This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2017-06-27"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) (→Agenda) |
JohnMoehrke (talk | contribs) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 20: | Line 20: | ||
|| .||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | || .||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair | ||
||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||||.||[mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||
− | |||| | + | ||||x||[mailto:Mike.Davis@va.gov Mike Davis] |
|- | |- | ||
|| .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead | || .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead | ||
Line 46: | Line 46: | ||
===Open Issues=== | ===Open Issues=== | ||
The following are currently in Deferred state. Now to be worked on for STU4 (release 4): | The following are currently in Deferred state. Now to be worked on for STU4 (release 4): | ||
+ | |||
+ | ====Block 1==== | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=12939 12939] Security+Role+vocabulary+should+be+mentioned+on+the+security.html+page (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13501 13501] Add+to+Provenance.agent+the+resource+type+PractitionerRole+in+both+who+and+onbehalfof (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13502 13502] Add+ParactitionerRole+to+AuditEvent.agent.reference (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13504 13504] add+to+AuditEvent+a+place+to+record+OperationOutcome (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13568 13568] AuditEvent.event.details.value+need+a+String+variation+in+addition+to+base64binary (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13569 13569] AuditEvent+-+need+period (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13571 13571] AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Persuasive | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=12502 12502] Provenance.agent.relatedAgentType+is+nonsensical (Grahame Grieve) Persuasive with Mod | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13012 13012] Provenance.period+should+be+a+choice (Lloyd McKenzie) Persuasive with Mod | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13016 13016] Provenance.agent.role+should+be+1..1 (Lloyd McKenzie) Persuasive with Mod | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13238 13238] Add+guidance+on+JSON+signatures (John Moehrke) Persuasive with Mod | ||
====Discuss==== | ====Discuss==== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9167 9167] AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9167 9167] AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use | ||
− | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id= | + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10343 10343] Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use |
− | * | + | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10580 10580] How+should+test+data+be+identified%3F (John Moehrke) Considered for Future Use |
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10581 10581] something+should+be+said+about+de-identification (John Moehrke) Considered for Future Use | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=12462 12462] Security%2FPrivacy+Module+page+should+explain+W5+realty+that+provenance+elements+in+other+resources+vs+use+of+Provenance+as+a+resource (John Moehrke) Considered for Future Use | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=12463 12463] explain+relationship+between+Provenance+and+AuditEvent.+ (John Moehrke) Considered for Future Use | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10579 10579] New+Security+and+Privacy+%22Module%22+page+needs+content (John Moehrke) None | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071 11071] Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor) None | ||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=12660 12660] HCS+use+clarification (John Moehrke) None | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=12660 12660] HCS+use+clarification (John Moehrke) None | ||
+ | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=12941 12941] Security+Role+vocabulary+should+include+ISO+21298 (John Moehrke) None | ||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13011 13011] The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie) None | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13011 13011] The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie) None | ||
− | |||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13013 13013] Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie) None | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13013 13013] Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie) None | ||
− | |||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13014 13014] Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie) None | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13014 13014] Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie) None | ||
− | + | ||
+ | ====Assigned to John==== | ||
====Assigned to Kathleen==== | ====Assigned to Kathleen==== | ||
Line 74: | Line 85: | ||
====Narrative improvements==== | ====Narrative improvements==== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 87: | Line 90: | ||
=Minutes= | =Minutes= | ||
+ | * John chaired | ||
+ | * Did not approve prior minutes | ||
+ | * Focus of discussion on current text on break-glass and relationship to potential confusion relative to the three terms defined in the break-glass whitepaper. Where break-glass does not require any permission elevation, it is just a UI workflow. But where Emergency is the term used to indiacate a use of permission mechanism to support the workflow being described. | ||
+ | ** ACTION: John to formulate better text to communicate to those using the term Break-Glass, but wanting the Emergency functionality. | ||
+ | * Quick review of potential Block vote | ||
+ | * Adjourned |
Latest revision as of 15:34, 29 June 2017
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Phone: +1 515-604-9567, Participant Code: 880898 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
Member Name | Member Name | Member Name | ||||||
---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | . | Alexander Mense Security Co-chair | |||
. | Suzanne Gonzales-Webb CBCC Co-Chair | . | Johnathan ColemanCBCC Co-Chair | x | Mike Davis | |||
. | Reed Gelzer RM-ES Lead | . | Glen Marshal | x | Joe Lamy | |||
. | Diana Proud-Madruga | . | Rob Horn | . | Beth Pumo |
Agenda
- Roll;
- approval of agenda
- approval of the HL7 FHIR Security 2017-03-28 Minutes
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- Prepare Block vote
- Plan resolution of CR (see below)
- SMART engagement
- Setting up Test Plans for Security / Privacy topic
- New business?
