This wiki has undergone a migration to Confluence found Here
Difference between revisions of "November 1, 2016 Security Conference Call"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
m (→Attendees) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 40: | Line 40: | ||
||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
− | |||| | + | ||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | || .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | ||
Line 68: | Line 68: | ||
* Roll Call, Agenda Approval -- Mike/Glen - Unanimous | * Roll Call, Agenda Approval -- Mike/Glen - Unanimous | ||
* Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes] -- Beth/Diana - unanimous | * Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes] -- Beth/Diana - unanimous | ||
− | * Diana and Ken on SOA on FHIR | + | **Diana and Ken on SOA on FHIR |
+ | ** Service specification NSCI level II process was pre-FHIR service specification | ||
+ | ** After FHIR if you take functions like evaluate and implement in FHIR server | ||
+ | ** How to implement FHIR consistand SOA specs into FHIR | ||
+ | ** Leverage FHIR artifacts to adapt to service functional model | ||
+ | ** Resources and implementation guides used to constitute a FHIR enabled service | ||
+ | ** Action items to adapt FHIR peces as a collection as an emerging service | ||
+ | ** To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific | ||
+ | ** Implementation Guide will stitch all collective pieces to create the service | ||
+ | * FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc | ||
+ | ** SFM will continue to be produced | ||
+ | ** Alot will happen in parallel | ||
+ | ** The process will govern how SOA does its work that is service related using FHIR | ||
+ | ** Comment: Security Work group can have FHIR Framework that would have services- Mike Davis | ||
+ | ** Recommendation: please include Security services with Health Care services- Mike Davis | ||
+ | ** If anyone wants updates they can subscribe to SOA list | ||
+ | |||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR] | ||
* Mike and Dave Silver to discuss any updates to the ballot material. | * Mike and Dave Silver to discuss any updates to the ballot material. | ||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA] | ||
+ | * TF4FA using model open identity using trust specification | ||
+ | ** We have a legal framework for Security and Privacy for requirements and consent | ||
+ | ** We included certification criteria | ||
+ | ** We included technical framework | ||
+ | ** We maybe able to take the Trust model and make it FHIR specific | ||
+ | ** Potentially Trust Technical Framework may match the services described for FHIR by Ken | ||
+ | ** Models included: | ||
+ | ** Trust services model is part of the Trust Services | ||
+ | ** Domain Model | ||
+ | ** Class Model- Policy info model to realize a domain policy | ||
+ | ** Once we have trust framework services it will ultimately involve a legal framework | ||
+ | ** Trust Services Model has seven identified services | ||
+ | ** Requests would have user attributes, roles, clearances, and other access control information | ||
+ | ** The purpose of use would have the User and Request attributes | ||
+ | ** Each Domain will have Trust tokens | ||
+ | ** Policy information Model is also included | ||
+ | ** The context of IT841 is the security policy information File and guidelines | ||
+ | *** Policy Vocabulary is included, as well as Policy Handeling instructions | ||
+ | |||
* Kathleen mentioned need to review old ballot results next week [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition. | * Kathleen mentioned need to review old ballot results next week [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition. | ||
− | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned | + | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana |
Latest revision as of 18:18, 4 January 2017
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | . | David Staggs | . | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
. | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) Approve Security WG October 25, 2016 call minutes
- (15 min) PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
- (15 min) SOA on FHIR Diane and Ken Rubin
- (15 min) Review and Approval of the long overdue Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- (3 min) PASS Audit Conceptual Model – Diana
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- John chaired
- Roll Call, Agenda Approval -- Mike/Glen - Unanimous
- Approve Security WG October 25, 2016 call minutes -- Beth/Diana - unanimous
- Diana and Ken on SOA on FHIR
- Service specification NSCI level II process was pre-FHIR service specification
- After FHIR if you take functions like evaluate and implement in FHIR server
- How to implement FHIR consistand SOA specs into FHIR
- Leverage FHIR artifacts to adapt to service functional model
- Resources and implementation guides used to constitute a FHIR enabled service
- Action items to adapt FHIR peces as a collection as an emerging service
- To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific
- Implementation Guide will stitch all collective pieces to create the service
- FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc
- SFM will continue to be produced
- Alot will happen in parallel
- The process will govern how SOA does its work that is service related using FHIR
- Comment: Security Work group can have FHIR Framework that would have services- Mike Davis
- Recommendation: please include Security services with Health Care services- Mike Davis
- If anyone wants updates they can subscribe to SOA list
- Mike and Dave Silver to discuss any updates to the ballot material.
- TF4FA using model open identity using trust specification
- We have a legal framework for Security and Privacy for requirements and consent
- We included certification criteria
- We included technical framework
- We maybe able to take the Trust model and make it FHIR specific
- Potentially Trust Technical Framework may match the services described for FHIR by Ken
- Models included:
- Trust services model is part of the Trust Services
- Domain Model
- Class Model- Policy info model to realize a domain policy
- Once we have trust framework services it will ultimately involve a legal framework
- Trust Services Model has seven identified services
- Requests would have user attributes, roles, clearances, and other access control information
- The purpose of use would have the User and Request attributes
- Each Domain will have Trust tokens
- Policy information Model is also included
- The context of IT841 is the security policy information File and guidelines
- Policy Vocabulary is included, as well as Policy Handeling instructions
- Kathleen mentioned need to review old ballot results next week Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana