This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "2014-04-10 Tooling Call"

From HL7Wiki
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
==Tooling Meeting Template==
+
==Tooling Meeting ==
 
===Meeting Information===
 
===Meeting Information===
{{:Tooling Meeting Information}}
 
  
 
{|border="1" cellpadding="2" cellspacing="0"  
 
{|border="1" cellpadding="2" cellspacing="0"  
Line 16: Line 15:
 
| colspan="2" align="left" style="background:#f0f0f0;"|'''HL7 Tooling Meeting Agenda/Minutes'''  
 
| colspan="2" align="left" style="background:#f0f0f0;"|'''HL7 Tooling Meeting Agenda/Minutes'''  
 
|-
 
|-
| width="50%" colspan="1"|'''Location: Phone: +1 770-657-9270; <br/>Participant PassCode:586935# <br/> GoToMeeting ID: [https://global.gotomeeting.com/join/741102173 741-102-173]'''
+
| width="50%" colspan="1"|'''Location: Phone: +1 770-657-9270; <br/>Participant PassCode:586935# <br/> GoToMeeting ID: [https://global.gotomeeting.com/join/482299629 482-299-629]'''
 
<!-- ********  CHANGE Date and Time  ON NEXT LINE  **********************-->
 
<!-- ********  CHANGE Date and Time  ON NEXT LINE  **********************-->
 
| width="50%" colspan="1" align="left" style="background:#f0f0f0;"|'''Date: 2014-04-10'''<br/> '''Time: 2PM Eastern'''
 
| width="50%" colspan="1" align="left" style="background:#f0f0f0;"|'''Date: 2014-04-10'''<br/> '''Time: 2PM Eastern'''
Line 41: Line 40:
 
| .|| .
 
| .|| .
 
|-
 
|-
| ||Woody Beeler, interim Vocabulary liaison
+
|x ||Woody Beeler, interim Vocabulary liaison
 
|-
 
|-
| ||Wilfred Bonney, HL7 HQ
+
|x ||Wilfred Bonney, HL7 HQ
 
|-
 
|-
| ||Jeff Brown, HL7 ES liaison
+
|x ||Dennis Cheung, co-chair, CIHI
 
|-
 
|-
| ||Dennis Cheung, co-chair, CIHI
+
|x ||Matt Graham, Mobile Health liaison
 
|-
 
|-
| ||Jane Curry,
+
|x ||Austin Kreisler
 
|-
 
|-
| ||Matt Graham, Mobile Health liaison
+
|x ||Lynn Laakso, HL7 HQ Tooling Support
 
|-
 
|-
| ||Diego Kaminker, Education liaison
+
|x ||Ken McCaslin
 
|-
 
|-
| ||Lynn Laakso, HL7 HQ Tooling Support
+
|x ||John Quinn, CTO
 
|-
 
|-
| ||Abdul-Malik Shakir, CIC liaison
+
|x ||Andy Stechishin, Co-chair
 
|-
 
|-
| ||Lloyd McKenzie, FHIR liaison
+
|x ||Michael van der Zel, co-chair
|-
 
| ||John Ritter, EHR
 
|-
 
| ||Rik Smithies, CS liaison
 
|-
 
| ||Rob Snelick, CGIT liaison
 
|-
 
| ||Rene Spronk, Marketing liaison
 
|-
 
| ||Andy Stechishin, Co-chair
 
|-
 
| ||Michael van der Zel, co-chair
 
 
|-
 
|-
 
| ||
 
| ||
Line 78: Line 65:
 
|-
 
|-
 
<!-- *****  Delete instructions  and change quorum requirements ON NEXT LINE *****-->
 
<!-- *****  Delete instructions  and change quorum requirements ON NEXT LINE *****-->
|colspan="2" |'''Quorum Requirements Met (co-chair plus 3 counting staff): '''(yes/No)  
+
|colspan="2" |'''Quorum Requirements Met (co-chair plus 3 counting staff): '''(yes)  
 
|-  
 
|-  
  
Line 140: Line 127:
  
  
 
 
'''Supporting Documents'''<br/>
 
<!-- *****  Delete instructions and add document names/links ON NEXT LINES *****-->
 
#''
 
  
 
===Minutes===
 
===Minutes===
Line 159: Line 141:
  
