This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 WGM May 2015 - Paris, France - Security WG - Minutes"

From HL7Wiki
Jump to navigation Jump to search
 
(27 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
Minutes from Security WG
 
Minutes from Security WG
 
= Tuesday Q1 =
 
= Tuesday Q1 =
*Attendee
+
*''' Attendees'''
** John Moehrke - Co-Chair
+
** Chaired by John Moehrke - Co-Chair
 
** Alex Mense - Co-Chair
 
** Alex Mense - Co-Chair
** Miyohara, Hideyuki
+
** Hideyuki Miyohara
 
** Jonathan Coleman
 
** Jonathan Coleman
 
** Clay Sebourn - Clay.Sebourn@emc.com
 
** Clay Sebourn - Clay.Sebourn@emc.com
 
** NOT! Princess Trish Williams - Co-Chair  
 
** NOT! Princess Trish Williams - Co-Chair  
  
 
+
* '''Agenda Reviewed''' [[HL7 WGM May 2015 - Paris, France - Security WG]]
* Agenda Reviewed [[HL7 WGM May 2015 - Paris, France - Security WG]]
 
 
** Approved 4/0/0
 
** Approved 4/0/0
 
** Jonathan Coleman - Moved
 
** Jonathan Coleman - Moved
Line 19: Line 18:
 
** Jonathan Coleman - Moved
 
** Jonathan Coleman - Moved
 
** Alex - Second
 
** Alex - Second
* International Reportout
+
* '''International Reportout'''
 
** ISO - Hideyuki
 
** ISO - Hideyuki
*** Presentation attacked
+
*** [http://www.hl7.org/documentcenter/public/wg/secure/minutes/WG4_Report_to_Plenary_for_San_Francisco_v8.ppt Presentation given]
 
** IHE - John
 
** IHE - John
 
*** ATNA Query (FHIR AuditEvent, and SYSLOG; Option for SYSLOG Filter)
 
*** ATNA Query (FHIR AuditEvent, and SYSLOG; Option for SYSLOG Filter)
Line 28: Line 27:
  
 
= Tuesday Q2 =  
 
= Tuesday Q2 =  
*Attendee
+
* '''Attendees'''
** John Moehrke - Co-Chair
+
** Chaired by John Moehrke - Co-Chair
 
** Alex Mense - Co-Chair
 
** Alex Mense - Co-Chair
** Miyohara, Hideyuki
+
** Hideyuki Miyohara
 
** Jonathan Coleman
 
** Jonathan Coleman
 
** Clay Sebourn - Clay.Sebourn@emc.com
 
** Clay Sebourn - Clay.Sebourn@emc.com
Line 38: Line 37:
 
** Comelia Felder - comelia.felder@roche.com
 
** Comelia Felder - comelia.felder@roche.com
  
* Privacy on FHIR - Jonathan Coleman
+
* '''Privacy on FHIR''' - Jonathan Coleman
 +
** [http://www.hl7.org/documentcenter/public/wg/secure/minutes/HIMSS15_Privacy%20on%20FHIR%20r4.pdf Presentation given]
 
** ONC and VA initiative to demonstrate Privacy on FHIR
 
** ONC and VA initiative to demonstrate Privacy on FHIR
 
** Not an effort to create standards or guidance documentation
 
** Not an effort to create standards or guidance documentation
 
** Using HCS, SLS, Ontology, DS4P, and consent
 
** Using HCS, SLS, Ontology, DS4P, and consent
 
** OpenID, OAuth2, UMA
 
** OpenID, OAuth2, UMA
* Data Provenance IG - Jonathan Coleman
+
* '''Data Provenance IG''' - Jonathan Coleman
 
** comments resolved awaiting final DSTU soon
 
** comments resolved awaiting final DSTU soon
* FHIR Ballot triage
+
* '''FHIR Ballot triage'''
  
 
= Tuesday Q3 =
 
= Tuesday Q3 =
* FHIR Ballot triage
+
* '''FHIR Ballot triage''' continued
  
 
=Tuesday Q4 =
 
=Tuesday Q4 =
Line 55: Line 55:
 
=Wednesday Q2 =
 
=Wednesday Q2 =
 
* Joint with SOA (hosted by SEC)
 
* Joint with SOA (hosted by SEC)
* PASS Access Control. Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist.  
+
 
 +
* '''Attendees'''
 +
** Chaired by Trish Williams - Co-Chair,
 +
** John Moehrke - Co-Chair,
 +
** Alex Mense - Co-Chair,
 +
** Hideyuki Miyohara,
 +
** Clay Sebourn - Clay.Sebourn@emc.com,
 +
** Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com,
 +
** Vince McCauley (SOA Co-chair),
 +
** Stefano Lotti (SOA Co-Chair),
 +
** Zachary Huynh,
 +
 
 +
* '''PASS Access Control.'''
 +
** Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist.  
 
