This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 WGM May 2015 - Paris, France - Security WG - Minutes"
Jump to navigation
Jump to search
Line 57: | Line 57: | ||
* PASS Access Control. Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist. | * PASS Access Control. Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist. | ||
* Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015. | * Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015. | ||
− | ** Under consideration is a Platform Specific Model targeting FHIR resource access management. | + | ** Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand about Argonaut project content is on security at present. Are they leveraging PASS. Clarification from Josh Mandel will be sought. |
+ | *** Under a Platform Specific Model this would require specification of the security token platform? | ||
*** RESTful API already can use/does use PASS. The application in healthcare further includes patient consent and additional context specific attributes. | *** RESTful API already can use/does use PASS. The application in healthcare further includes patient consent and additional context specific attributes. | ||
− | *** For instance, Privacy on FHIR (VA/ONC US specific) demonstrates the use of standard tools to apply to healthcare including PASS; SMART initiative uses PASS; | + | *** For instance, Privacy on FHIR (VA/ONC US specific) demonstrates the use of standard tools to apply to healthcare including PASS; SMART initiative uses PASS; and Argonaut project using it? HEART (OAuth, OpenID Connect, and UMA committees) to come to healthcare to help healthcare - John M engaging with this. |
*** PASS Access control specific to FHIR. This should be constrained further to a specific interaction model (SOAP, V2 messaging, CDA, transactions, etc). | *** PASS Access control specific to FHIR. This should be constrained further to a specific interaction model (SOAP, V2 messaging, CDA, transactions, etc). | ||
** Suggested to also go into normative ballot is the use of FHIR Security/Privacy related Resources as Access Decision Information (ACI) sources for Privacy Enforcement Point (PEP) realizations. | ** Suggested to also go into normative ballot is the use of FHIR Security/Privacy related Resources as Access Decision Information (ACI) sources for Privacy Enforcement Point (PEP) realizations. | ||
* PSS on Approved at TSC 12/05/2015 | * PSS on Approved at TSC 12/05/2015 |
Revision as of 09:44, 13 May 2015
Minutes from Security WG
Tuesday Q1
- Attendee
- John Moehrke - Co-Chair
- Alex Mense - Co-Chair
- Miyohara, Hideyuki
- Jonathan Coleman
- Clay Sebourn - Clay.Sebourn@emc.com
- NOT! Princess Trish Williams - Co-Chair
- Agenda Reviewed HL7 WGM May 2015 - Paris, France - Security WG
- Approved 4/0/0
- Jonathan Coleman - Moved
- Alex - Second
- Minutes
- HL7 Security January 2015 WGM Minutes
- Approved 4/0/0
- Jonathan Coleman - Moved
- Alex - Second
- International Reportout
- ISO - Hideyuki
- Presentation attacked
- IHE - John
- ATNA Query (FHIR AuditEvent, and SYSLOG; Option for SYSLOG Filter)
- Reminder about De-Identification Handbook as implementation guide on ISO Pseudonymization
- ISO - Hideyuki
Tuesday Q2
- Attendee
- John Moehrke - Co-Chair
- Alex Mense - Co-Chair
- Miyohara, Hideyuki
- Jonathan Coleman
- Clay Sebourn - Clay.Sebourn@emc.com
- Trish Williams - Co-Chair
- Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com
- Comelia Felder - comelia.felder@roche.com
- Privacy on FHIR - Jonathan Coleman
- ONC and VA initiative to demonstrate Privacy on FHIR
- Not an effort to create standards or guidance documentation
- Using HCS, SLS, Ontology, DS4P, and consent
- OpenID, OAuth2, UMA
- Data Provenance IG - Jonathan Coleman
- comments resolved awaiting final DSTU soon
- FHIR Ballot triage
Tuesday Q3
- FHIR Ballot triage
Tuesday Q4
lack of quorum, canceled
Wednesday Q2
- Joint with SOA (hosted by SEC)
- PASS Access Control. Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist.
- Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015.
- Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand about Argonaut project content is on security at present. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
- Under a Platform Specific Model this would require specification of the security token platform?
- RESTful API already can use/does use PASS. The application in healthcare further includes patient consent and additional context specific attributes.
- For instance, Privacy on FHIR (VA/ONC US specific) demonstrates the use of standard tools to apply to healthcare including PASS; SMART initiative uses PASS; and Argonaut project using it? HEART (OAuth, OpenID Connect, and UMA committees) to come to healthcare to help healthcare - John M engaging with this.
- PASS Access control specific to FHIR. This should be constrained further to a specific interaction model (SOAP, V2 messaging, CDA, transactions, etc).
- Suggested to also go into normative ballot is the use of FHIR Security/Privacy related Resources as Access Decision Information (ACI) sources for Privacy Enforcement Point (PEP) realizations.
- Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand about Argonaut project content is on security at present. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
- PSS on Approved at TSC 12/05/2015