 
'''Minutes/Conclusions Reached:'''<br/>
 
'''Minutes/Conclusions Reached:'''<br/>
 +
Convened at 2:04 PM - No GoToMeeting available today
 +
* Roll Call & Agenda Review - no changes, approved by general consent
 +
* Approval of previous minutes from [[2014-04-03 Tooling Call]] Andy moves and Woody seconds approval. Unanimously approved.
 +
<!-- ACTION ITEMS -->
 +
<!--        -->
 +
* Review [http://gforge.hl7.org/gf/project/tool-proc-arch/tracker/?action=TrackerItemBrowse&tracker_id=445 action items] -
 +
**Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library. Andy has not yet sent John an email.
 +
**Andy (and Dennis) will follow up with Diego on the Education project; they have edits to make to a spreadsheet and may have it for next week.
 +
**Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point. Andy has the metadata requirements for MIF and needs to put them on the wiki. The FHIR registry will need a FHIR based REST interface and may use Furore's proposed registry.
 +
**Look into GForge project for the MWB source code on Delphi - Andy has not spoken with Matt about this. It's currently on sourceforge. Matt feels it could work either way but depends on Rob Snelick and the NIST folks.  Discussion on sourceforge ensued. Matt adds he spoke with Viswan at sourceforge for committing the code and has some issues. He suggests we review with CGIT on how we want to pursue this. Specifically the flat file structure would benefit from some subdirectories.  ACTION ITEM: Andy will reach out to Rob Snelick to check on sourceforge as the platform.
 +
***Matt adds that once checked in a licensing check is needed and update to the about page for the components that are freeware, open source, etc.
 +
**Matthew to follow up with the ES regarding the Mobile Health project scope statement - project number 1055. The outstanding issue on ROI has been addressed. There may be other software packages out there for attendance tracking that might already do what we need.
 +
<!--Tooling Liaison Reports - Third Thursdays-->
 +
<!--REPORTS-->
 +
<!--        -->
 +
*Project Updates
 +
**[http://www.hl7.org/Special/committees/v3toolstaskforce/projects.cfm?action=edit&ProjectNumber=913 PI# 913] [[HL7 Tooling Challenge]] - first webinar scheduled for Monday 4/14 to learn about the Tooling Challenge, moderated by Andy and panelists Woody and AMS. You can register at https://attendee.gotowebinar.com/register/6951886924193663745. Please forward this to anyone you think would be interested.
 +
***Woody asks for a few slides to open the discussion to describe this year's challenge and relationship to last year's challenge. Andy will create some
 +
*Other
 +
**Woody raises a question on OpenSSL vulnerabilities that have been reported and any effects on our hosted servers. Lynn will check with Mike to get a statement from GForge on exposure. The Wiki also may also be affected but that is an issue for ES. GForge is the Tooling WG's responsibility. As a server-side issue it affects servers e.g. FHIR but not client side i.e. most of the HL7 sponsored tooling.
 +
**Ken/Austin report on the recent XSLT vulnerability finding in the CDA transform. Rick Geimer has been working on a fix and has a proposed solution. They wish to have a more thorough code review of the proposed solution and testing ideas. Josh Mandel initially identified the issues.
 +
***Michael notes  that we are not the first to discover this so there must be tools out there to aid in testing.
 +
***Andy notes that this is a security hole in XML not in the CDA spec. Standard practice is to not arbitrarily display html from comment blocks but to "cleanse" it first before sending to the browser.  He suggests a formal test be conducted to run with an old and new transform with a script exploiting the security. Austin suggests that Josh Mandel should specifically be invited to help test. He also suggests the ITS WG may have the real XML and XSL experts and we could invite them to help. Paul would be good for doing that but Dale is also employed by Lantana and would have a conflict of interest in testing Rick's fix. Woody, Andy, Josh Mandel, Michael vdZ and Lloyd would be a reputable test team. Dale and Lloyd still need to be asked; Ken will speak with Josh.
 +
***Woody asks if we need to add something to validate MIF files. Andy notes we could but it would probably not be valid. The authors of the MIF files have even more damaging access to other resources.
  
#''
+
Adjourned 2:57 PM.
#Adjourned <hh:mm am/pm> <timezone>.
 
  
  
Line 178: Line 183:
  
 
| width="100%" align="left" style="background:#f0f0f0;"|'''Actions''' ''
 
| width="100%" align="left" style="background:#f0f0f0;"|'''Actions''' ''
 
+
**Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library
* .
+
**Andy (and Dennis) will follow up with Diego on the Education project;
 +
**Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point.
 +
* . Andy will create some slides to open the discussion to describe this year's challenge and relationship to last year's challenge.
 +
* Andy will reach out to Rob Snelick to check on sourceforge as the MWB code repository platform.
 
|-
 
|-
 
<!---=======================================================================
 
<!---=======================================================================

Latest revision as of 19:20, 10 April 2014

Tooling Meeting

Meeting Information

HL7 Tooling Meeting Agenda/Minutes
Location: Phone: +1 770-657-9270;
Participant PassCode:586935#
GoToMeeting ID: 482-299-629
Date: 2014-04-10
Time: 2PM Eastern
Facilitator: Dennis Note taker(s): Lynn Laakso
Attendee Name, Affiliation
. .
x Woody Beeler, interim Vocabulary liaison
x Wilfred Bonney, HL7 HQ
x Dennis Cheung, co-chair, CIHI
x Matt Graham, Mobile Health liaison
x Austin Kreisler
x Lynn Laakso, HL7 HQ Tooling Support
x Ken McCaslin
x John Quinn, CTO
x Andy Stechishin, Co-chair
x Michael van der Zel, co-chair
Quorum Requirements Met (co-chair plus 3 counting staff): (yes)

