Difference between revisions of "August 07, 2018 Security Conference Call"
(2 intermediate revisions by the same user not shown) | |||
Line 33: | Line 33: | ||
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||
|- | |- | ||
− | || | + | || x|| [mailto:Beth.Pumo@kp.org Beth Pumo] |
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall] | ||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall] | ||
||||.|| [mailto:rikimerrick@gmail.com Riki Merrick] | ||||.|| [mailto:rikimerrick@gmail.com Riki Merrick] | ||
Line 66: | Line 66: | ||
Roll taken, No updates to the agenda | Roll taken, No updates to the agenda | ||
+ | * July 17 - meeting minutes approval motion: (Mike / Suzanne) | ||
+ | ** Objections: none; abstentions: none; approve: Minutes approved: 11 | ||
− | + | * July 31 - meeting minutes approval, motion: (Suzanne / Mike) | |
− | + | ** Objections: none; abstentions: none; approve: 11 | |
− | |||
− | |||
− | July 31 - meeting minutes approval, motion: (Suzanne / Mike) | ||
− | |||
− | |||
− | |||
'''GDPR whitepaper on FHIR update''' | '''GDPR whitepaper on FHIR update''' | ||
− | * | + | * No update |
'''TF4FA Ballot Reconciliation''' | '''TF4FA Ballot Reconciliation''' | ||
Suzanne or Chris to send out ballot reconciliation spreadsheet for review by Security WG attendees | Suzanne or Chris to send out ballot reconciliation spreadsheet for review by Security WG attendees | ||
− | * | + | * Motion made to approve 11-24 block of dispositions (Kathleen / Mike) |
− | Objections: none; Abstentions none, approval 11 | + | ** Objections: none; Abstentions none, approval 11 |
− | * | + | * Please review dispositions 25-41 for next week vote |
− | * | + | * ACTION: Attach ballot reconciliation, attach documents to meeting invite |
* no additional comments/questions | * no additional comments/questions | ||
Line 93: | Line 89: | ||
'''TF4FA Volume 3''' | '''TF4FA Volume 3''' | ||
− | * Dave Silver - | + | * Dave Silver – sharing screen |
− | + | (provenance components) | |
− | + | Volume 3 – Audit Provenance Diagram v0 0.4 pptx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Audit-Provenance%20Diagram%20v0.0.4.pptx | |
+ | Volume 3 – Diagrams v0 0.5 vsdx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Diagrams%20v0.0.5.vsdx | ||
+ | * we have had some further clarification of the components of provenance; we are using the features of the PASS Audit services to implement the provenance using its to implement capabilities of lifecycle events; using | ||
+ | * the needs are to collect the audit, but the audit collection is based upon a community of interest policy. Each of the those might have to be collected and report back to the provenance repository or chain | ||
* focused on | * focused on | ||
− | * conceptual model | + | * conceptual model shown: leveraging audit service (provenance Model) |
− | ** must be | + | ** the application must be configured to record lifecycle events; goes to the audit disposition service, this is now both audit and provenance. And now provisioned for provenance. In process A all the lifecycle events are collected (coded into application) but the dispositions service based on the configuration policy determine which events need to be configured at a certain time. Then goes to delivery service which has multiple outputs; then to the recording service, etc. |
− | + | * action service; recording actions (probably internally) | |
− | * action service | + | * alarm service – Mike wanted to make sure WG understands; there may be provenance events that are such a nature wherein... some occur wherein we send the provenance event and notify participants in that block chain that something has happened. it may be that some information in the chain has been determined to be invalid i.e. we want to notify participants that event should be ignored; i.e. its harmful to patient if accepted, we found that it was wrong and…maybe we have an alarm for that purpose--- doesn't hurt to keep or remove; just imagining scenarios for keeping it in. ; the ability to support alarm for the community of service |
− | * alarm | + | * through the export service, is extracted from the local provenance repository then pushed to the community wide provenance repository which is some kind of legal record trail block chain; there is a provenance analysis service that the individual domain users can request provenance wide information. |
