Difference between revisions of "April 26, 2016 Security Conference Call"
| Line 80: | Line 80: | ||
== Minutes == | == Minutes == | ||
| + | Chaired by Kathleen Connor | ||
| + | - Approved Security WG April 19, 2016 Minutes (approved) | ||
| + | *amended Diana section | ||
| + | - Security WGM Agenda May 2016 Montreal | ||
| + | **Trust Framework, propose to discuss activities in the U.S. | ||
| + | *HHS moved to discuss trust framework and issued a report | ||
| + | *Trust framework activity involved numerous states in the U.S. | ||
| + | *We have put together some concept around trust framework such as pass access control (not yet complete) | ||
| + | *Would like to obtain opinions from Security WKG | ||
| + | *The Trust Framework correlates with inter-oprability, as it is a cross organizational trust framework with multiple domains | ||
| + | -they want to communicate between Domains and share information between Domains | ||
| + | -Policies for the communication between domains must be conveyed | ||
| + | -if FHIR is useful it can be conveyed during run time | ||
| + | -what is signed in advanced is an agreement to use the framework | ||
| + | - Kathleen Connor Comment & Action Item: Policies that govern the domains I can come up with a prototype FHIR trust policy, which will encompass LOA's such as identity proofing, authentication, encryption and how it is conveyed through protocol. | ||
| + | -Kathleen put together a diagram of Security Policy information policy and Trust Policy Information Files, showing the elements of exchange | ||
| + | -Comment Mike Davis) It is not pre-coordinated Trust, an attribute of our trust policy is there is no assumption that is could be entirely negotiated at rutime | ||
| + | -Action Item: Write down the core attributes to define Trust on what we might present in HL7, Vocabulary already exits in standards | ||
| + | |||
| + | -Privacy Impact Assessment Cookbook Update - Rick | ||
| + | *During CBCC call passed the motion to approve the project with CBCC as the sponsor, and Security as Security as co-sponsor | ||
| + | *next step is to move to domain experts for their approval | ||
| + | |||
| + | -Privacy & Security by Design - new project? - Mike | ||
| + | |||
| + | -PASS Access Control Services Conceptual Model - Diana | ||
| + | |||
| + | -Joint Vocabulary Alignment Update - Diana, Mike | ||
| + | -Reid cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support | ||
| + | -Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity | ||
| + | |||
| + | -PASS Audit Conceptual Model – Diana | ||
| + | *Pass access control conception model | ||
| + | *Susan reached out, and DoD participant withdrew his negative vote | ||
| + | *Only one negative vote remains outstanding (under Sept 2015 Ballot Package) | ||
| + | *In the Reconciliation Package has all comments and responses with his negative vote | ||
| + | *Diane will send Alex the direct link regarding the negative ballot | ||
| + | |||
| + | ( 5 min) FHIR Security report out - John | ||
Revision as of 15:53, 5 May 2016
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
| x | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | x | Dave Silver | |||
| Mike Davis | . | Ioana Singureanu | . | Mohammed Jafari | ||||
| x | Suzanne Gonzales-Webb | . | Rob Horn | . | Galen Mulrooney | |||
| x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
| x | Rick Grow | . | Paul Knapp | x | Mayada Abdulmannan | |||
| x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
| . | Oliver Lawless | . | [mailto | . | Serafina Versaggi | |||
| x | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
| . | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve Security WG April 19, 2016 Minutes
- (15 min) Security WGM Agenda May 2016 Montreal
- (5 min) Privacy Impact Assessment Cookbook Update - Rick
- (10 min) Privacy & Security by Design - new project? - Mike
- ( 5 min) PASS Access Control Services Conceptual Model - Diana
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PASS Audit Conceptual Model – Diana
- ( 5 min) FHIR Security report out - John
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
Minutes
Chaired by Kathleen Connor - Approved Security WG April 19, 2016 Minutes (approved)
- amended Diana section
- Security WGM Agenda May 2016 Montreal
- Trust Framework, propose to discuss activities in the U.S.
- HHS moved to discuss trust framework and issued a report
- Trust framework activity involved numerous states in the U.S.
- We have put together some concept around trust framework such as pass access control (not yet complete)
- Would like to obtain opinions from Security WKG
- The Trust Framework correlates with inter-oprability, as it is a cross organizational trust framework with multiple domains
-they want to communicate between Domains and share information between Domains -Policies for the communication between domains must be conveyed -if FHIR is useful it can be conveyed during run time -what is signed in advanced is an agreement to use the framework - Kathleen Connor Comment & Action Item: Policies that govern the domains I can come up with a prototype FHIR trust policy, which will encompass LOA's such as identity proofing, authentication, encryption and how it is conveyed through protocol. -Kathleen put together a diagram of Security Policy information policy and Trust Policy Information Files, showing the elements of exchange -Comment Mike Davis) It is not pre-coordinated Trust, an attribute of our trust policy is there is no assumption that is could be entirely negotiated at rutime -Action Item: Write down the core attributes to define Trust on what we might present in HL7, Vocabulary already exits in standards
-Privacy Impact Assessment Cookbook Update - Rick
- During CBCC call passed the motion to approve the project with CBCC as the sponsor, and Security as Security as co-sponsor
- next step is to move to domain experts for their approval
-Privacy & Security by Design - new project? - Mike
-PASS Access Control Services Conceptual Model - Diana
-Joint Vocabulary Alignment Update - Diana, Mike -Reid cancelled the meeting this morning, and emailed one of the supporters is withdrawing financial support -Mike spoke with Reed and he informed him he is seeing lack of support in the activity and does not think he can continue with the activity
-PASS Audit Conceptual Model – Diana
- Pass access control conception model
- Susan reached out, and DoD participant withdrew his negative vote
- Only one negative vote remains outstanding (under Sept 2015 Ballot Package)
- In the Reconciliation Package has all comments and responses with his negative vote
- Diane will send Alex the direct link regarding the negative ballot
( 5 min) FHIR Security report out - John
