This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "April 10, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 62: Line 62:
  
 
TF4FA Ballot - Mike
 
TF4FA Ballot - Mike
* time to vote, we're hoping things to go well
+
* time to vote, we are hoping things to go well
 
* Ballot is Normative
 
* Ballot is Normative
* Intend to contue with the PSAF charter (also mentioned on CBCP); have started work on Audit volume 3
+
* Intend to continue with the PSAF charter (also mentioned on CBCP); have started work on Audit volume 3
** Volume 3 will have elements of life cycle eents and Audit and Provenance
+
** Volume 3 will have elements of life cycle events and Audit and Provenance
** A&P are related, the work with did with EHR - Provenance of things an dlifecycle events and audit
+
** A&P are related, the work with did with EHR - Provenance of things and lifecycle events and audit
** first thought is to look into block chain technology--signed ledger idea behind that---trust history; we'e already brough up a little of this...we will not get too detailed in it
+
** first thought is to look into block chain technology--signed ledger idea behind that---trust history; we’ve already brought up a little of this...we will not get too detailed in it
** we have idea of by September by then t ballot in January - depending on how the current two volumes go with Normative
+
** we have idea of by September by then t ballot in January - depending on how the current two volumes go with Normative
  
 
FHIR Security update _JohnM
 
FHIR Security update _JohnM
* we are working through the ONC API and seucirty
+
* we are working through the ONC API and security
** next item was input validation, agreed to add as an item as a high level punch list on security spec
+
** next item is input validation, agreed to add as an item as a high-level punch list on security spec
** discussion on litmus test to help determine something that rises to the level that we should say something otherwise we will duplicate the exisiting security works--which is not desired
+
** discussion on litmus test to help determine something that rises to the level that we should say something otherwise we will duplicate the existing security works--which is not desired
 
** is it input validation?  
 
** is it input validation?  
** we didnt' come up with a good litmus test--but we will add... one for now... when is it something specific to securing FHIR vs we should have some recommendation to use a seucrit framework and have a list of some security frameworks--we haven't yet touched upon (it will have to be a topic)...
+
** we didn’t' come up with a good litmus test--but we will add... one for now... when is it something specific to securing FHIR vs we should have some recommendation to use a security framework and have a list of some security frameworks--we haven't yet touched upon (it will have to be a topic) ...
 
**continuing to work through the ONC paper
 
**continuing to work through the ONC paper
 
* new time is better meeting time 2PM ET (right before this meeting)
 
* new time is better meeting time 2PM ET (right before this meeting)
Line 83: Line 83:
 
* picking up on themes discussed
 
* picking up on themes discussed
 
* adjustments made to the Security WGM agenda (discussion)  
 
* adjustments made to the Security WGM agenda (discussion)  
 
+
* [http://wiki.hl7.org/index.php?title=HL7_May_2018_WGM_AGENDA_-_Cologne,_Germany http://wiki.hl7.org/index.php?title=HL7_May_2018_WGM_AGENDA_-_Cologne,_Germany]
* opening Security WG
+
* Updates on ballot, TEFCA, GDPR (specifically to review gaps),  
<<add link>>
+
** request made to not make US specific regarding ONC topic on agenda
* Updates on ballot, TEFCA, GDPR (especially to review gaps),  
+
* NOTE: DRAFT, not final
** request made to not make US specific in regard to ONC topic on agenda
 
 
 
* DRAFT, not final
 
 
* Alex to ask EU folk for agenda items
 
* Alex to ask EU folk for agenda items
  
Meeting adjorned at 1235 ARizona Time  --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:35, 10 April 2018 (EDT)
+
Meeting adjourned at 1235 Arizona Time  --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:35, 10 April 2018 (EDT)

Revision as of 20:12, 10 April 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
x Diana Proud-Madruga x Francisco Jauregui x Joe Lamy . Greg Linden
x Rhonna Clark . Grahame Grieve . Johnathan Coleman . [mailto:
. [mailto: x Jim Kretz . [mailto: x Dave Silver
. Beth Pumo . Bo Dagnall . Riki Merrick . Theresa Connor
. Mohammed Jafari . [mailto: . Peter Bachman x [mailto: Matt Blackman, Sequoia]

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of April 3rd minutes
  3. (5 min) TF4FA Normative Ballot - time to vote - Mike
  4. (15 min) FHIR Security Updates - John
  5. (15 min) Security Cologne May WGM Agenda - Kathleen

Meeting Minutes DRAFT

Chris Shawn, chair Roll Call, Agenda Review, Meeting Minutes approval

http://wiki.hl7.org/index.php?title=April_10,_2018_Security_Conference_Call Meeting Minutes Approval (Kathleen/Johnathan) Opposed: none; Abstentions: none; Approved: 12

TF4FA Ballot - Mike

  • time to vote, we are hoping things to go well
  • Ballot is Normative
  • Intend to continue with the PSAF charter (also mentioned on CBCP); have started work on Audit volume 3
    • Volume 3 will have elements of life cycle events and Audit and Provenance
    • A&P are related, the work with did with EHR - Provenance of things and lifecycle events and audit
    • first thought is to look into block chain technology--signed ledger idea behind that---trust history; we’ve already brought up a little of this...we will not get too detailed in it
    • we have idea of by September by then t ballot in January - depending on how the current two volumes go with Normative

FHIR Security update _JohnM

  • we are working through the ONC API and security
    • next item is input validation, agreed to add as an item as a high-level punch list on security spec
    • discussion on litmus test to help determine something that rises to the level that we should say something otherwise we will duplicate the existing security works--which is not desired
    • is it input validation?
    • we didn’t' come up with a good litmus test--but we will add... one for now... when is it something specific to securing FHIR vs we should have some recommendation to use a security framework and have a list of some security frameworks--we haven't yet touched upon (it will have to be a topic) ...
    • continuing to work through the ONC paper
  • new time is better meeting time 2PM ET (right before this meeting)

Cologne Agenda - Kathleen (DRAFT)

Meeting adjourned at 1235 Arizona Time --Suzannegw (talk) 15:35, 10 April 2018 (EDT)

Retrieved from "https://wiki.hl7.org/w/index.php?title=April_10,_2018_Security_Conference_Call&oldid=155779"