*  Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015.
 
*  Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015.
 
** Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.  
 
** Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.  
Line 65: Line 78:
 
* Security will find lead (from those working on the problem). The project will not be created until the people are found.   
 
* Security will find lead (from those working on the problem). The project will not be created until the people are found.   
  
* PSS on Approved at TSC 12/05/2015
+
* '''PSS on Approved''' at TSC 12/05/2015
 
** Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe'].
 
** Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe'].
  
Attendees:
+
=Wednesday Q3 =
Trish Williams - Co-Chair,  
+
* Attendees
John Moehrke - Co-Chair,
+
** Chaired by John Moehrke - Co-Chair,  
Alex Mense - Co-Chair,
+
** Trish Williams - Co-Chair
Miyohara, Hideyuki,
+
** Alex Mense - Co-Chair
Clay Sebourn - Clay.Sebourn@emc.com,
+
** Miyohara, Hideyuki
Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com,
+
** Clay Sebourn
Vince McCauley (SOA),
+
** Kevin Shekleton
Stefano Lotti (SOA),
+
** Grahame Grieve
Zachary Huynh,
+
** Jonathon Coleman
 +
** Josh Mandel
 +
** David Hay
 +
** Peter Bernhardt
 +
** Corey Spears
 +
** Michael Donnelly
 +
** Simone Heckmann
  
=Wednesday Q3 =
 
Ballot comments related to FHIR
 
  
Josh Mandel presented on Argonaut and SMART on FHIR
+
'''Ballot reconciliation related to FHIR
* Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications  - in particular for FHIR. Security protocols associated with these?   
+
'''
* SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/
 
  
Attendees: Trish Williams - Co-Chair, John Moehrke - Co-Chair, Alex Mense - Co-Chair, Miyohara, Hideyuki, Clay Sebourn, Kevin Shekleton, Grahame Grieve, Jonathon Coleman, Josh Mandel, David Hay, Peter Bernhardt, Corey Spoors, Michael Donnelly, Simone Heckmann.
+
*'''Josh Mandel presented on Argonaut and SMART on FHIR'''
 +
** Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications  - in particular for FHIR. Security protocols associated with these?   
 +
** SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/
  
 
=Wednesday Q4 =
 
=Wednesday Q4 =
* Ballot comments related to FHIR (continued)
+
* '''Attendees'''
 +
** Chaired by Trish Williams - Co-Chair
 +
** John Moehrke - Co-Chair
 +
** Alex Mense - Co-Chair
 +
** Hideyuki Miyohara
 +
** Clay Sebourn
 +
** Jonathon Coleman
 +
** Ken Salyards
 +
** Frederic Laroche
 +
** Lloyd McKenzie
 +
** Grahame Grieve
 +
** Paul Knapp
 +
** Michelle Miller
 +
** Guillaum Rossiana
 +
** Benoit Schoeffler
 +
** Corey Spears
 +
 +
* '''Ballot reconciliation related to FHIR (continued)'''
  
* Separation of consent from contract in FHIR was discussed at length to obtain clarity around how this will work.
+
* '''Discussion on separation of consent from contract in FHIR''' to obtain clarity around how this will work.
* CBCC has asked that consent is handled carefully and in different resources, as they have very different meanings in use: Consent to treat, advanced care directives, and consent to disclose (share).
+
* CBCC has asked that consent is handled carefully and in different resources, as they have very different meanings in use: Consent to treat, advanced care directives, and consent to disclose (share).
 +
** '''Disposition was voted on and approved'''.
 +
 
 +
=Thursday Q1 =
 +
* '''Attendees''':
 +
** Chaired by John Moehrke
 +
** Trish Williams - Co-Chair
 +
** Alex Mense - Co-Chair
 +
** Hideyuki Miyohara
 +
** Clay Sebourn
 +
** David Hay
 +
** Michael Donnelly
 +
** Kevin Shekleton
 +
** Grahame Grieve
 +
** Comelia Felder
 +
** Paul Lomayesva
 +
** Sadamu Takasaka
 +
** Masaaki Hirai
 +
** Peter Bernhardt.
  