− | * | + | Jim: where is the block chain shown in the model? |
− | + | Mike: staying away from 'block chain' saying / leaning more toward electronic ledger. | |
− | |||
− | staying away from 'block chain' saying / leaning more toward electronic | ||
<<link to volume 3>> Dave Silver sending to Suzanne | <<link to volume 3>> Dave Silver sending to Suzanne | ||
− | + | is there any specific data being recorded? | |
* audit log … using the same machine because they are close | * audit log … using the same machine because they are close | ||
− | ** provenance log collects data that corresponds to lifecycle events that the community interest | + | ** provenance log collects data that corresponds to lifecycle events that the community interest wants to store in their electronic leger (25 events defined, 18 of which are create/up--which is what FHIR is most interested in) |
− | ** configure as on/off - when that event happened it | + | ** configure as on/off - when that event happened it triggers the provenance trail; or audit train (each use the same machine but report different paths); in the case of provenance, it typically, there is an interest that connects it to the e-leger, usually local kept. provenance different wherein you can have local rules 1-5; |
community interests only cares about 2,3,4 | community interests only cares about 2,3,4 | ||
− | + | Jim - how does the actor get recorded? i.e. national provider ID? name | |
− | mike - this is | + | mike - this is conceptual model the provenance record has the agent involved in terms of provenance. we're staying at this level and to specifying conceptual model... just trying to get the big chunks in place |
− | the | + | the activity is associated with that agent. we could have Jim as actor (14706), |
− | + | trying to tie together the conceptual figures | |
Federated Provenance Domain (figure showed) | Federated Provenance Domain (figure showed) | ||
− | * has for all the | + | * has for all the members in the domain, there is a provenance policy (agreed to by the members, implement in the individual means) which is then pushed to the digital leger as they occur. Policy grabs members what to collect and pushed down the left path |
− | * federated user | + | * federated user has their own thing wherein they can request provenance data from the ledger (nothing to do with pushing information there) provenance service returns |
− | ** this is | + | ** this is mechanism to search in the digital leger |
− | ** | + | ** it’s possible in the exchange of information itself that the provenance goes it it...that’s a different process |
− | * | + | * there’s discussion of data moving around (JIM)...with questions 'who recorded this...?' it would somehow say dr. bob at facility: XYZ |
* md | * md | ||
Q Kathleen... 30:00 | Q Kathleen... 30:00 | ||
MikeD if you are interested in the information - you join the domain. | MikeD if you are interested in the information - you join the domain. | ||
− | as a conceptual model I don't want too many use cases to explore. what you're saying is logical. what I would like is to have the | + | as a conceptual model I don't want too many use cases to explore. what you're saying is logical. what I would like is to have the group to present two models... to make sure there is no disagreement with the alarm |
* presenting as we go; | * presenting as we go; | ||
− | Motion: | + | * Motion: That we accept the two diagrams as is (if they are changed then we will review again) (Mike / (no second?) |
− | objections: none ; abstain: none ; approve: diagrams as accepted (11) | + | ** objections: none; abstain: none; approve: diagrams as accepted (11) |
− | ( | + | (Dave Silver to send diagrams as presented to Suzanne), Suzanne to link |
− | |||
− | |||
+ | ‘’Intent is to have a complete set of core illustrations (presented in pieces) saying that the WG has reviewed and approved.’’ | ||
− | ''' | + | '''Privacy Obsolete''' |
* privacy remains a troubled area (no update) | * privacy remains a troubled area (no update) | ||
− | * | + | * May call an end to research, results may be somewhat indeterminate. There isn't a solid definition for privacy (changes from country to country) |
− | * there is greater attention to | + | * In general, there is greater attention to protection of personal information unless govt is collecting |
− | * GDPR is having a big impact, | + | * GDPR is having a big impact, changing environment around the world but still much stays the same |
