2016 call minutes -- Beth/Diana - unanimous
    • Diana and Ken on SOA on FHIR
    • Service specification NSCI level II process was pre-FHIR service specification
    • After FHIR if you take functions like evaluate and implement in FHIR server
    • How to implement FHIR consistand SOA specs into FHIR
    • Leverage FHIR artifacts to adapt to service functional model
    • Resources and implementation guides used to constitute a FHIR enabled service
    • Action items to adapt FHIR peces as a collection as an emerging service
    • To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific
    • Implementation Guide will stitch all collective pieces to create the service
  • FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc
    • SFM will continue to be produced
    • Alot will happen in parallel
    • The process will govern how SOA does its work that is service related using FHIR
    • Comment: Security Work group can have FHIR Framework that would have services- Mike Davis
    • Recommendation: please include Security services with Health Care services- Mike Davis
    • If anyone wants updates they can subscribe to SOA list
  • Mike and Dave Silver to discuss any updates to the ballot material.
  • TF4FA using model open identity using trust specification
    • We have a legal framework for Security and Privacy for requirements and consent
    • We included certification criteria
    • We included technical framework
    • We maybe able to take the Trust model and make it FHIR specific
    • Potentially Trust Technical Framework may match the services described for FHIR by Ken
    • Models included:
    • Trust services model is part of the Trust Services
    • Domain Model
    • Class Model- Policy info model to realize a domain policy
    • Once we have trust framework services it will ultimately involve a legal framework
    • Trust Services Model has seven identified services
    • Requests would have user attributes, roles, clearances, and other access control information
    • The purpose of use would have the User and Request attributes
    • Each Domain will have Trust tokens
    • Policy information Model is also included
    • The context of IT841 is the security policy information File and guidelines
      • Policy Vocabulary is included, as well as Policy Handeling instructions
  • Kathleen mentioned need to review old ballot results next week Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
  • FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana