Security Working Group Meeting

Back to Security Main Page

Attendees

• Tabitha Albertson
• Steven Connolly
• Mike Davis Security Co-chair
• Suzanne Gonzales-Webb CBCC Co-chair
• Don Jorgenson
• Rob McClure
• John Moehrke
• Milan Petkovic
• Pat Pyette
• Ioana Singureanu
• Walter Suarez
• Serafina Versaggi
• Tony Weida
• Craig Winter

Agenda

1. (05 min) Roll Call & Accept Agenda
2. (55 min) Ongoing Project Update
   • Security and Privacy Ontology Project
     • Ontology Development Methodology (Steve Connolly)

Minutes

1. Action Items

Reminder: Composite Security and Privacy Domain Analysis Model ballot is now open. Please remember to vote!

• Don: Report back to this group where SOA thinks these ontologies are going to fit within SAIF, and how they might influence or change anything we’ve done with PASS Access Control work.

2. Resolutions

3. Updates/Discussion

US Realm Value Sets

• Steve: The current version of this spreadsheet has not been updated since publication of the Composite Security & Privacy DAM, although updates may not be necessary. I will review and publish another version of the spreadsheet that we can review in future calls.
• Ioana suggests taking a look at section 4 (Vocabulary) of the Composite DAM. This section can be used as a stating point for identifying the coded value sets. While there were changes to the information model during the harmonization process, the concept domains applied to the coded attributes in the model have not changed.

Security and Privacy Ontology Project

• Summary of the status of the project:
  • This project was formally approved by the TSC last week
  • SOA Ontology project has not yet been approved, although they are in the final stages of updating their scope statement. It is expected that project will receive approval by the ArB soon.
  • There is some harmonization between our project and SOA’s – we should follow the same process for creating our ontologies. There has also been discussion regarding tooling and the SOA group is leaning toward using Protégé (version 4.0.2) which incorporates the latest version of OWL, v.2.
  • Next week during the weekly Security WG call, Tony Weida will demonstrate some of the work he is currently doing modeling the RBAC operations as an OWL ontology using Protégé.
  • The other aspect of the ontology work is to observe the work in other SDOs so we can seek opportunities to harmonize with them.
    • The OASIS XACML committee is considering a proposal to create an ontology decision point, meaning the ability to handle an ontology representation to plug into XACML. (XACML is a standard for making decisions and enforcing security policies). This proposal has not yet been formally approved and was proposed by a group external to OASIS.
    • An ontology would be useful in this capacity, and particularly, the HL7 Role-based access control vocabulary in the form of an ontology would be useful to improve the speed and the processing of decision engines.
    • Last week, Jericho Systems indicated that internally, they’ve been developing an ontology for their product suite and they are interested leading an effort within OASIS to advance such a project. Other entities have been invited to participate as well.
    • At the next XACML meeting, Mike plans to discuss this opportunity with Jericho Systems.
    • At the same time there is some opportunity to work with ANSI-INCITS which publishes the RBAC standards to bring ontologies into updates to their standards.
    • We can possibly leverage the work being done in these other projects.
• Steve presented a walkthrough of the Ontology Development Methodology document that he sent to the Security list last week
  • Additional reference to a Powerpoint presentation from the Protégé website
• Competency questions are specific questions asked of the ontology that the ontology is expected to answer automatically, e.g.,
• Ioana: On thing that will be useful is that the model we’ve developed so far, describes the information intended to be exchanged to fulfill certain use cases. The ontology is supposed to automate reasoning as compared to the information model which is just supposed to exchange information in a semantically interoperable way. The purpose of the ontology is what is really important - what we want to ontology to accomplish and what is the breadth of knowledge it is supposed to cover.
• Competency Questions:

1. The domain is Security and Privacy as described in the Harmonized Security &Privacy DAM
2. Purpose is to create an ontology for Security & Privacy that others can use. In other words, we are not going to use the ontology directly, but other consumers can use it. For example, if OASIS were to go forward with their project, they could consume this ontology as a product, and it would be used by them.
   • We (HL7 Security WG) will use it to further inform our information model by bring it to an ontology and then incorporating that as an HL7 artifact in SAIF. Within HL7 that’s our goal.

• Don: Where does this take us beyond the DAM work? How is this a step forward from where we stand currently?
• Mike: An ontology is a architectural model, so we’re meeting the SAIF requirements by providing it. The ontology abstracts the classes in the information model by more completely describing in a formal way the relationships between the concepts. Putting those concepts into a tool like Protégé, so they can be used by others. We’ll start with the HL7 RBAC ballot and the Permission Catalog and create a ontology from those concepts. This will be a concrete way to present a small piece of the overall information model that we can focus on.
• Tony: A variety of Description Logic classifiers can be used with Protégé t prove that the model is internally consistent.
• Rob: Protégé will allow is to test out some of our assumptions about how reasoning over our Information Model can be accomplished.
• Mike: The types of questions that we have are those that would support Access Control SFM. What can this user do, what information can he access?
• Rob: So for instance, there’s a policy that has a series of elements and you have to see if a particular piece of information is subsumed by all of the appropriate policy elements that would allow that person access? And you could implement that as a test process inside of Protégé.
• Mike: The kinds of questions that are immediately appealing are thing having to do with our policy model. That’s what we’re using to develop our ontology, so the questions are related to the enforcement of policy. Who will maintain the ontology is the Security and Privacy (CBCC) Work Groups. As a first pass effort, I think we have the answers to the competency questions.
• Steve walked through a description of the rest of the steps which are self-explanatory in the methodology document linked above.
• Once the ontology has been defined within Protégé, you can test the internal consistency of the model. If there are logical missteps within the ontology these can be discovered by running the Reasoner within Protégé. What we are shooting for is asking the ontology the competency questions. If we have the conditions inserted into the ontology, the reasoning within the system will be able to answer the potential question.
• Rob: When people build systems, they may utilize a series of tools that draw upon this information to “reason” about a particular request, maybe some rules. Rules are not a part of how Protégé functions. It doesn’t use rules, it uses classifications to see if a “concept” is a kind-of something else. This is very interesting and another way of looking at the problem, but it may not be the single answer.
• Mike: We’ve reached the top of the hour, so we need to move into CBCC. Don, could you let us know where SOA thinks these ontologies are going to fit within SAIF, and how they might influence or change anything we’ve done with PASS Access Control work.

Meeting was adjourned at 2:00 PM EDT

No significant motions or decisions were made