This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR security topics"
Jump to navigation
Jump to search
| Line 7: | Line 7: | ||
*** including meta tag use for security labels | *** including meta tag use for security labels | ||
* [http://hl7-fhir.github.io/datatypes.html#signature Signature] Data Type | * [http://hl7-fhir.github.io/datatypes.html#signature Signature] Data Type | ||
| − | + | ==[http://hl7-fhir.github.io/provenance.html Provenance Resource]== | |
| − | ** Including signature use within Provenance | + | * Address outstanding Provenance CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure |
| − | + | * Including signature use within Provenance | |
| − | + | * Provenance.activity value-set needs to be enlarged with existing vocabulary, and discussion around if it should be marked as Extensible. | |
| − | + | *Provenance.entity.role unclear how each vocabulary item should be used. | |
| − | + | ** how is derivation to be used? | |
| − | + | **how is revision to be used, other than the duplicate indication that would be in Provenance.activity. | |
| − | + | * Provenance.reason binding only to the PurposeOfUse is not granular. Seems there should be a more clear distinction between reason and activity. question on why this is Extensible | |
| − | + | *show how a resource and provenance would look as that resource transitions through lifecycle. In this way one would be able to find each step of the lifecycle, by way of version; and the provenance statement by way of the pointer to that version specific. | |
| − | + | *Detailed work plan and notes [[HL7 FHIR Provenance Resource]] | |
==[http://hl7-fhir.github.io/auditevent.html AuditEvent Resource ]== | ==[http://hl7-fhir.github.io/auditevent.html AuditEvent Resource ]== | ||
| − | + | * Address outstanding AuditEvent CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure | |
** harmonize the structure, element names, and vocabulary as much as possible with Provenance. | ** harmonize the structure, element names, and vocabulary as much as possible with Provenance. | ||
** document use cases for interoperable FHIR AuditEvent - e.g., federated system with central AuditEvent Service - intra- and inter-enterprise. | ** document use cases for interoperable FHIR AuditEvent - e.g., federated system with central AuditEvent Service - intra- and inter-enterprise. | ||
Revision as of 21:51, 3 November 2015
Project ID 1209
- FHIR disposition link on gForge for review/discussion (ongoing weekly agenda item)
- Security pages
- Including guidance on Authentication and Authorization
- Security Labels Page
- including meta tag use for security labels
- Signature Data Type
Provenance Resource
- Address outstanding Provenance CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure
- Including signature use within Provenance
- Provenance.activity value-set needs to be enlarged with existing vocabulary, and discussion around if it should be marked as Extensible.
- Provenance.entity.role unclear how each vocabulary item should be used.
- how is derivation to be used?
- how is revision to be used, other than the duplicate indication that would be in Provenance.activity.
- Provenance.reason binding only to the PurposeOfUse is not granular. Seems there should be a more clear distinction between reason and activity. question on why this is Extensible
- show how a resource and provenance would look as that resource transitions through lifecycle. In this way one would be able to find each step of the lifecycle, by way of version; and the provenance statement by way of the pointer to that version specific.
- Detailed work plan and notes HL7 FHIR Provenance Resource
AuditEvent Resource
- Address outstanding AuditEvent CPs from January 2015 FHIR Ballot mistakenly assigned to FHIR Infrastructure
- harmonize the structure, element names, and vocabulary as much as possible with Provenance.
- document use cases for interoperable FHIR AuditEvent - e.g., federated system with central AuditEvent Service - intra- and inter-enterprise.
- address the thought experiment of why do we have both Provenance and AuditEvent. (motivation vs consequence) (medical records vs security surveillance)
- See http://hl7-fhir.github.io/auditevent-mappings.html#w3c.prov
- See http://hl7-fhir.github.io/auditevent-mappings.html#fhirprovenance
- See http://hl7-fhir.github.io/provenance-mappings.html#w3c.prov
- See http://hl7-fhir.github.io/provenance-mappings.html#fhirauditevent
- See http://hl7-fhir.github.io/w5
- Who records Provenance vs AuditEvent; what are the various architectures. The important point is to assure that the architecture chosen doesn't miss information.
- and various other things concerning Security -- Risks to Confidentiality, Integrity, and Availability.
- also interested in
- W5
- Privacy Consent as a profile on Contract
