This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2017-12-05"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) (Created page with "==Call Logistics== Weekly: '''Tuesday at 05:00 EST''' (2 PM PST) Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: secur...") |
JohnMoehrke (talk | contribs) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 24: | Line 24: | ||
|| .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead | || .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead | ||
||||.||[mailto:gfm@securityrs.com Glen Marshal] | ||||.||[mailto:gfm@securityrs.com Glen Marshal] | ||
| − | |||| | + | ||||.||[mailto:joe.lamy@aegis.net Joe Lamy] AEGIS |
|- | |- | ||
|| .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | || .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] | ||
| Line 31: | Line 31: | ||
|- | |- | ||
|| .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly] | || .||[mailto:irina.connelly@gtri.gatech.edu Irina Connelly] | ||
| − | ||||.|| | + | ||||.||[mailto:Mario.hyland@aegis.net Mario Hyland ] AEGIS |
| − | |||| | + | ||||x||[mailto:mark.underwood@kryptonbrothers.com Mark Underwood] NIST |
|- | |- | ||
|} | |} | ||
| Line 41: | Line 41: | ||
* approval of the [[HL7 FHIR Security 2017-11-28]] Minutes | * approval of the [[HL7 FHIR Security 2017-11-28]] Minutes | ||
* All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967 | * All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967 | ||
| − | * Given deadline for Dec-Jan informative ballot deadline for | + | * Given deadline for Dec-Jan informative ballot deadline for substantive changes |
| − | ** Review and approve [ | + | ** Review and approve these that would affect structure |
| − | ** | + | *** [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod |
| − | ** Possibly [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071&start=0 11071] valueSet for HCS | + | *** [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175 14175] Signature datatype should support signature blobs per FHIR mime-type (John Moehrke) |
| + | *** Possibly [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071&start=0 11071] valueSet for HCS | ||
| + | |||
| + | Other business: | ||
* Is our current break-glass a proper thing for us to have said? Specifically it says that the indication of broken-glass is to place a tag into the http header | * Is our current break-glass a proper thing for us to have said? Specifically it says that the indication of broken-glass is to place a tag into the http header | ||
** See http://build.fhir.org/security-labels.html#break-the-glass | ** See http://build.fhir.org/security-labels.html#break-the-glass | ||
| Line 73: | Line 76: | ||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13571 13571] AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Not Persuasive | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13571 13571] AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Not Persuasive | ||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod | ||
| + | * [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175 14175] Signature datatype should support signature blobs per FHIR mime-type (John Moehrke) | ||
| + | * [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14193&start=0 14193] signature description | ||
=== Current backlog === | === Current backlog === | ||
| Line 91: | Line 96: | ||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14027 14027] enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke) | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14027 14027] enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke) | ||
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14028 14028] Explain+how+one+might+use+AuditEvent+to+inform+an+Accounting+of+Disclosures (Kathleen Connor) | *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14028 14028] Explain+how+one+might+use+AuditEvent+to+inform+an+Accounting+of+Disclosures (Kathleen Connor) | ||
| − | |||
=Minutes= | =Minutes= | ||
* John chaired | * John chaired | ||
| + | * approval of agenda --> Kathleen Connor/Mike Underwood: 2-0-0 | ||
| + | * approval of the [[HL7 FHIR Security 2017-11-28]] Minutes --> Kathleen Connor/Mike Underwood: 2-0-0 | ||
| + | * The following CR were approved | ||
| + | * [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=13570 13570] Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod | ||
| + | * [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=14175 14175] Signature datatype should support signature blobs per FHIR mime-type (John Moehrke) | ||
| + | * Discussed more the [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=11071&start=0 11071] valueSet for HCS | ||
| + | * adjourned 55 minutes | ||
Latest revision as of 22:15, 6 December 2017
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Phone: +1 515-604-9567, Participant Code: 880898 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
| Member Name | Member Name | Member Name | ||||||
|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | . | Alexander Mense Security Co-chair | |||
| . | Suzanne Gonzales-Webb CBCC Co-Chair | . | Johnathan Coleman CBCC Co-Chair | . | Mike Davis | |||
| . | Reed Gelzer RM-ES Lead | . | Glen Marshal | . | Joe Lamy AEGIS | |||
| . | Diana Proud-Madruga | . | Rob Horn | . | Beth Pumo | |||
| . | Irina Connelly | . | Mario Hyland AEGIS | x | Mark Underwood NIST |
Agenda
- Roll;
- approval of agenda
- approval of the HL7 FHIR Security 2017-11-28 Minutes
- All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
- Given deadline for Dec-Jan informative ballot deadline for substantive changes
- Review and approve these that would affect structure
Other business:
- Is our current break-glass a proper thing for us to have said? Specifically it says that the indication of broken-glass is to place a tag into the http header
- See http://build.fhir.org/security-labels.html#break-the-glass
- Note that it also defines an example magic URI (Rather than using ETREAT)
- Word is there is ONC interest in Provenance use at connectathon
- Can we provide a Provenance pattern that would be added by a FHIR Server that has done a validation against StructureDefinitions and added tags of compliance to Resources?
