This wiki has undergone a migration to Confluence found Here
Difference between revisions of "April 10, 2018 Security Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
| Line 15: | Line 15: | ||
||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb] | ||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb] | ||
||||x|| [mailto:mike.davis@va.gov Mike Davis] | ||||x|| [mailto:mike.davis@va.gov Mike Davis] | ||
| − | |||| | + | ||||x|| [mailto:david.staggs@bookzurman.com David Staggs] |
|- | |- | ||
| − | || | + | || x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga] |
||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui] | ||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui] | ||
||||x|| [mailto:joe.lamy@aegis.net Joe Lamy] | ||||x|| [mailto:joe.lamy@aegis.net Joe Lamy] | ||
| Line 29: | Line 29: | ||
|- | |- | ||
|| .|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | || .|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | ||
| − | |||| | + | ||||x|| [mailto:jim.kretz@samhsa.gov Jim Kretz] |
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson] | ||
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||
|- | |- | ||
| − | || | + | || .|| [mailto:Beth.Pumo@kp.org Beth Pumo] |
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall] | ||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall] | ||
||||.|| [mailto:rikimerrick@gmail.com Riki Merrick] | ||||.|| [mailto:rikimerrick@gmail.com Riki Merrick] | ||
| Line 57: | Line 57: | ||
Chris Shawn, chair | Chris Shawn, chair | ||
Roll Call, Agenda Review, Meeting Minutes approval | Roll Call, Agenda Review, Meeting Minutes approval | ||
| + | |||
| + | http://wiki.hl7.org/index.php?title=April_10,_2018_Security_Conference_Call Meeting Minutes Approval (Kathleen/Johnathan) | ||
| + | Opposed: none; Abstentions: none; Approved: 12 | ||
| + | |||
| + | TF4FA Ballot - Mike | ||
| + | * time to vote, we're hoping things to go well | ||
| + | * Ballot is Normative | ||
| + | * Intend to contue with the PSAF charter (also mentioned on CBCP); have started work on Audit volume 3 | ||
| + | ** Volume 3 will have elements of life cycle eents and Audit and Provenance | ||
| + | ** A&P are related, the work with did with EHR - Provenance of things an dlifecycle events and audit | ||
| + | ** first thought is to look into block chain technology--signed ledger idea behind that---trust history; we'e already brough up a little of this...we will not get too detailed in it | ||
| + | ** we have idea of by September by then t ballot in January - depending on how the current two volumes go with Normative | ||
| + | |||
| + | FHIR Security update _JohnM | ||
| + | * we are working through the ONC API and seucirty | ||
| + | ** next item was input validation, agreed to add as an item as a high level punch list on security spec | ||
| + | ** discussion on litmus test to help determine something that rises to the level that we should say something otherwise we will duplicate the exisiting security works--which is not desired | ||
| + | ** is it input validation? | ||
| + | ** we didnt' come up with a good litmus test--but we will add... one for now... when is it something specific to securing FHIR vs we should have some recommendation to use a seucrit framework and have a list of some security frameworks--we haven't yet touched upon (it will have to be a topic)... | ||
| + | **continuing to work through the ONC paper | ||
| + | * new time is better meeting time 2PM ET (right before this meeting) | ||
| + | |||
| + | Cologne Agenda - Kathleen | ||
| + | (DRAFT) | ||
| + | * picking up on themes discussed | ||
| + | * opening Security WG | ||
| + | <<add link>> | ||
| + | * Update on ballot | ||
Revision as of 19:15, 10 April 2018
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| x | Diana Proud-Madruga | x | Francisco Jauregui | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | x | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| . | Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | Theresa Connor | |||
| . | Mohammed Jafari | . | Ioana Singureanu | . | Peter Bachman | x | [mailto: Matt Blackman, Sequoia] |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of April 3rd minutes
- (5 min) TF4FA Normative Ballot - time to vote - Mike
- (15 min) FHIR Security Updates - John
- (15 min) Security Cologne May WGM Agenda - Kathleen
Meeting Minutes DRAFT
Chris Shawn, chair Roll Call, Agenda Review, Meeting Minutes approval
http://wiki.hl7.org/index.php?title=April_10,_2018_Security_Conference_Call Meeting Minutes Approval (Kathleen/Johnathan) Opposed: none; Abstentions: none; Approved: 12
TF4FA Ballot - Mike
- time to vote, we're hoping things to go well
- Ballot is Normative
- Intend to contue with the PSAF charter (also mentioned on CBCP); have started work on Audit volume 3
- Volume 3 will have elements of life cycle eents and Audit and Provenance
- A&P are related, the work with did with EHR - Provenance of things an dlifecycle events and audit
- first thought is to look into block chain technology--signed ledger idea behind that---trust history; we'e already brough up a little of this...we will not get too detailed in it
- we have idea of by September by then t ballot in January - depending on how the current two volumes go with Normative
FHIR Security update _JohnM
- we are working through the ONC API and seucirty
- next item was input validation, agreed to add as an item as a high level punch list on security spec
- discussion on litmus test to help determine something that rises to the level that we should say something otherwise we will duplicate the exisiting security works--which is not desired
- is it input validation?
- we didnt' come up with a good litmus test--but we will add... one for now... when is it something specific to securing FHIR vs we should have some recommendation to use a seucrit framework and have a list of some security frameworks--we haven't yet touched upon (it will have to be a topic)...
- continuing to work through the ONC paper
- new time is better meeting time 2PM ET (right before this meeting)
Cologne Agenda - Kathleen (DRAFT)
- picking up on themes discussed
- opening Security WG
<<add link>>
- Update on ballot
