This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "August 9, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!
 
|-
 
|-
||  x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
+
||  .|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair  
 
||||.|| [mailto:duane.decouteau@gmail.com Duane DeCouteau]
 
||||.|| [mailto:duane.decouteau@gmail.com Duane DeCouteau]
 
||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark]
 
||||.|| [mailto:Chris.R.Clark@wv.gov Chris Clark]
 
|-
 
|-
|| || [mailto:john.moehrke@med.ge.com John Moehrke]Security Co-chair
+
|| x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:aaron.seib@2311.net Aaron Seib]
 
||||.|| [mailto:aaron.seib@2311.net Aaron Seib]
Line 22: Line 22:
 
||  .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||  .|| [mailto:trish.williams@ecu.edu.au Trish Williams]Security Co-chair
 
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson]
 
||||.|| [mailto:gary.dickinson@ehr-standards.com Gary Dickinson]
||||.|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
+
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
      
 
      
 
|-
 
|-
||  x|| [mailto:mike.davis@va.gov Mike Davis]
+
||  .|| [mailto:mike.davis@va.gov Mike Davis]
 
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
 
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu]
 
||||X|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
 
||||X|| [mailto:mjafari@edmondsci.com Mohammed Jafari]
Line 47: Line 47:
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 
||  x|| [mailto:gfm@securityrs.com Glen Marshall], SRS
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
 
||||.|| [mailto:akleinebe@gmail.com Bill Kleinebecker ]
||||.|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
+
||||x|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn]
 
|-
 
|-
 
||  .|| [mailto:oliver@lawless.co Oliver Lawless]
 
||  .|| [mailto:oliver@lawless.co Oliver Lawless]
||||x|| [mailto:grahameg@gmail.com Grahame Grieve]
+
||||.|| [mailto:grahameg@gmail.com Grahame Grieve]
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ]
+
||||x|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ]
 
|-
 
|-
 
||  .|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||  .|| [mailto:Beth.Pumo@kp.org Beth Pumo]
Line 59: Line 59:
 
||  .|| [mailto:cdoss@ncat.edu Christopher Doss]
 
||  .|| [mailto:cdoss@ncat.edu Christopher Doss]
 
||||.|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
 
||||.|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya]
||||x|| [mailto: David Staggs]
+
||||.|| [mailto: David Staggs]
 
|-
 
|-
 
|}
 
|}
Line 66: Line 66:
 
==Agenda '''DRAFT'''==
 
==Agenda '''DRAFT'''==
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
 
# ''(2 min)'' '''Roll Call, Agenda Approval'''
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=June_19,_2016_Security_Conference_Call#Minutes Security WG July 19, 2016 Minutes]  
+
# ''(3 min)'' '''Approve [http://wiki.hl7.org/index.php?title=July_19,_2016_Security_Conference_Call#Minutes Security WG July 19, 2016 Minutes]  
 
# ''(15 min)'' '''Negation project (see below)'''
 
# ''(15 min)'' '''Negation project (see below)'''
 
# ''(10 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike & Dave to update on VA Architectural Model, which is based on S&P DAM and earlier PSAF model that Kathleen and Galen started.  Mike and Kathleen plan to include this work in the Sept "For Comment" Ballot material.
 
# ''(10 min)'' '''[http://gforge.hl7.org/gf/download/docmanfileversion/9274/14375/High%20Level%20Info%20Model%20v0%200%207%20JMD.vsd Update on the PSAF Security Policy model]''' - Mike & Dave to update on VA Architectural Model, which is based on S&P DAM and earlier PSAF model that Kathleen and Galen started.  Mike and Kathleen plan to include this work in the Sept "For Comment" Ballot material.
Line 112: Line 112:
  
 
==Minutes==
 
==Minutes==
 +
* John chair
 +
* Agenda review, nothing to add
 +
* Approve minutes of July 19 -- Suzanne/Rob: 9-0-1
 +
* Review Negation Project
 +
** Rob -- Are they covering the concept of a negative consent? -- Not likely, but we should add this to the list of concerns
 +
** John -- They should avoid use of Negation, as it makes it hard to enforce Privacy and Security policies (including consents)
 +
** Glen -- They should not use negation as a verb, as a verb negating a positive thing. Rather assertive concepts of negative findings are needed
 +
** We need to report these concerns to the team, not try to solve them here
 +
* HL7 ballot signup is open. Get signed up.
 +
* PASS Access Control Services Conceptual Model - Diana
 +
** All negatives are withdrawn, so final will be prepared
 +
* PASS Audit Conceptual Model – Diana
 +
* Purpose of Use paper - Mohammad Jafari
 +
** Mohammad has put together the concept of PurposeOfUse, covering the space where we have used it. Mike is reviewing
 +
** This is an effort to create understanding. Not clear if this will result in any formal changes.
 +
* HEART Update on FHIR nexus -
 +
** Glen and John and Kathleen are participating. Not progressing as quickly as it should
 +
** HL7 FHIR core is looking for more specific guidance to be included in FHIR on use of OAuth
 +
* call for input on Baltimore WG Agenda Items
 +
* Adjourn

