This wiki has undergone a migration to Confluence found Here
Difference between revisions of "August 14, 2018 Security Conference Call"
Jump to navigation
Jump to search
(12 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
==Attendees== | ==Attendees== | ||
− | + | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 8: | Line 8: | ||
|- | |- | ||
|| .|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair | || .|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair | ||
− | |||| | + | ||||.|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair |
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair | ||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair | ||
Line 15: | Line 15: | ||
||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb] | ||||x|| [mailto:Suzanne.Webb@bookzurman.com Suzanne Gonzales-Webb] | ||
||||x|| [mailto:mike.davis@va.gov Mike Davis] | ||||x|| [mailto:mike.davis@va.gov Mike Davis] | ||
− | |||| | + | ||||x|| [mailto:david.staggs@bookzurman.com David Staggs] |
|- | |- | ||
|| x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga] | || x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga] | ||
||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui] | ||||x|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui] | ||
− | |||| | + | ||||x|| [mailto:joe.lamy@aegis.net Joe Lamy] |
||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden] | ||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden] | ||
|- | |- | ||
Line 40: | Line 40: | ||
|- | |- | ||
|} | |} | ||
+ | |||
+ | Joe L, Mike, chris shawn dave s, david stags, diana, Francisco, jim K | ||
=='''Agenda'''== | =='''Agenda'''== | ||
#''(2 min)'' '''Roll Call, Agenda Approval''' | #''(2 min)'' '''Roll Call, Agenda Approval''' | ||
#''(5 min)'' Review and Approval of: | #''(5 min)'' Review and Approval of: | ||
− | #* | + | #* [http://wiki.hl7.org/index.php?title=August_07,_2018_Security_Conference_Call August 07, 2018 Security Conference Call] |
− | |||
#''(5 min)'' '''GDPR whitepaper on FHIR''' update - Alex, John, Kathleen | #''(5 min)'' '''GDPR whitepaper on FHIR''' update - Alex, John, Kathleen | ||
− | #''(5 min)'' '''PSS Review and Vote''' | + | #''(5 min)'' '''PSS Review and Vote''' [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/Cross%20Paradigm%20Interoperable%20Implementation%20IG/HL7%20Project%20Scope%20Statement%20Cross%20Paradigm%20Extension08022018a%20.docx Cross Paradigm Interoperable Implementation IG PSS] |
#''(5 min)'' '''TF4FA Normative Ballot reconciliation (formerly PSAF)''' - Mike, Chris | #''(5 min)'' '''TF4FA Normative Ballot reconciliation (formerly PSAF)''' - Mike, Chris | ||
#* Meetings: Tuesdays, 11:00 AM Eastern; freeconference.com same as Security call | #* Meetings: Tuesdays, 11:00 AM Eastern; freeconference.com same as Security call | ||
#* [http://wiki.hl7.org/index.php?title=Privacy_and_Security_Framework_Architecture_(PSAF)#Trust_Framework_for_Federated_Authorization_.28TF4FA.29 TF4FA Ballot Reconciliation (wiki)] | #* [http://wiki.hl7.org/index.php?title=Privacy_and_Security_Framework_Architecture_(PSAF)#Trust_Framework_for_Federated_Authorization_.28TF4FA.29 TF4FA Ballot Reconciliation (wiki)] | ||
#* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180807sgw.xlsm Ballot Reconciliation Sheet_v20180724 for review offline] | #* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180807sgw.xlsm Ballot Reconciliation Sheet_v20180724 for review offline] | ||
− | #** Comments | + | #** Comments 25-41 up for vote (review if necessary) |
− | |||
#''(10 min)'' '''PASS Audit ''' post ballot reconciliation document update - Mike | #''(10 min)'' '''PASS Audit ''' post ballot reconciliation document update - Mike | ||
#* http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services | #* http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services | ||
Line 65: | Line 65: | ||
Chair: Chris Shawn | Chair: Chris Shawn | ||
− | Roll taken | + | Roll taken, no additions made to agenda |
+ | |||
+ | '''GDPR whitepaper on FHIR update''' | ||
+ | * Link to Rene Spronk's GDPR presentation: https://vimeo.com/267769545 password GDPR (4 capitals) approx. 30 min long. | ||
+ | * highly recommended by Mike Davis | ||
+ | |||
+ | '''PSS''' | ||
+ | MOTION made: For Security to be a co-sponsor for PSS linked as presented (Suzanne/MIke) | ||
+ | objections: none; abstentions: none; motion approved: 10 | ||
+ | |||
+ | '''TF4FA Ballot reconciliation''' | ||
+ | MOTION: To approve block of TF4FA ballot comments 25-41 (Suzanne/Mike) | ||
+ | objections: none; abstentions: none; motion approved: 10 | ||
+ | |||
+ | * Sub-Groups meeting earlier on Tuesdays, | ||
+ | * Comments 42-51 ballot resolutions completed today | ||
+ | |||
+ | '''PASS Audit''' document update | ||
+ | * No update on AUDIT | ||
+ | |||
+ | '''TF4FA Trust Framework - Volume 3''' | ||
+ | * Met this week to discuss; understand that there is a great deal of interested in Provenance | ||