Open Issues
The following are currently in Deferred state. Now to be worked on for STU4 (release 4):
Block 1
- 12939 Security+Role+vocabulary+should+be+mentioned+on+the+security.html+page (John Moehrke) Persuasive
- 13501 Add+to+Provenance.agent+the+resource+type+PractitionerRole+in+both+who+and+onbehalfof (John Moehrke) Persuasive
- 13502 Add+ParactitionerRole+to+AuditEvent.agent.reference (John Moehrke) Persuasive
- 13504 add+to+AuditEvent+a+place+to+record+OperationOutcome (John Moehrke) Persuasive
- 13568 AuditEvent.event.details.value+need+a+String+variation+in+addition+to+base64binary (John Moehrke) Persuasive
- 13569 AuditEvent+-+need+period (John Moehrke) Persuasive
- 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive
- 13571 AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Persuasive
- 12502 Provenance.agent.relatedAgentType+is+nonsensical (Grahame Grieve) Persuasive with Mod
- 13012 Provenance.period+should+be+a+choice (Lloyd McKenzie) Persuasive with Mod
- 13016 Provenance.agent.role+should+be+1..1 (Lloyd McKenzie) Persuasive with Mod
- 13238 Add+guidance+on+JSON+signatures (John Moehrke) Persuasive with Mod
Discuss
- 9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use
- 10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
- 10580 How+should+test+data+be+identified%3F (John Moehrke) Considered for Future Use
- 10581 something+should+be+said+about+de-identification (John Moehrke) Considered for Future Use
- 12462 Security%2FPrivacy+Module+page+should+explain+W5+realty+that+provenance+elements+in+other+resources+vs+use+of+Provenance+as+a+resource (John Moehrke) Considered for Future Use
- 12463 explain+relationship+between+Provenance+and+AuditEvent.+ (John Moehrke) Considered for Future Use
- 10579 New+Security+and+Privacy+%22Module%22+page+needs+content (John Moehrke) None
- 11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor) None
- 12660 HCS+use+clarification (John Moehrke) None
- 12941 Security+Role+vocabulary+should+include+ISO+21298 (John Moehrke) None
- 13011 The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie) None
- 13013 Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie) None
- 13014 Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie) None
Assigned to John
Assigned to Kathleen
- 10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
- need to work with some organization (e.g. HL7) to create three new vocabulary values. These vocabulary values need to be defined as OID values, because they are used in external standards that have a data-type of OID (i.e. XML-Signature). So they can't be text vocabulary, and they need to be fully OID.
Narrative improvements
http://build.fhir.org/secpriv-module.html
Minutes
- John chaired
- Did not approve prior minutes
- Focus of discussion on current text on break-glass and relationship to potential confusion relative to the three terms defined in the break-glass whitepaper. Where break-glass does not require any permission elevation, it is just a UI workflow. But where Emergency is the term used to indiacate a use of permission mechanism to support the workflow being described.
- ACTION: John to formulate better text to communicate to those using the term Break-Glass, but wanting the Emergency functionality.
- Quick review of potential Block vote
- Adjourned