This wiki has undergone a migration to Confluence found Here
Difference between revisions of "December 19, 2017 Security Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
| Line 45: | Line 45: | ||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
| − | == | + | ==Minutes== |
| − | + | *Alex Mense chaired. | |
| − | + | *Agenda informally approved. | |
| − | + | *Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0 | |
| − | + | *RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary. | |
| − | + | *RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content. | |
| − | + | *RE: '''PSAF call report out''' - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM | |
| − | + | *RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates related to breach and court cases. | |
| + | *Security WG calls cancelled until January 9, 2018 | ||
| + | *RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled. | ||
==Minutes== | ==Minutes== | ||
Revision as of 23:03, 19 December 2017
Contents
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| x | Mohammed Jafari | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | x | [1] | x | Dave Silver | |||
| . | Oliver Lawless | . | Lisa Nelson | . | David Tao | . | Nathan Botts |
Minutes
- Alex Mense chaired.
- Agenda informally approved.
- Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
- RE: Security and Privacy DAM update review Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
- RE: Consumer Centered Data Exchange Connectathon scenario update - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
- RE: PSAF call report out - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM
- RE: Updates to Is Privacy Obsolete? Study Group wiki page - Mike reported updates related to breach and court cases.
- Security WG calls cancelled until January 9, 2018
- RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled.
Minutes
- Alex Mense chaired.
- Agenda informally approved.
- Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
- RE: Security and Privacy DAM update review Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
- RE: Consumer Centered Data Exchange Connectathon scenario update - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
- RE: PSAF call report out - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM
- RE: Updates to Is Privacy Obsolete? Study Group wiki page - Mike reported updates related to breach and court cases.
- RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled.