+ | * reviewed by Kathleen with complements | ||
+ | * plan to present document update at the September WGM, balloting in January | ||
+ | * added to WGM, Security-CBCP Q3/Q4 MON joint session | ||
+ | * Document will be put out to Security and CBCP listserve as soon as we can for review (pre-ballot) | ||
+ | * presented major graphics at the Security WG, its a matter of filling in the content | ||
+ | * no questions | ||
+ | |||
+ | '''Privacy Obsolete''' | ||
+ | * Plan to present results at the WGM,(added to the joint agenda CBCP-Security MON Q3/Q4 joint meeting) | ||
+ | * there is a tremendous amount of information being gathered (enough for 3+ years) | ||
+ | ** trying to narrow it down and make resources available | ||
+ | ** We have to make some tables that summarize the principal vectors that we were looking at | ||
+ | *** i.e. technology, policy viewpoints | ||
+ | ** we will most likely not have a definitive conclusion, but information can be evaluated, its very specific to what country you're living (i.e.US:good luck, EU:better, etc) | ||
+ | * Mike does not feel that its obsolete--that's what the paper will draw out, that there are a lot of challenges | ||
+ | ** PPT given at May 2018 meeting which will be very close to where we are at | ||
+ | |||
+ | '''Baltimore WGM Agenda''' | ||
+ | * Added to TUE Q4 - Update TO PSAF Working Session to PSAF/TF4FA Volume 3 Working Session) | ||
+ | ** (Move from TUE Q1 (TF4FA - Volume 3) for additional discussion time) | ||
+ | * DISCUSSIONS on major changes in FHIR (from experts) ; full quarter desired for overview discussion | ||
+ | ** discussion/report out of changes expected to see. Something in between FHIR for DUMMIES and FHIR for TECHNICAL discussion | ||
+ | ** Drill down of activities | ||
+ | * suggest to add to (TUE Q3 entire quarter) | ||
+ | |||
+ | '''NEW AGENDA ITEM''' | ||
+ | * Mike mentioned that a few folk have been close to the TEFCA; | ||
+ | ** add discussion around TEFCA; anticipating that ONC will put something out/next version (suggested: | ||
+ | ** TEFCA update; more than what does TEFCA and its acronym mean... | ||
+ | *** in the US the Feds have been involved in their own Working Group to make TEFCA recommendations and express concerns | ||
+ | *** if we have an opportunity to talk to that; (more than 10 minutes) | ||
+ | ** schedule a Q on TEFCA; invite ONC, VA, IHS, CMS, SSA, DoD (US Federal Agencies) | ||
+ | *** issues around the TEFCA that is of interest to HL7 | ||
+ | # finishing up of POU; current TEFCA has defined POU, but is different.... some states have need for Emergency access/not currently authorized, which is not part of TEFCA; HL7 needs to do a better job of promoting...making TEFCA standards based and not 'made up' by verticles (TEFCA has its own, VA has its own, DURSA has its own); we want to coax ONC into adopting the HL7 standards; | ||
+ | * because we are very willing to put into th voca into the vertical; Sequoa, CommenWell or whomever | ||
+ | |||
+ | '''NEW AGENDA ITEM''' | ||
+ | * OASIS Update to XSPA-SAML (add to Q3 Q4 joint) as part of international standards | ||
+ | |||
+ | Motion to Adjourn: (Suzanne) | ||
+ | Meeting adjourned at 1234 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:35, 14 August 2018 (EDT) |
Latest revision as of 20:47, 28 August 2018
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John Moehrke Security Co-chair | . | Kathleen Connor Security Co-chair | . | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
x | Diana Proud-Madruga | x | Francisco Jauregui | x | Joe Lamy | . | Greg Linden | |||
. | Rhonna Clark | . | Grahame Grieve | . | Johnathan Coleman | . | [mailto: Matt Blackman, Sequoia] | |||
. | Mohammed Jafari | x | Jim Kretz | . | Peter Bachman | x | Dave Silver | |||
. | Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | [mailto: Julie Maas] |
Joe L, Mike, chris shawn dave s, david stags, diana, Francisco, jim K
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of:
- (5 min) GDPR whitepaper on FHIR update - Alex, John, Kathleen
- (5 min) PSS Review and Vote Cross Paradigm Interoperable Implementation IG PSS
- (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
- Meetings: Tuesdays, 11:00 AM Eastern; freeconference.com same as Security call
- TF4FA Ballot Reconciliation (wiki)
- Ballot Reconciliation Sheet_v20180724 for review offline
- Comments 25-41 up for vote (review if necessary)
- (10 min) PASS Audit post ballot reconciliation document update - Mike
- (05 min) TF4FA Trust Framework Volume 3 (placeholder) - Mike, Chris
- Is Privacy Obsolete - Mike
- (05 min) Placeholder: HL7 WGM Baltimore planning
Meeting Minutes (DRAFT)
Chair: Chris Shawn
Roll taken, no additions made to agenda
GDPR whitepaper on FHIR update
- Link to Rene Spronk's GDPR presentation: https://vimeo.com/267769545 password GDPR (4 capitals) approx. 30 min long.
