This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-3-8"

From HL7Wiki
Jump to navigation Jump to search
 
(12 intermediate revisions by 2 users not shown)
Line 29: Line 29:
 
|-
 
|-
 
||  .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
 
||  .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
||||x||[mailto:gfm@securityrs.com Glen Marshal]
+
||||.||[mailto:gfm@securityrs.com Glen Marshal]
 
||||.||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 
||||.||[mailto:Galen.Mulrooney@JPSys.com Galen Mulrooney]
 
|-
 
|-
Line 36: Line 36:
 
||||x||[mailto:Judith.Fincher@va.gov Judy Fincher]
 
||||x||[mailto:Judith.Fincher@va.gov Judy Fincher]
 
|-
 
|-
||  x|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
+
||  .|| [mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.|| [mailto:Beth.Pumo@kp.org Beth Pumo]
||||x||[mailto:oliver@lawless.co Oliver Lawles]
+
||||.||[mailto:oliver@lawless.co Oliver Lawles]
 
|-
 
|-
 
|}
 
|}
Line 44: Line 44:
 
==Agenda==
 
==Agenda==
 
*Roll; approval of agenda and [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-3-1 March 1, 2016 minutes]
 
*Roll; approval of agenda and [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-3-1 March 1, 2016 minutes]
=CPs for Review=
+
* Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563  Security CP 9563Add onBehalfOf to Signature datatype] - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer.
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security PC 9407 Align AuditEvent and Provenance action/activity element definition] Continue work on activity definitions.
 
  
===Minutes===
+
*CPs for Review
*Chair
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563  Security CP 9563Add onBehalfOf to Signature datatype] - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer.
*Review/approval of agenda and minutes
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security PC 9407 Align AuditEvent and Provenance action/activity element definition] Continue work on activity definitions.
*RE: *[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563  Security CP 9563Add onBehalfOf to Signature datatype]   
+
* Next set of discussion
*“onBehalfOf" definition of " = Agent who delegated signing or did not have the legal standing to sign for themselves (such as a child) e.g., a party to a contract, consent directive, witness, attester, etc.
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9417 9417] Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod
*Add "onBehalfOfReference" definition: The delegator for which the “who” Reference, e.g., a Device, signed on behalf of.  The delegator can only be a Referenced Resource type in the context in which the signature is used.  E.g., in a contract, where a signing party must have legal standing, by limiting Referenced resources to Organizational or Person like Resources, may be enough of a constraint to prevent a device being the delegator to another device and thereby a signer which must have legal standing.
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7568 7568] 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 9407] Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9150 9150] Provenance TODO section cleanup (John Moehrke) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9151 9151] AuditEvent has TODO section to be removed (John Moehrke) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9166 9166] Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9167 9167] AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 9176] Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype (Kathleen Connor) None
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
 +
 
 +
==Minutes==
 +
*John chaired.
 +
*Unanimous approval of agenda and minutes.
 +
* Discussed John"s blog article from the email discussion on Provenance vs Audit http://healthcaresecprivacy.blogspot.com/2016/03/provenance-vs-audit-it-is-not.html.  Questions about which agent is generating a CREATE/UPDATE, since that's not the view of the user agent about the activity performed led to the conclusion that we need at least two interaction diagrams to shows:
 +
**Provenance Interactions
 +
***Generation of a Provenance Resource recording the user agent activity that caused the Provenance.target
 +
***Possible linking of the user's Provenance Resource to a Resource that the user POSTS/PUTS on or TRANSFERS to a FHIR Server and possible persistence by the Server.
 +
***Generation of a Provenance Resource recording the Server's CREATE/UPDATE
 +
**AuditEvent Interactions
 +
***Generation of AuditEvent Resource recording the actions on the system triggered by the user agent and facilitating agent activities [e.g., user authenticating, system handshakes required for transfers, etc.]
 +
***Generation of AuditEvent Resource recording the actions by the Server.
 +
John will make draft for discussion on next call.
 +
*RE: [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563  Security CP 9563Add onBehalfOf to Signature datatype]   
 +
**“onBehalfOf" definition of " = Agent who delegated signing or did not have the legal standing to sign for themselves (such as a child) e.g., a party to a contract, consent directive, witness, attester, etc.
 +
**Add "onBehalfOfReference" definition: The delegator for which the “who” Reference, e.g., a Device, signed on behalf of.  The delegator can only be a Referenced Resource type in the context in which the signature is used.  E.g., in a contract, where a signing party must have legal standing, by limiting Referenced resources to Organizational or Person like Resources, may be enough of a constraint to prevent a device being the delegator to another device and thereby a signer which must have legal standing.
 +
**NOTE that [http://www.w3.org/ns/prov/ W3C PROV Namespace] has a description for "actedOnBehalfOf" = "Delegation is the assignment of authority and responsibility to an agent (by itself or by another agent) to carry out a specific activity as a delegate or representative, while the agent it acts on behalf of retains some responsibility for the outcome of the delegated work.
 +
*Alternative approaches were discussed, including using XADES delegation and countersigning capabilities.
 +
*Rob suggested using the UCC term "personal representative" vs the W3C PROV term "onBehalfOf".
 +
*Homework:  To review XADES and HL7 Digital Signature CDA IG for alternative approaches, and to consider alternatives to "onBehalfOf" as well as a definition that covers more than the delegation use case.
 +
*Deferred discussion of [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security CP 9407] - aligned AuditEvent.activity and Provenance.activity.