Latest revision as of 19:42, 9 August 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
. Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
. Mike Davis . Ioana Singureanu X Mohammed Jafari
x Suzanne Gonzales-Webb x Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp . Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker x Christopher Shawn
. Oliver Lawless . Grahame Grieve x Serafina Versaggi
. Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: David Staggs]

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (3 min) Approve Security WG July 19, 2016 Minutes
  3. (15 min) Negation project (see below)
  4. (10 min) Update on the PSAF Security Policy model - Mike & Dave to update on VA Architectural Model, which is based on S&P DAM and earlier PSAF model that Kathleen and Galen started. Mike and Kathleen plan to include this work in the Sept "For Comment" Ballot material.
  5. (5 min) Standards Privacy Impact Assessment Cookbook - Rick
  6. (5 min) PASS Access Control Services Conceptual Model - Diana
  7. (5 min) PASS Audit Conceptual Model – Diana
  8. (10 min) Purpose of Use paper - Mike Davis & Mohammad Jafari
  9. (5 min) HEART Update on FHIR nexus - Kathleen & John - Possible Joint with Heart in Baltimore???
  10. (2 min) Baltimore WG Agenda Items

Note that there will be a FHIR Security call at 5pm ET See agenda at FHIR Security Agenda

Negation Project

From Serafina

Follow up on the email I sent to Security (and CBCC) regarding a request by the Negation project (a sub-group of TermInfo/Vocabulary that is tackling how to represent the absence of things/negation in the various HL7 flavors of interoperability.

Various participants in the Negation project were asked to reach out and meet with HL7 workgroups (I chose CBCC and Security) to see if there were any additional "requirements" that folks might want to include in the list that has been developed over the last few months.

Here is the message that I sent to the list last Wednesday with this request if you want to excerpt some of this for the agenda.

The WG request

The Negation project team is trying to provide consistent guidelines for representing concepts typically described as "negation" (finding absent, procedure not done, etc.).

We have begun by assembling a catalog of statements that seem to use negation. Our goal is to collect as many as possible and then classify them in order to derive a finite set of negation patterns. These patterns can be used for two things: to inform some best practice guidance on representing negated statements, and to provide design teams with a way to test their formalisms against a catalog of potential requirements.

We would very much like for the <WG name> workgroup to review our list of requirements.

We are asking domain expert groups for either confirmation that our list addresses all of the real world negation requirements you would expect a design formalism to support or, if it doesn't, additional requirements.

We are asking design groups for input on how such a list can be made more useful to a design team, either by confirming that the semantic pattern and design mapping approaches look useful or, if they don't, suggestions for improvement.

Further information about the scope of the project is available on the wiki; we also would be happy to attend a call to answer any questions.

Would CBCC & Security WGs be able to appoint a representative to conduct such a review and provide feedback to our team?

The project wiki is at http://wiki.hl7.org/index.php?title=Negation_Requirements

​I plan to attend ​next Tuesday's CBCC & Security (Aug 8) to answer any questions I'm able to answer.

Let me know if you can add this to the agenda this week. The project asked for work group feedback by the end of August to best prepare for discussions that will take place at the upcoming September WGM.

Many thanks, Serafina

Minutes

  • John chair
  • Agenda review, nothing to add
  • Approve minutes of July 19 -- Suzanne/Rob: 9-0-1
  • Review Negation Project
    • Rob -- Are they covering the concept of a negative consent? -- Not likely, but we should add this to the list of concerns
    • John -- They should avoid use of Negation, as it makes it hard to enforce Privacy and Security policies (including consents)
    • Glen -- They should not use negation as a verb, as a verb negating a positive thing. Rather assertive concepts of negative findings are needed
    • We need to report these concerns to the team, not try to solve them here
  • HL7 ballot signup is open. Get signed up.
  • PASS Access Control Services Conceptual Model - Diana
    • All negatives are withdrawn, so final will be prepared
  • PASS Audit Conceptual Model – Diana
  • Purpose of Use paper - Mohammad Jafari
    • Mohammad has put together the concept of PurposeOfUse, covering the space where we have used it. Mike is reviewing
    • This is an effort to create understanding. Not clear if this will result in any formal changes.
  • HEART Update on FHIR nexus -
    • Glen and John and Kathleen are participating. Not progressing as quickly as it should
    • HL7 FHIR core is looking for more specific guidance to be included in FHIR on use of OAuth
  • call for input on Baltimore WG Agenda Items
  • Adjourn