This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "November 2, 2010 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 30: Line 30:
 
==Minutes==
 
==Minutes==
 
# Roll Call, Approve [http://wiki.hl7.org/index.php?title=October_26%2C_2010_Security_Conference_Call Minutes] & Accept Agenda
 
# Roll Call, Approve [http://wiki.hl7.org/index.php?title=October_26%2C_2010_Security_Conference_Call Minutes] & Accept Agenda
 +
## Meeting Minutes Approval:  (No meeting held last week)
 
# [http://www.cred.ca/skmt/ Standards Knowledgement Tool ('''SKMT'''] Discussion - Mike Davis [http://www.skmtglossary.org/Default.aspx?AspxAutoDetectCookieSupport=1 SKMT Glossary?]
 
# [http://www.cred.ca/skmt/ Standards Knowledgement Tool ('''SKMT'''] Discussion - Mike Davis [http://www.skmtglossary.org/Default.aspx?AspxAutoDetectCookieSupport=1 SKMT Glossary?]
 +
## AGENDA Item: SKMT Discussion
 +
(Mike) Not much is known on it.  HL7 has some information.
 +
It has various vocabularies that make it available to outside folks for sharing purposes.  (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.
 +
 +
TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 .    And ask about the SKMT
 +
Note: GE/VA are using a categorization of websites and those on the VPNs are not able to access link – Google believes is fishy here.  The ‘’’ ‘’SKMT ‘’ ‘’’glossary doesn’t seem to have a problem.
 +
 +
(Mike) I’ve been talking with Deepak Calra—he says this ISO-HL7 joint effort to do SKMT joint effort.  at an EHR meeting they gave presentation and mentioned that the permission catalog is apparently in the SKMT.  it’s a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards.  I actually got involved in this because of the POU specification – they were changing the names and definitions of access control because they (Canadians) didn’t like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous  to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever.  So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything. 
 +
It’s in the form of a Project Scope Statement, see LINK:  [http://gforge.hl7.org/gf/download/trackeritem/1679/7665/ProjectScopeStatement_Vocab_SKMT_Glossary_May2010_R2_clean.doc. International SDO Glossary at TSC Tracker # 1679, Project Insight ID# 495]
 +
We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start.  Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in.
 +
Agenda Item: Security-Privacy DAM, vocabulary harmonization spreadsheet
 +
We are continuing with work that Steve Connolly had begun in May 2010.  We have this to work with [http://gforge.hl7.org/gf/download/docmanfileversion/5921/7656/HarmonizedDAMXSPA20100507.xlsx Harmonized DAM Vocabulary spreadsheet]. 
 +
We need to go through the DAM and identify standards that support the classes.  This was a US-Realm model, but OASIS is also asking this, they are producing some healthcare profiles for internation publication in ITU.
 +
They shouldn’t be developing these terminology attributes anddomains, but using the stuff that HL7 provides, that’s one of the motivations for this---publication.  One of the things we need to do (looking for volunteers) is to go through DAM and identiy classes that are necessary explicitly for a requestor PROVIDING TO A PROVIDER – information model a has lots of clasees that have nothing to do with the request from the provider.  (I have these roles, I have these things) we can use some assistance in identifying . You can mark them down the kinds of things that should/should not be in that kind of request.
 +
 +
Please take a look at the harmonized DAM [add GForge link Security-Privacy Harmonized Domain Analysis Model]
 +
Please comment on any international standard that could provide vocabulary, that would possible provide vocabulary in this manner. Provide to John Moehrke, Suzanne Gonzales-Webb or Mike Davis in any format---it would save us a lot of time that could give us assistance.
 +
 
# Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis
 
# Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis
 +
 +
 +
 +
Agenda Item: (added)
 +
Tony Weida – Has been focusing on: adding description and source annotation to many of the classes in the security-privacy Owl portion of the ontology. So far I’ve been taking them verbatim in most cases..Not sure if they are satisfactory in the perspective of the ontology.  I’d like to send out as is…accepting proposals for improvement –hoping in next few days to get it out there for everyone to start reviewing it and provide comments.
 +
 +
Mike ( john) do remember that lori brought us in a list of about 200 stands that she had listed down…classified by security area? Do you recall that?
 +
John – no
 +
Mike – that would be a relaly nice thing to have.  I think we took that we started our initial cuts and anysis of requiretns from that---that would be a goo thing to ghave … Mike TO ASK LORI F. TO FIND AND RE-PROVIDE THAT INFORMATION TO US.
 +
 +
John – she probably doe shave something… woudn’t know hwa to search for in my archives
 +
 +
We can end the call here (out of agenda items)…  Meeting adjourned at 10:34 PST
 +
John – motion to adjourn
 +
Suzanne: Second, motion to adjourn until top of the hour (1400 EST), with note to read SHIPS document [http://gforge.hl7.org/gf/download/docmanfileversion/5950/7714/11-1_SHIPS SHIPS Document] prior to start of CBCC meeting
  