Latest revision as of 01:32, 9 March 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair . Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead . Glen Marshal . Galen Mulrooney
. Dave Silver x Rob Horn x Judy Fincher
. Diana Proud-Madruga . Beth Pumo . Oliver Lawles

Agenda

  • Roll; approval of agenda and March 1, 2016 minutes
  • Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
  • CPs for Review
  • Next set of discussion
    • 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod
    • 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
    • 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
    • 9150 Provenance TODO section cleanup (John Moehrke) None
    • 9151 AuditEvent has TODO section to be removed (John Moehrke) None
    • 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
    • 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
    • 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
    • 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
    • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None

Minutes

  • John chaired.
  • Unanimous approval of agenda and minutes.
  • Discussed John"s blog article from the email discussion on Provenance vs Audit http://healthcaresecprivacy.blogspot.com/2016/03/provenance-vs-audit-it-is-not.html. Questions about which agent is generating a CREATE/UPDATE, since that's not the view of the user agent about the activity performed led to the conclusion that we need at least two interaction diagrams to shows:
    • Provenance Interactions
      • Generation of a Provenance Resource recording the user agent activity that caused the Provenance.target
      • Possible linking of the user's Provenance Resource to a Resource that the user POSTS/PUTS on or TRANSFERS to a FHIR Server and possible persistence by the Server.
      • Generation of a Provenance Resource recording the Server's CREATE/UPDATE
    • AuditEvent Interactions
      • Generation of AuditEvent Resource recording the actions on the system triggered by the user agent and facilitating agent activities [e.g., user authenticating, system handshakes required for transfers, etc.]
      • Generation of AuditEvent Resource recording the actions by the Server.

John will make draft for discussion on next call.

  • RE: Security CP 9563Add onBehalfOf to Signature datatype
    • “onBehalfOf" definition of " = Agent who delegated signing or did not have the legal standing to sign for themselves (such as a child) e.g., a party to a contract, consent directive, witness, attester, etc.
    • Add "onBehalfOfReference" definition: The delegator for which the “who” Reference, e.g., a Device, signed on behalf of. The delegator can only be a Referenced Resource type in the context in which the signature is used. E.g., in a contract, where a signing party must have legal standing, by limiting Referenced resources to Organizational or Person like Resources, may be enough of a constraint to prevent a device being the delegator to another device and thereby a signer which must have legal standing.
    • NOTE that W3C PROV Namespace has a description for "actedOnBehalfOf" = "Delegation is the assignment of authority and responsibility to an agent (by itself or by another agent) to carry out a specific activity as a delegate or representative, while the agent it acts on behalf of retains some responsibility for the outcome of the delegated work.
  • Alternative approaches were discussed, including using XADES delegation and countersigning capabilities.
  • Rob suggested using the UCC term "personal representative" vs the W3C PROV term "onBehalfOf".
  • Homework: To review XADES and HL7 Digital Signature CDA IG for alternative approaches, and to consider alternatives to "onBehalfOf" as well as a definition that covers more than the delegation use case.
  • Deferred discussion of Security CP 9407 - aligned AuditEvent.activity and Provenance.activity.