- Discussion on chat around PurposeOfUse and how it should be conveyed. https://chat.fhir.org/#narrow/stream/implementers/topic/GDPR.20PurposeOfUse
- Plan resolution of CR (see below)
- SMART engagement
- reminder that we plan to ballot the SMART on FHIR App Launch Protocol in the upcoming cycle (voting in August, with reconciliation to begin at the September WGm). The content we intend to ballot has been prepared (and is being refined) at https://github.com/smart-on-fhir/smart-on-fhir.github.io/tree/into-hl7 and our list of open issues during this refinement period is at https://github.com/smart-on-fhir/smart-on-fhir.github.io/issues (Josh).
- Setting up Test Plans for Security / Privacy topic
- Connectathon scenario -- Pattern that shows how Provenance, AuditEvent, Consent, security-labels, and other can be overlaid on <any> other connectathon scenario
- TestScript resource based tests
- AuditEvent tests for well understood audit log
- Provenance tests for well understood provenance use
- Test bench?
- some automated environment that people can use to test their: ( a ) client, ( b ) server, or other? Can this be done?
- Discussed Event Pattern
- 13841 Align+AuditEvent+with+Event+pattern (John Moehrke)
- 13842 Align+Provenance+with+new+Event+pattern (John Moehrke)
- event.performer vs .agent
- Seems performer is an acceptable element name. Do need to keep description we have as it is specialized for Provenance and AuditEvent
- Action: John to apply event pattern and get error report from Lloyd
- New business?
Future Block
- 12941 Security+Role+vocabulary+should+include+ISO+21298 (John Moehrke) Persuasive
- 13571 AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Not Persuasive
- 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
- 14175 Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
- 14193 signature description
Current backlog
- 9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke)
- 10343 Three+additional+Signature.type+codes (Kathleen Connor)
- 10580 How+should+test+data+be+identified%3F (John Moehrke)
- 12462 Security%2FPrivacy+Module+page+should+explain+W5+realty+that+provenance+elements+in+other+resources+vs+use+of+Provenance+as+a+resource (John Moehrke)
- 12463 explain+relationship+between+Provenance+and+AuditEvent.+ (John Moehrke)
- 10579 New+Security+and+Privacy+%22Module%22+page+needs+content (John Moehrke)
- 11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor)
- 12660 HCS+use+clarification (John Moehrke)
- 13011 The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie)
- 13013 Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie)
- 13014 Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie)
- 13822 S%26P+outlline+when+a+user+includes+query+parameters+they+don%27t+have+access+to++policy+issue (John Moehrke)
- 13841 Align+AuditEvent+with+Event+pattern (John Moehrke)
- 13842 Align+Provenance+with+new+Event+pattern (John Moehrke)
- 14027 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke)
- 14028 Explain+how+one+might+use+AuditEvent+to+inform+an+Accounting+of+Disclosures (Kathleen Connor)
Minutes
- John chaired
- approval of agenda --> Kathleen Connor/Mike Underwood: 2-0-0
- approval of the HL7 FHIR Security 2017-11-28 Minutes --> Kathleen Connor/Mike Underwood: 2-0-0
- The following CR were approved
- 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive with Mod
- 14175 Signature datatype should support signature blobs per FHIR mime-type (John Moehrke)
- Discussed more the 11071 valueSet for HCS
- adjourned 55 minutes