Agenda

Agenda Topics

  • Roll Call & Agenda Review
  • Approval of previous minutes from 2014-04-03 Tooling Call
  • Review action items -
    • Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library
    • Andy (and Dennis) will follow up with Diego on the Education project;
    • Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point.
    • Look into GForge project for the MWB source code
    • Matthew to follow up with the ES regarding the Mobile Health project scope statemen
  • Project Updates
  • Other/New Business


Minutes

Minutes/Conclusions Reached:
Convened at 2:04 PM - No GoToMeeting available today

  • Roll Call & Agenda Review - no changes, approved by general consent
  • Approval of previous minutes from 2014-04-03 Tooling Call Andy moves and Woody seconds approval. Unanimously approved.
  • Review action items -
    • Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library. Andy has not yet sent John an email.
    • Andy (and Dennis) will follow up with Diego on the Education project; they have edits to make to a spreadsheet and may have it for next week.
    • Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point. Andy has the metadata requirements for MIF and needs to put them on the wiki. The FHIR registry will need a FHIR based REST interface and may use Furore's proposed registry.
    • Look into GForge project for the MWB source code on Delphi - Andy has not spoken with Matt about this. It's currently on sourceforge. Matt feels it could work either way but depends on Rob Snelick and the NIST folks. Discussion on sourceforge ensued. Matt adds he spoke with Viswan at sourceforge for committing the code and has some issues. He suggests we review with CGIT on how we want to pursue this. Specifically the flat file structure would benefit from some subdirectories. ACTION ITEM: Andy will reach out to Rob Snelick to check on sourceforge as the platform.
      • Matt adds that once checked in a licensing check is needed and update to the about page for the components that are freeware, open source, etc.
    • Matthew to follow up with the ES regarding the Mobile Health project scope statement - project number 1055. The outstanding issue on ROI has been addressed. There may be other software packages out there for attendance tracking that might already do what we need.
  • Project Updates
    • PI# 913 HL7 Tooling Challenge - first webinar scheduled for Monday 4/14 to learn about the Tooling Challenge, moderated by Andy and panelists Woody and AMS. You can register at https://attendee.gotowebinar.com/register/6951886924193663745. Please forward this to anyone you think would be interested.
      • Woody asks for a few slides to open the discussion to describe this year's challenge and relationship to last year's challenge. Andy will create some
  • Other
    • Woody raises a question on OpenSSL vulnerabilities that have been reported and any effects on our hosted servers. Lynn will check with Mike to get a statement from GForge on exposure. The Wiki also may also be affected but that is an issue for ES. GForge is the Tooling WG's responsibility. As a server-side issue it affects servers e.g. FHIR but not client side i.e. most of the HL7 sponsored tooling.
    • Ken/Austin report on the recent XSLT vulnerability finding in the CDA transform. Rick Geimer has been working on a fix and has a proposed solution. They wish to have a more thorough code review of the proposed solution and testing ideas. Josh Mandel initially identified the issues.
      • Michael notes that we are not the first to discover this so there must be tools out there to aid in testing.
      • Andy notes that this is a security hole in XML not in the CDA spec. Standard practice is to not arbitrarily display html from comment blocks but to "cleanse" it first before sending to the browser. He suggests a formal test be conducted to run with an old and new transform with a script exploiting the security. Austin suggests that Josh Mandel should specifically be invited to help test. He also suggests the ITS WG may have the real XML and XSL experts and we could invite them to help. Paul would be good for doing that but Dale is also employed by Lantana and would have a conflict of interest in testing Rick's fix. Woody, Andy, Josh Mandel, Michael vdZ and Lloyd would be a reputable test team. Dale and Lloyd still need to be asked; Ken will speak with Josh.
      • Woody asks if we need to add something to validate MIF files. Andy notes we could but it would probably not be valid. The authors of the MIF files have even more damaging access to other resources.

Adjourned 2:57 PM.


Meeting Outcomes

Actions
    • Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library
    • Andy (and Dennis) will follow up with Diego on the Education project;
    • Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point.
  • . Andy will create some slides to open the discussion to describe this year's challenge and relationship to last year's challenge.
  • Andy will reach out to Rob Snelick to check on sourceforge as the MWB code repository platform.
Next Meeting/Preliminary Agenda Items


Return to Tooling


© 2014 Health Level Seven® International. All rights reserved.