Difference between revisions of "January 10, 2017 Security Conference Call"

Latest revision as of 20:00, 31 January 2017

Attendees

x	Member Name	x	Member Name	x	Member Name	x	Member Name
x	John MoehrkeSecurity Co-chair	x	Kathleen ConnorSecurity Co-chair	x	Alexander Mense Security Co-chair	.	Trish WilliamsSecurity Co-chair
x	Mike Davis	x	Suzanne Gonzales-Webb	x	David Staggs	.	Mohammed Jafari
x	Glen Marshall, SRS	x	Beth Pumo	x	Ioana Singureanu	.	Rob Horn
x	Diana Proud-Madruga	.	Serafina Versaggi	.	Joe Lamy	.	Galen Mulrooney
.	Duane DeCouteau	.	Chris Clark	.	Johnathan Coleman	.	Aaron Seib
.	Ken Salyards	.	Christopher D Brown TX	.	Gary Dickinson	x	Dave Silver
x	Rick Grow	.	William Kinsley	.	Paul Knapp	x	Mayada Abdulmannan
.	Kamalini Vaidya	.	Bill Kleinebecker	.	Christopher Shawn	.	Grahame Grieve
.	Oliver Lawless	.	Ken Rubin	.	David Tao	.	Nathan Botts

Back to Security Main Page

Agenda

(2 min) Roll Call, Agenda Approval
(2 min) Security WG Call Minutes December 20, 2016
(15 min) TF4FA Behavioral Model Elaboration - Ioana Singureanu
(5 min) Bernd Blobel TF4FA comments - Kathleen
(5 min) John Moehrke's TF4FA comments - Kathleen
(10 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
(10 min) SLSv2 PSS - Diana
(3 min) WGM Prep
(5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call

Minutes

Chaired by Alex
Agenda Approved (Kathleen, Ioana)
Security WG Call Minutes December 20, 2016-deferred to next meeting
TF4FA Behavioral Model Elaboration - Ioana Singureanu
- Kathleen present Ioana who is tasked to move from conceptual model to background independent model showing services
- Will present at connectathon
- Ioana presented the source model:
- The document is out for review shows high level concepts of trust framework
- Trust contract, federated security policy negotiated between the two domains
- Negotiation between domains results a signed agreed upon trust contract
- Results in making authorization decision between the two federated domains
- The Security token based on the trust contract and initiated an exchange flow between resources
- All the systems will have trust marks with the capabilities
- The two domains would be one initiating domain and one responding domain
- The trusted policy federation services exposes
- Assertions are also independently validated
- Attribute and Role based access control policies
- Kathleen requested for Ioana to look at different levels of assurances mechanisms within the HL7 vocabulary such as Trust Marks
- Identity Management and Proofing is not covered, only asserting authorization level federation
- Level of identity proofing can be asserted
- A domain by definition has defined set Users, Data accessed by user, and Policy; The negotiation is about the negotiating the data in the contract. The level of assurance is Domain wise.
- We use minimal identity proofing, we don't use two faze authentication, which allows each domain to apply its own policies
- The operation for trust services is operation complete contract, with authorization policy, handling instructions, security label's functionality to deal with authorizations
- Multiple level of assurances can occur within one domain
- Between two organizations you can have hundreds of Domains depending on the two users; it is fluid and flexible

Below Agenda Items will be carried forward to next Work Group call:

Bernd Blobel comments - Kathleen

John Moehrke's TF4FA comments - Kathleen
gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
SLSv2 PSS - Diana
WGM Prep
FHIR AuditEvent and Provenance ballot comments & FHIR Security Call2 min) Roll Call, Agenda Approval
Security WG Call Minutes December 20, 2016
TF4FA Behavioral Model Elaboration - Ioana Singureanu
Bernd Blobel TF4FA comments - Kathleen
John Moehrke's TF4FA comments - Kathleen
gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
SLSv2 PSS - Diana
WGM Prep
FHIR AuditEvent and Provenance ballot comments & FHIR Security Call