- highly recommended by Mike Davis
PSS MOTION made: For Security to be a co-sponsor for PSS linked as presented (Suzanne/MIke) objections: none; abstentions: none; motion approved: 10
TF4FA Ballot reconciliation MOTION: To approve block of TF4FA ballot comments 25-41 (Suzanne/Mike) objections: none; abstentions: none; motion approved: 10
- Sub-Groups meeting earlier on Tuesdays,
- Comments 42-51 ballot resolutions completed today
PASS Audit document update
- No update on AUDIT
TF4FA Trust Framework - Volume 3
- Met this week to discuss; understand that there is a great deal of interested in Provenance
- reviewed by Kathleen with complements
- plan to present document update at the September WGM, balloting in January
- added to WGM, Security-CBCP Q3/Q4 MON joint session
- Document will be put out to Security and CBCP listserve as soon as we can for review (pre-ballot)
- presented major graphics at the Security WG, its a matter of filling in the content
- no questions
Privacy Obsolete
- Plan to present results at the WGM,(added to the joint agenda CBCP-Security MON Q3/Q4 joint meeting)
- there is a tremendous amount of information being gathered (enough for 3+ years)
- trying to narrow it down and make resources available
- We have to make some tables that summarize the principal vectors that we were looking at
- i.e. technology, policy viewpoints
- we will most likely not have a definitive conclusion, but information can be evaluated, its very specific to what country you're living (i.e.US:good luck, EU:better, etc)
- Mike does not feel that its obsolete--that's what the paper will draw out, that there are a lot of challenges
- PPT given at May 2018 meeting which will be very close to where we are at
Baltimore WGM Agenda
- Added to TUE Q4 - Update TO PSAF Working Session to PSAF/TF4FA Volume 3 Working Session)
- (Move from TUE Q1 (TF4FA - Volume 3) for additional discussion time)
- DISCUSSIONS on major changes in FHIR (from experts) ; full quarter desired for overview discussion
- discussion/report out of changes expected to see. Something in between FHIR for DUMMIES and FHIR for TECHNICAL discussion
- Drill down of activities
- suggest to add to (TUE Q3 entire quarter)
NEW AGENDA ITEM
- Mike mentioned that a few folk have been close to the TEFCA;
- add discussion around TEFCA; anticipating that ONC will put something out/next version (suggested:
- TEFCA update; more than what does TEFCA and its acronym mean...
- in the US the Feds have been involved in their own Working Group to make TEFCA recommendations and express concerns
- if we have an opportunity to talk to that; (more than 10 minutes)
- schedule a Q on TEFCA; invite ONC, VA, IHS, CMS, SSA, DoD (US Federal Agencies)
- issues around the TEFCA that is of interest to HL7
- finishing up of POU; current TEFCA has defined POU, but is different.... some states have need for Emergency access/not currently authorized, which is not part of TEFCA; HL7 needs to do a better job of promoting...making TEFCA standards based and not 'made up' by verticles (TEFCA has its own, VA has its own, DURSA has its own); we want to coax ONC into adopting the HL7 standards;
- because we are very willing to put into th voca into the vertical; Sequoa, CommenWell or whomever
NEW AGENDA ITEM
- OASIS Update to XSPA-SAML (add to Q3 Q4 joint) as part of international standards
Motion to Adjourn: (Suzanne) Meeting adjourned at 1234 Arizona Time --Suzannegw (talk) 15:35, 14 August 2018 (EDT)