 
Meeting Adjourned at 10:30 PST, reconvened at the top of the hour with CBCC agenda
 
Meeting Adjourned at 10:30 PST, reconvened at the top of the hour with CBCC agenda

Revision as of 18:58, 3 November 2010

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page


Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) Standards Knowledgement Tool (SKMT Discussion - Mike Davis SKMT Glossary?
  3. (15 min) Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis
  4. (15 min) Item#
  5. (5 min) Other Business

Minutes

  1. Roll Call, Approve Minutes & Accept Agenda
    1. Meeting Minutes Approval: (No meeting held last week)
  2. Standards Knowledgement Tool (SKMT Discussion - Mike Davis SKMT Glossary?
    1. AGENDA Item: SKMT Discussion

(Mike) Not much is known on it. HL7 has some information. It has various vocabularies that make it available to outside folks for sharing purposes. (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.

TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 . And ask about the SKMT Note: GE/VA are using a categorization of websites and those on the VPNs are not able to access link – Google believes is fishy here. The ‘’’ ‘’SKMT ‘’ ‘’’glossary doesn’t seem to have a problem.

(Mike) I’ve been talking with Deepak Calra—he says this ISO-HL7 joint effort to do SKMT joint effort. at an EHR meeting they gave presentation and mentioned that the permission catalog is apparently in the SKMT. it’s a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards. I actually got involved in this because of the POU specification – they were changing the names and definitions of access control because they (Canadians) didn’t like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever. So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything. It’s in the form of a Project Scope Statement, see LINK: International SDO Glossary at TSC Tracker # 1679, Project Insight ID# 495 We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start. Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in. Agenda Item: Security-Privacy DAM, vocabulary harmonization spreadsheet We are continuing with work that Steve Connolly had begun in May 2010. We have this to work with Harmonized DAM Vocabulary spreadsheet. We need to go through the DAM and identify standards that support the classes. This was a US-Realm model, but OASIS is also asking this, they are producing some healthcare profiles for internation publication in ITU. They shouldn’t be developing these terminology attributes anddomains, but using the stuff that HL7 provides, that’s one of the motivations for this---publication. One of the things we need to do (looking for volunteers) is to go through DAM and identiy classes that are necessary explicitly for a requestor PROVIDING TO A PROVIDER – information model a has lots of clasees that have nothing to do with the request from the provider. (I have these roles, I have these things) we can use some assistance in identifying . You can mark them down the kinds of things that should/should not be in that kind of request.

Please take a look at the harmonized DAM [add GForge link Security-Privacy Harmonized Domain Analysis Model] Please comment on any international standard that could provide vocabulary, that would possible provide vocabulary in this manner. Provide to John Moehrke, Suzanne Gonzales-Webb or Mike Davis in any format---it would save us a lot of time that could give us assistance.

  1. Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis


Agenda Item: (added) Tony Weida – Has been focusing on: adding description and source annotation to many of the classes in the security-privacy Owl portion of the ontology. So far I’ve been taking them verbatim in most cases..Not sure if they are satisfactory in the perspective of the ontology. I’d like to send out as is…accepting proposals for improvement –hoping in next few days to get it out there for everyone to start reviewing it and provide comments.

Mike ( john) do remember that lori brought us in a list of about 200 stands that she had listed down…classified by security area? Do you recall that? John – no Mike – that would be a relaly nice thing to have. I think we took that we started our initial cuts and anysis of requiretns from that---that would be a goo thing to ghave … Mike TO ASK LORI F. TO FIND AND RE-PROVIDE THAT INFORMATION TO US.

John – she probably doe shave something… woudn’t know hwa to search for in my archives

We can end the call here (out of agenda items)… Meeting adjourned at 10:34 PST John – motion to adjourn Suzanne: Second, motion to adjourn until top of the hour (1400 EST), with note to read SHIPS document SHIPS Document prior to start of CBCC meeting

Meeting Adjourned at 10:30 PST, reconvened at the top of the hour with CBCC agenda

Action Items

Back to Security Main Page