− | * | + | * Facebook, are seeing new technologies to market you but not with credentials but as a member of a group wherein they don't need to know who you are. It’s a changing landscape |
− | * in the chaos | + | * in the chaos it’s hard to say its bolete, big data and AI have a potential to make privacy obsolete. |
** forced agreement (wherein you can't get in unless you agree to all their terms | ** forced agreement (wherein you can't get in unless you agree to all their terms | ||
''''Baltimore Meeting HL7''' | ''''Baltimore Meeting HL7''' | ||
− | * agenda items being | + | * agenda items being updated |
− | |||
− | |||
− | + | Motion made to adjourn (Mike) meeting adjourned at 1242 PM Arizona time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:43, 7 August 2018 (EDT) |
Latest revision as of 20:45, 28 August 2018
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | . | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
x | Diana Proud-Madruga | x | Francisco Jauregui | . | Joe Lamy | . | Greg Linden | |||
. | Rhonna Clark | . | Grahame Grieve | . | Johnathan Coleman | . | [mailto: Matt Blackman, Sequoia] | |||
. | Mohammed Jafari | x | Jim Kretz | . | Peter Bachman | x | Dave Silver | |||
x | Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | [mailto: Julie Maas] |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of:
- http://wiki.hl7.org/index.php?title=Jul_31,_2018_Security_Conference_Call
- Meeting Minutes (in process) July 17, 2018 Security Call
- (5 min) GDPR whitepaper on FHIR update - Alex, John, Kathleen
- (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
- Meetings: Tuesdays, 11:00 AM Eastern; freeconference.com same as Security call
- TF4FA Ballot Reconciliation (wiki)
- Ballot Reconciliation Sheet_v20180724 for review offline
- Comments 11-24 up for vote
- Comments 25-41 dispositions posted for review (vote next week)
- (10 min) PASS Audit post ballot reconciliation document update - Mike
- (05 min) TF4FA Trust Framework Volume 3 (placeholder) - Mike, Chris
- Is Privacy Obsolete - Mike
- (05 min) Placeholder: HL7 WGM Baltimore planning
Meeting Minutes (DRAFT)
Chair: Chris Shawn
Roll taken, No updates to the agenda
- July 17 - meeting minutes approval motion: (Mike / Suzanne)
- Objections: none; abstentions: none; approve: Minutes approved: 11
- July 31 - meeting minutes approval, motion: (Suzanne / Mike)
- Objections: none; abstentions: none; approve: 11
GDPR whitepaper on FHIR update
- No update
TF4FA Ballot Reconciliation Suzanne or Chris to send out ballot reconciliation spreadsheet for review by Security WG attendees
- Motion made to approve 11-24 block of dispositions (Kathleen / Mike)
- Objections: none; Abstentions none, approval 11
- Please review dispositions 25-41 for next week vote
- ACTION: Attach ballot reconciliation, attach documents to meeting invite
- no additional comments/questions
PASS Audit
- reconciliation completed, need to complete dispositions to the document
- Diana indicated completion of most of the 'easy' comments
- no additional comments/questions
TF4FA Volume 3
- Dave Silver – sharing screen
(provenance components) Volume 3 – Audit Provenance Diagram v0 0.4 pptx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Audit-Provenance%20Diagram%20v0.0.4.pptx Volume 3 – Diagrams v0 0.5 vsdx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Diagrams%20v0.0.5.vsdx
- we have had some further clarification of the components of provenance; we are using the features of the PASS Audit services to implement the provenance using its to implement capabilities of lifecycle events; using
- the needs are to collect the audit, but the audit collection is based upon a community of interest policy. Each of the those might have to be collected and report back to the provenance repository or chain
- focused on
- conceptual model shown: leveraging audit service (provenance Model)
- the application must be configured to record lifecycle events; goes to the audit disposition service, this is now both audit and provenance. And now provisioned for provenance. In process A all the lifecycle events are collected (coded into application) but the dispositions service based on the configuration policy determine which events need to be configured at a certain time. Then goes to delivery service which has multiple outputs; then to the recording service, etc.
