Difference between revisions of "HL7 FHIR Security 2016-3-8"

Latest revision as of 01:32, 9 March 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

	Member Name		Member Name		Member Name
x	John Moehrke Security Co-Chair	x	Kathleen Connor Security Co-Chair	.	Suzanne Gonzales-Webb CBCC Co-Chair
.	Gary Dickinson EHR Co-Chair	.	Johnathan ColemanCBCC Co-Chair	.	Mike Davis
.	Reed Gelzer RM-ES Lead	.	Glen Marshal	.	Galen Mulrooney
.	Dave Silver	x	Rob Horn	x	Judy Fincher
.	Diana Proud-Madruga	.	Beth Pumo	.	Oliver Lawles

Agenda

Roll; approval of agenda and March 1, 2016 minutes
Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.

CPs for Review
- Security CP 9563Add onBehalfOf to Signature datatype - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer.
- Security PC 9407 Align AuditEvent and Provenance action/activity element definition Continue work on activity definitions.
Next set of discussion
- 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod
- 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
- 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
- 9150 Provenance TODO section cleanup (John Moehrke) None
- 9151 AuditEvent has TODO section to be removed (John Moehrke) None
- 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
- 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
- 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
- 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None

Minutes

John chaired.
Unanimous approval of agenda and minutes.
Discussed John"s blog article from the email discussion on Provenance vs Audit http://healthcaresecprivacy.blogspot.com/2016/03/provenance-vs-audit-it-is-not.html. Questions about which agent is generating a CREATE/UPDATE, since that's not the view of the user agent about the activity performed led to the conclusion that we need at least two interaction diagrams to shows:
- Provenance Interactions
  - Generation of a Provenance Resource recording the user agent activity that caused the Provenance.target
  - Possible linking of the user's Provenance Resource to a Resource that the user POSTS/PUTS on or TRANSFERS to a FHIR Server and possible persistence by the Server.
  - Generation of a Provenance Resource recording the Server's CREATE/UPDATE
- AuditEvent Interactions
  - Generation of AuditEvent Resource recording the actions on the system triggered by the user agent and facilitating agent activities [e.g., user authenticating, system handshakes required for transfers, etc.]
  - Generation of AuditEvent Resource recording the actions by the Server.

John will make draft for discussion on next call.

RE: Security CP 9563Add onBehalfOf to Signature datatype
- “onBehalfOf" definition of " = Agent who delegated signing or did not have the legal standing to sign for themselves (such as a child) e.g., a party to a contract, consent directive, witness, attester, etc.
- Add "onBehalfOfReference" definition: The delegator for which the “who” Reference, e.g., a Device, signed on behalf of. The delegator can only be a Referenced Resource type in the context in which the signature is used. E.g., in a contract, where a signing party must have legal standing, by limiting Referenced resources to Organizational or Person like Resources, may be enough of a constraint to prevent a device being the delegator to another device and thereby a signer which must have legal standing.
- NOTE that W3C PROV Namespace has a description for "actedOnBehalfOf" = "Delegation is the assignment of authority and responsibility to an agent (by itself or by another agent) to carry out a specific activity as a delegate or representative, while the agent it acts on behalf of retains some responsibility for the outcome of the delegated work.
Alternative approaches were discussed, including using XADES delegation and countersigning capabilities.
Rob suggested using the UCC term "personal representative" vs the W3C PROV term "onBehalfOf".
Homework: To review XADES and HL7 Digital Signature CDA IG for alternative approaches, and to consider alternatives to "onBehalfOf" as well as a definition that covers more than the delegation use case.
Deferred discussion of Security CP 9407 - aligned AuditEvent.activity and Provenance.activity.

@@ Line 29: / Line 29: @@
 |-
 ||  .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
-||||x||[mailto:gfm@securityrs.com Glen Marshal]
+||||.||[mailto:gfm@securityrs.com Glen Marshal]
 ||||.||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 |-
@@ Line 36: / Line 36: @@
 ||||x||[mailto:Judith.Fincher@va.gov Judy Fincher]
 |-
-||  x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
+||  .|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 ||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
-||||x||[mailto:oliver@lawless.co Oliver Lawles]
+||||.||[mailto:oliver@lawless.co Oliver Lawles]
 |-
 |}
@@ Line 44: / Line 44: @@
 ==Agenda==
 *Roll; approval of agenda and [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-3-1 March 1, 2016 minutes]
+* Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
+*CPs for Review
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563  Security CP 9563Add onBehalfOf to Signature datatype] - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer.
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security PC 9407 Align AuditEvent and Provenance action/activity element definition] Continue work on activity definitions.
+* Next set of discussion
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9417 9417] Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7568 7568] 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 9407] Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9150 9150] Provenance TODO section cleanup (John Moehrke) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9151 9151] AuditEvent has TODO section to be removed (John Moehrke) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9166 9166] Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9167 9167] AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 9176] Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype (Kathleen Connor) None
+**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
+==Minutes==
+*John chaired.
+*Unanimous approval of agenda and minutes.
+* Discussed John"s blog article from the email discussion on Provenance vs Audit http://healthcaresecprivacy.blogspot.com/2016/03/provenance-vs-audit-it-is-not.html.  Questions about which agent is generating a CREATE/UPDATE, since that's not the view of the user agent about the activity performed led to the conclusion that we need at least two interaction diagrams to shows:
+**Provenance Interactions
+***Generation of a Provenance Resource recording the user agent activity that caused the Provenance.target
+***Possible linking of the user's Provenance Resource to a Resource that the user POSTS/PUTS on or TRANSFERS to a FHIR Server and possible persistence by the Server.
+***Generation of a Provenance Resource recording the Server's CREATE/UPDATE
+**AuditEvent Interactions
+***Generation of AuditEvent Resource recording the actions on the system triggered by the user agent and facilitating agent activities [e.g., user authenticating, system handshakes required for transfers, etc.]
+***Generation of AuditEvent Resource recording the actions by the Server.
+John will make draft for discussion on next call.
+*RE: [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563  Security CP 9563Add onBehalfOf to Signature datatype]
+**“onBehalfOf" definition of " = Agent who delegated signing or did not have the legal standing to sign for themselves (such as a child) e.g., a party to a contract, consent directive, witness, attester, etc.
+**Add "onBehalfOfReference" definition: The delegator for which the “who” Reference, e.g., a Device, signed on behalf of.  The delegator can only be a Referenced Resource type in the context in which the signature is used.  E.g., in a contract, where a signing party must have legal standing, by limiting Referenced resources to Organizational or Person like Resources, may be enough of a constraint to prevent a device being the delegator to another device and thereby a signer which must have legal standing.
+**NOTE that [http://www.w3.org/ns/prov/ W3C PROV Namespace] has a description for "actedOnBehalfOf" = "Delegation is the assignment of authority and responsibility to an agent (by itself or by another agent) to carry out a specific activity as a delegate or representative, while the agent it acts on behalf of retains some responsibility for the outcome of the delegated work.
+*Alternative approaches were discussed, including using XADES delegation and countersigning capabilities.
+*Rob suggested using the UCC term "personal representative" vs the W3C PROV term "onBehalfOf".
+*Homework:  To review XADES and HL7 Digital Signature CDA IG for alternative approaches, and to consider alternatives to "onBehalfOf" as well as a definition that covers more than the delegation use case.
+*Deferred discussion of [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security CP 9407] - aligned AuditEvent.activity and Provenance.activity.

Difference between revisions of "HL7 FHIR Security 2016-3-8"

Latest revision as of 01:32, 9 March 2016

Contents

Call Logistics

Attendees

Agenda

Minutes

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

groups

meetings

general

Tools