 +
* '''Ballot comments related to FHIR (continued).'''
  
Attendees: Trish Williams - Co-Chair, John Moehrke - Co-Chair, Alex Mense - Co-Chair, Miyohara, Hideyuki, Clay Sebourn, Jonathon Coleman, Ken Salyards, Frederic Laroche, and Lloyd McKenzie. Additionally, (for last 1/2 hour) Grahame Grieve, Paul Knapp, Michelle Miller, Guillaum Rossiana, Benoit Schoeffler, Corey Spears.
+
* '''WG Administration and Health'''
 +
** Attendees: Trish Williams, Alex Mense, John Moehrke, Hideyuki Miyohara
 +
** WG Health in yellow with 4 outstanding items: M&C <2 yrs, SWOT < 3 yrs, Harmonisation participation, and 2014 TSC election.   
 +
*** Revised Mission and Charter (M&C). Proposal to accept Hideyuki Miyohara, seconded by Alex Mense. Approved 3/0/0
 +
*** Revised SWOT. Proposal to accept by Alex Mense, seconded by Trish Williams. Approved 3/0/0
 +
*** Harmonisation participation previously misnoted by call of Kathleen's attendance for SEC. Need to ensure at next meeting we email to give comments//no comment.
 +
*** TSC election: We have been penalized all year for this. Next election in June-Aug - Co-chairs to ensure we cover and vote. TSC agreed to go to e-voting this next session.
 +
*** Trish to manage notification to and approvals by HL7. M&C sent to FTSD 14/05/2015. SWOT sent to Anne Wizauer (HL7).
 +
*** Weekly teleconference calls reconfirmed
 +
*** Trish booked rooms for Oct WGM in Atlanta. Invited FHIR Wed Q3 and Thurs Q1. Accepted invites from CBCC for Mon Q3 & Q4.

Latest revision as of 01:34, 8 June 2015

Minutes from Security WG

Tuesday Q1

  • Attendees
    • Chaired by John Moehrke - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Jonathan Coleman
    • Clay Sebourn - Clay.Sebourn@emc.com
    • NOT! Princess Trish Williams - Co-Chair

Tuesday Q2

  • Attendees
    • Chaired by John Moehrke - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Jonathan Coleman
    • Clay Sebourn - Clay.Sebourn@emc.com
    • Trish Williams - Co-Chair
    • Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com
    • Comelia Felder - comelia.felder@roche.com
  • Privacy on FHIR - Jonathan Coleman
    • Presentation given
    • ONC and VA initiative to demonstrate Privacy on FHIR
    • Not an effort to create standards or guidance documentation
    • Using HCS, SLS, Ontology, DS4P, and consent
    • OpenID, OAuth2, UMA
  • Data Provenance IG - Jonathan Coleman
    • comments resolved awaiting final DSTU soon
  • FHIR Ballot triage

Tuesday Q3

  • FHIR Ballot triage continued

Tuesday Q4

lack of quorum, canceled

Wednesday Q2

  • Joint with SOA (hosted by SEC)
  • Attendees
    • Chaired by Trish Williams - Co-Chair,
    • John Moehrke - Co-Chair,
    • Alex Mense - Co-Chair,
    • Hideyuki Miyohara,
    • Clay Sebourn - Clay.Sebourn@emc.com,
    • Jeff Ting - Jeffery.Ting@SystemsMadeSimple.com,
    • Vince McCauley (SOA Co-chair),
    • Stefano Lotti (SOA Co-Chair),
    • Zachary Huynh,
  • PASS Access Control.
    • Addresses the information and capabilities required to provide Access Control service to protect resources in a distributed healthcare environment, where interoperability requirements exist.
  • Current status of PASS is DSTU (but out of date) it will go forward to Normative Ballot Sept 2015.
    • Under consideration is a Platform Specific Model targeting FHIR resource access management. SEC should take the lead, and get a project lead for this. Need to understand the Argonaut project content on security. Are they leveraging PASS. Clarification from Josh Mandel will be sought.
      • Under a Platform Specific Model this would require specification of the security token platform?
      • RESTful API already can use/does use PASS. The application in healthcare further includes patient consent and additional context specific attributes.
      • For instance, Privacy on FHIR (VA/ONC US specific) demonstrates the use of standard tools to apply to healthcare including PASS; SMART initiative uses PASS; and Argonaut project using it? HEART (OAuth, OpenID Connect, and UMA committees) to come to healthcare to help healthcare - John M engaging with this.
      • PASS Access control specific to FHIR. This should be constrained further to a specific interaction model (SOAP, V2 messaging, CDA, transactions, etc).
    • Suggested to also go into normative ballot is the use of FHIR Security/Privacy related Resources as Access Decision Information (ACI) sources for Privacy Enforcement Point (PEP) realizations. This is a clarifier of the Platform Specific Model(discussed above)
  • Security will find lead (from those working on the problem). The project will not be created until the people are found.
  • PSS on Approved at TSC 12/05/2015
    • Project Summary for HL7 Privacy and Security Architecture Framework [PSAF aka 'Privacy Safe'].

