This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2017-12-05"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "==Call Logistics== Weekly: '''Tuesday at 05:00 EST''' (2 PM PST) Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: secur...")
 
 
(2 intermediate revisions by the same user not shown)
Line 24: Line 24:
 
||  .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
 
||  .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
 
||||.||[mailto:gfm@securityrs.com Glen Marshal]
 
||||.||[mailto:gfm@securityrs.com Glen Marshal]
||||x||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS
+
||||.||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS
 
|-
 
|-
 
||  .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 
||  .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
Line 31: Line 31:
 
|-
 
|-
 
||  .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly]
 
||  .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly]
||||.||[[User:Interopguy | Mario Hyland ]] AEGIS [mailto:Mario.hyland@aegis.net]
+
||||.||[mailto:Mario.hyland@aegis.net Mario Hyland ] AEGIS
||||.||[mailto:noone@nowhere.example Firstname Lastname]
+
||||x||[mailto:mark.underwood@kryptonbrothers.com Mark Underwood] NIST
 
|-
 
|-
 
|}
 
|}
Line 41: Line 41:
 
* approval of the [[HL7 FHIR Security 2017-11-28]] Minutes
 
* approval of the [[HL7 FHIR Security 2017-11-28]] Minutes
 
* All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
 
* All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
* Given deadline for Dec-Jan informative ballot deadline for substative canges
+
* Given deadline for Dec-Jan informative ballot deadline for substantive changes
** Review and approve [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175&start=0 14175] signature resource format
+
** Review and approve these that would affect structure
** Review and approve [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14193&start=0 14193] signature description
+
*** [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
** Possibly [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071&start=0 11071] valueSet for HCS
+
*** [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175 14175] Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
 +
*** Possibly [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071&start=0 11071] valueSet for HCS
 +
 
 +
Other business:
 
* Is our current break-glass a proper thing for us to have said? Specifically it says that the indication of broken-glass is to place a tag into the http header
 
* Is our current break-glass a proper thing for us to have said? Specifically it says that the indication of broken-glass is to place a tag into the http header
 
** See http://build.fhir.org/security-labels.html#break-the-glass
 
** See http://build.fhir.org/security-labels.html#break-the-glass
Line 73: Line 76:
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13571 13571] AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Not Persuasive
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13571 13571] AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Not Persuasive
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
 +
* [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175 14175] Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
 +
* [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14193&start=0 14193] signature description
  
 
=== Current backlog ===
 
=== Current backlog ===
Line 91: Line 96:
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14027 14027] enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke)  
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14027 14027] enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke)  
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14028 14028] Explain+how+one+might+use+AuditEvent+to+inform+an+Accounting+of+Disclosures (Kathleen Connor)
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14028 14028] Explain+how+one+might+use+AuditEvent+to+inform+an+Accounting+of+Disclosures (Kathleen Connor)
* [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175 14175] Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
 
  
 
=Minutes=
 
=Minutes=
 
* John chaired
 
* John chaired
 +
* approval of agenda -->  Kathleen Connor/Mike Underwood: 2-0-0
 +
* approval of the [[HL7 FHIR Security 2017-11-28]] Minutes  --> Kathleen Connor/Mike Underwood: 2-0-0
 +
* The following CR were approved
 +
* [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
 +
* [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175 14175] Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
 +
* Discussed more the [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071&start=0 11071] valueSet for HCS
 +
* adjourned 55 minutes

Latest revision as of 22:15, 6 December 2017

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair . Alexander Mense Security Co-chair
. Suzanne Gonzales-Webb CBCC Co-Chair . Johnathan Coleman CBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead . Glen Marshal . Joe Lamy AEGIS
. Diana Proud-Madruga . Rob Horn . Beth Pumo
. Irina Connelly . Mario Hyland AEGIS x Mark Underwood NIST

Agenda

Other business:

  • Is our current break-glass a proper thing for us to have said? Specifically it says that the indication of broken-glass is to place a tag into the http header
  • Word is there is ONC interest in Provenance use at connectathon
  • Can we provide a Provenance pattern that would be added by a FHIR Server that has done a validation against StructureDefinitions and added tags of compliance to Resources?
  • Discussion on chat around PurposeOfUse and how it should be conveyed. https://chat.fhir.org/#narrow/stream/implementers/topic/GDPR.20PurposeOfUse
  • Plan resolution of CR (see below)
  • SMART engagement
  • Setting up Test Plans for Security / Privacy topic
    • Connectathon scenario -- Pattern that shows how Provenance, AuditEvent, Consent, security-labels, and other can be overlaid on <any> other connectathon scenario
    • TestScript resource based tests
      • AuditEvent tests for well understood audit log
      • Provenance tests for well understood provenance use
    • Test bench?
      • some automated environment that people can use to test their: ( a ) client, ( b ) server, or other? Can this be done?
  • Discussed Event Pattern
    • 13841 Align+AuditEvent+with+Event+pattern (John Moehrke)
    • 13842 Align+Provenance+with+new+Event+pattern (John Moehrke)
    • event.performer vs .agent
      • Seems performer is an acceptable element name. Do need to keep description we have as it is specialized for Provenance and AuditEvent
    • Action: John to apply event pattern and get error report from Lloyd
  • New business?

Future Block

  • 12941 Security+Role+vocabulary+should+include+ISO+21298 (John Moehrke) Persuasive
  • 13571 AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Not Persuasive
  • 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
  • 14175 Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
  • 14193 signature description

Current backlog

  • 9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke)
  • 10343 Three+additional+Signature.type+codes (Kathleen Connor)
  • 10580 How+should+test+data+be+identified%3F (John Moehrke)
  • 12462 Security%2FPrivacy+Module+page+should+explain+W5+realty+that+provenance+elements+in+other+resources+vs+use+of+Provenance+as+a+resource (John Moehrke)
  • 12463 explain+relationship+between+Provenance+and+AuditEvent.+ (John Moehrke)
  • 10579 New+Security+and+Privacy+%22Module%22+page+needs+content (John Moehrke)
  • 11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor)
  • 12660 HCS+use+clarification (John Moehrke)
  • 13011 The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie)
  • 13013 Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie)
  • 13014 Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie)
  • 13822 S%26P+outlline+when+a+user+includes+query+parameters+they+don%27t+have+access+to++policy+issue (John Moehrke)
  • 13841 Align+AuditEvent+with+Event+pattern (John Moehrke)
  • 13842 Align+Provenance+with+new+Event+pattern (John Moehrke)
  • 14027 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke)
  • 14028 Explain+how+one+might+use+AuditEvent+to+inform+an+Accounting+of+Disclosures (Kathleen Connor)

Minutes

  • John chaired
  • approval of agenda --> Kathleen Connor/Mike Underwood: 2-0-0
  • approval of the HL7 FHIR Security 2017-11-28 Minutes --> Kathleen Connor/Mike Underwood: 2-0-0
  • The following CR were approved
  • 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
  • 14175 Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
  • Discussed more the 11071 valueSet for HCS
  • adjourned 55 minutes