- action service; recording actions (probably internally)
- alarm service – Mike wanted to make sure WG understands; there may be provenance events that are such a nature wherein... some occur wherein we send the provenance event and notify participants in that block chain that something has happened. it may be that some information in the chain has been determined to be invalid i.e. we want to notify participants that event should be ignored; i.e. its harmful to patient if accepted, we found that it was wrong and…maybe we have an alarm for that purpose--- doesn't hurt to keep or remove; just imagining scenarios for keeping it in. ; the ability to support alarm for the community of service
- through the export service, is extracted from the local provenance repository then pushed to the community wide provenance repository which is some kind of legal record trail block chain; there is a provenance analysis service that the individual domain users can request provenance wide information.
Jim: where is the block chain shown in the model? Mike: staying away from 'block chain' saying / leaning more toward electronic ledger.
<<link to volume 3>> Dave Silver sending to Suzanne is there any specific data being recorded?
- audit log … using the same machine because they are close
- provenance log collects data that corresponds to lifecycle events that the community interest wants to store in their electronic leger (25 events defined, 18 of which are create/up--which is what FHIR is most interested in)
- configure as on/off - when that event happened it triggers the provenance trail; or audit train (each use the same machine but report different paths); in the case of provenance, it typically, there is an interest that connects it to the e-leger, usually local kept. provenance different wherein you can have local rules 1-5;
community interests only cares about 2,3,4
Jim - how does the actor get recorded? i.e. national provider ID? name mike - this is conceptual model the provenance record has the agent involved in terms of provenance. we're staying at this level and to specifying conceptual model... just trying to get the big chunks in place the activity is associated with that agent. we could have Jim as actor (14706), trying to tie together the conceptual figures
Federated Provenance Domain (figure showed)
- has for all the members in the domain, there is a provenance policy (agreed to by the members, implement in the individual means) which is then pushed to the digital leger as they occur. Policy grabs members what to collect and pushed down the left path
- federated user has their own thing wherein they can request provenance data from the ledger (nothing to do with pushing information there) provenance service returns
- this is mechanism to search in the digital leger
- it’s possible in the exchange of information itself that the provenance goes it it...that’s a different process
- there’s discussion of data moving around (JIM)...with questions 'who recorded this...?' it would somehow say dr. bob at facility: XYZ
- md
Q Kathleen... 30:00 MikeD if you are interested in the information - you join the domain. as a conceptual model I don't want too many use cases to explore. what you're saying is logical. what I would like is to have the group to present two models... to make sure there is no disagreement with the alarm
- presenting as we go;
- Motion: That we accept the two diagrams as is (if they are changed then we will review again) (Mike / (no second?)
- objections: none; abstain: none; approve: diagrams as accepted (11)
(Dave Silver to send diagrams as presented to Suzanne), Suzanne to link
‘’Intent is to have a complete set of core illustrations (presented in pieces) saying that the WG has reviewed and approved.’’
Privacy Obsolete
- privacy remains a troubled area (no update)
- May call an end to research, results may be somewhat indeterminate. There isn't a solid definition for privacy (changes from country to country)
- In general, there is greater attention to protection of personal information unless govt is collecting
- GDPR is having a big impact, changing environment around the world but still much stays the same
- Facebook, are seeing new technologies to market you but not with credentials but as a member of a group wherein they don't need to know who you are. It’s a changing landscape
- in the chaos it’s hard to say its bolete, big data and AI have a potential to make privacy obsolete.
- forced agreement (wherein you can't get in unless you agree to all their terms
'Baltimore Meeting HL7
- agenda items being updated
Motion made to adjourn (Mike) meeting adjourned at 1242 PM Arizona time --Suzannegw (talk) 15:43, 7 August 2018 (EDT)