Wednesday Q3

  • Attendees
    • Chaired by John Moehrke - Co-Chair,
    • Trish Williams - Co-Chair
    • Alex Mense - Co-Chair
    • Miyohara, Hideyuki
    • Clay Sebourn
    • Kevin Shekleton
    • Grahame Grieve
    • Jonathon Coleman
    • Josh Mandel
    • David Hay
    • Peter Bernhardt
    • Corey Spears
    • Michael Donnelly
    • Simone Heckmann


Ballot reconciliation related to FHIR

  • Josh Mandel presented on Argonaut and SMART on FHIR
    • Argonaut is a collaboration between EHR and clinical care providers, to develop open specifications - in particular for FHIR. Security protocols associated with these?
    • SMART on FHIR (Boston's Children's Hospital) on FHIR project is looking at single sign on using mobile and web apps using OAuth2 and OpenIDConnect. http://smarthealthit.org/ and http://docs.smarthealthit.org/

Wednesday Q4

  • Attendees
    • Chaired by Trish Williams - Co-Chair
    • John Moehrke - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Clay Sebourn
    • Jonathon Coleman
    • Ken Salyards
    • Frederic Laroche
    • Lloyd McKenzie
    • Grahame Grieve
    • Paul Knapp
    • Michelle Miller
    • Guillaum Rossiana
    • Benoit Schoeffler
    • Corey Spears
  • Ballot reconciliation related to FHIR (continued)
  • Discussion on separation of consent from contract in FHIR to obtain clarity around how this will work.
  • CBCC has asked that consent is handled carefully and in different resources, as they have very different meanings in use: Consent to treat, advanced care directives, and consent to disclose (share).
    • Disposition was voted on and approved.

Thursday Q1

  • Attendees:
    • Chaired by John Moehrke
    • Trish Williams - Co-Chair
    • Alex Mense - Co-Chair
    • Hideyuki Miyohara
    • Clay Sebourn
    • David Hay
    • Michael Donnelly
    • Kevin Shekleton
    • Grahame Grieve
    • Comelia Felder
    • Paul Lomayesva
    • Sadamu Takasaka
    • Masaaki Hirai
    • Peter Bernhardt.
  • Ballot comments related to FHIR (continued).
  • WG Administration and Health
    • Attendees: Trish Williams, Alex Mense, John Moehrke, Hideyuki Miyohara
    • WG Health in yellow with 4 outstanding items: M&C <2 yrs, SWOT < 3 yrs, Harmonisation participation, and 2014 TSC election.
      • Revised Mission and Charter (M&C). Proposal to accept Hideyuki Miyohara, seconded by Alex Mense. Approved 3/0/0
      • Revised SWOT. Proposal to accept by Alex Mense, seconded by Trish Williams. Approved 3/0/0
      • Harmonisation participation previously misnoted by call of Kathleen's attendance for SEC. Need to ensure at next meeting we email to give comments//no comment.
      • TSC election: We have been penalized all year for this. Next election in June-Aug - Co-chairs to ensure we cover and vote. TSC agreed to go to e-voting this next session.
      • Trish to manage notification to and approvals by HL7. M&C sent to FTSD 14/05/2015. SWOT sent to Anne Wizauer (HL7).
      • Weekly teleconference calls reconfirmed
      • Trish booked rooms for Oct WGM in Atlanta. Invited FHIR Wed Q3 and Thurs Q1. Accepted invites from CBCC for Mon Q3 & Q4.
Retrieved from "https://wiki.hl7.org/w/index.php?title=HL7_WGM_May_2015_-_Paris,_France_-_Security_WG_-_Minutes&oldid=100844"