@@ Line 7: / Line 7: @@
 !x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name'''
 |-
-||  .|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
+||  x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 ||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair
 ||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
@@ Line 19: / Line 19: @@
 ||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 ||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo]
-||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
+||||x|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
 ||||.|| [mailto:robert.horn@agfa.com Rob Horn]
 |-
@@ Line 40: / Line 40: @@
 ||||.|| [mailto:bkinsley@nextgen.com William Kinsley]
 ||||.|| [mailto:pknapp@pknapp.com Paul Knapp]
-||||.|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
+||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan]
 |-
 ||  .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
@@ Line 57: / Line 57: @@
 =='''Agenda'''==
 # ''(2 min)'' '''Roll Call, Agenda Approval'''
-# ''(2 min)'' '''Approval of [[December 20, 2016 Security Conference Call]]
+# ''(2 min)'' '''[http://wiki.hl7.org/index.php?title=December_20,_2016_Security_Conference_Call Security WG Call Minutes December 20, 2016]'''
-# ''(15 min)'' '''[gforge ballot spreadsheet - HL7 TF4FA Ballot outcome]''' - Kathleen
+# ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9511/15017/TF4FA%20v2%20IOANA.docx TF4FA Behavioral Model Elaboration]''' - Ioana Singureanu
-# ''(15 min)'' '''[gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome]''' - Diane
+# ''(5 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9512/15018/V3_PSAF_R1_I1_2017JAN_b_blobel_20170108105539.docx Bernd Blobel TF4FA comments] - Kathleen
-# ''(15 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9486/14987/2016DEC_PSS_SecurityLabelingSvc.doc SLSv2 PSS] - Diana
+# ''(5 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9513/15019/V3_PSAF_R1_I1_2017JAN_john_moehrke_20170109160034.xls John Moehrke's TF4FA comments]''' - Kathleen
-# ''(5 min)'' '''WGM Prep'''
+# ''(10 min)'' '''[gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome]''' - Diane
+# ''(10 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9486/14987/2016DEC_PSS_SecurityLabelingSvc.doc SLSv2 PSS] - Diana
+# ''(3 min)'' '''WGM Prep'''
 # ''(5 min)'' '''FHIR AuditEvent and Provenance ballot comments & FHIR Security Call'''
 =='''Minutes'''==
+* Chaired by Alex
+* Agenda Approved (Kathleen, Ioana)
+* Security WG Call Minutes December 20, 2016-deferred to next meeting
+* TF4FA Behavioral Model Elaboration - Ioana Singureanu
+** Kathleen present Ioana who is tasked to move from conceptual model to background independent model showing services
+** Will present at connectathon
+** Ioana presented the source model:
+** The document is out for review shows high level concepts of trust framework
+** Trust contract, federated security policy negotiated between the two domains
+** Negotiation between domains results a signed agreed upon trust contract
+** Results in making authorization decision between the two federated domains
+** The Security token based on the trust contract and initiated an exchange flow between resources
+** All the systems will have trust marks with the capabilities
+** The two domains would be one initiating domain and one responding domain
+** The trusted policy federation services exposes
+** Assertions are also independently validated
+** Attribute and Role based access control policies
+** Kathleen requested for Ioana to look at different levels of assurances mechanisms within the HL7 vocabulary such as Trust Marks
+** Identity Management and Proofing is not covered, only asserting authorization level federation
+** Level of identity proofing can be asserted
+** A domain by definition has defined set Users, Data accessed by user, and Policy; The negotiation is about the negotiating the data in the contract. The level of assurance is Domain wise.
+** We use minimal identity proofing, we don't use two faze authentication, which allows each domain to apply its own policies
+** The operation for trust services is operation complete contract, with authorization policy, handling instructions, security label's functionality to deal with authorizations
+** Multiple level of assurances can occur within one domain
+** Between two organizations you can have hundreds of Domains depending on the two users; it is fluid and flexible
+* Below Agenda Items will be carried forward to next Work Group call:
+*  Bernd Blobel comments - Kathleen
+* John Moehrke's TF4FA comments - Kathleen
+* gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
+* SLSv2 PSS - Diana
+* WGM Prep
+* FHIR AuditEvent and Provenance ballot comments & FHIR Security Call2 min) Roll Call, Agenda Approval
+* Security WG Call Minutes December 20, 2016
+* TF4FA Behavioral Model Elaboration - Ioana Singureanu
+* Bernd Blobel TF4FA comments - Kathleen
+* John Moehrke's TF4FA comments - Kathleen
+* gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
+* SLSv2 PSS - Diana
+* WGM Prep
+* FHIR AuditEvent and Provenance ballot comments & FHIR Security Call

Difference between revisions of "January 10, 2017 Security Conference Call"

Latest revision as of 20:00, 31 January 2017

Attendees

Agenda

Minutes

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

groups

meetings

general

Tools