This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "August 9, 2016 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
Line 112: Line 112:
  
 
==Minutes==
 
==Minutes==
 +
* John chair
 +
* Agenda review, nothing to add
 +
* Approve minutes of July 19 -- Suzanne/Rob: 9-0-1
 +
* Review Negation Project
 +
** Rob -- Are they covering the concept of a negative consent? -- Not likely, but we should add this to the list of concerns
 +
** John -- They should avoid use of Negation, as it makes it hard to enforce Privacy and Security policies (including consents)
 +
** Glen -- They should not use negation as a verb, as a verb negating a positive thing. Rather assertive concepts of negative findings are needed
 +
** We need to report these concerns to the team, not try to solve them here
 +
* HL7 ballot signup is open. Get signed up.
 +
* PASS Access Control Services Conceptual Model - Diana
 +
** All negatives are withdrawn, so final will be prepared
 +
* PASS Audit Conceptual Model – Diana
 +
* Purpose of Use paper - Mohammad Jafari
 +
** Mohammad has put together the concept of PurposeOfUse, covering the space where we have used it. Mike is reviewing
 +
** This is an effort to create understanding. Not clear if this will result in any formal changes.
 +
* HEART Update on FHIR nexus -
 +
** Glen and John and Kathleen are participating. Not progressing as quickly as it should
 +
** HL7 FHIR core is looking for more specific guidance to be included in FHIR on use of OAuth
 +
* call for input on Baltimore WG Agenda Items
 +
* Adjourn

Latest revision as of 19:42, 9 August 2016

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name
. Kathleen ConnorSecurity Co-chair . Duane DeCouteau . Chris Clark
x John MoehrkeSecurity Co-chair . Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards . Christopher D Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson x Dave Silver
. Mike Davis . Ioana Singureanu X Mohammed Jafari
x Suzanne Gonzales-Webb x Rob Horn . Galen Mulrooney
x Diana Proud-Madruga . Ken Rubin . William Kinsley
x Rick Grow . Paul Knapp . Mayada Abdulmannan
x Glen Marshall, SRS . Bill Kleinebecker x Christopher Shawn
. Oliver Lawless . Grahame Grieve x Serafina Versaggi
. Beth Pumo . Russell McDonell . Paul Petronelli , Mobile Health
. Christopher Doss . Kamalini Vaidya . [mailto: David Staggs]

Back to Security Main Page

Agenda DRAFT

  1. (2 min) Roll Call, Agenda Approval
  2. (3 min) Approve Security WG July 19, 2016 Minutes
  3. (15 min) Negation project (see below)
  4. (10 min) Update on the PSAF Security Policy model - Mike & Dave to update on VA Architectural Model, which is based on S&P DAM and earlier PSAF model that Kathleen and Galen started. Mike and Kathleen plan to include this work in the Sept "For Comment" Ballot material.
  5. (5 min) Standards Privacy Impact Assessment Cookbook - Rick
  6. (5 min) PASS Access Control Services Conceptual Model - Diana
  7. (5 min) PASS Audit Conceptual Model – Diana
  8. (10 min) Purpose of Use paper - Mike Davis & Mohammad Jafari
  9. (5 min) HEART Update on FHIR nexus - Kathleen & John - Possible Joint with Heart in Baltimore???
  10. (2 min) Baltimore WG Agenda Items

Note that there will be a FHIR Security call at 5pm ET See agenda at FHIR Security Agenda

Negation Project

From Serafina

Follow up on the email I sent to Security (and CBCC) regarding a request by the Negation project (a sub-group of TermInfo/Vocabulary that is tackling how to represent the absence of things/negation in the various HL7 flavors of interoperability.

Various participants in the Negation project were asked to reach out and meet with HL7 workgroups (I chose CBCC and Security) to see if there were any additional "requirements" that folks might want to include in the list that has been developed over the last few months.

Here is the message that I sent to the list last Wednesday with this request if you want to excerpt some of this for the agenda.

The WG request

The Negation project team is trying to provide consistent guidelines for representing concepts typically described as "negation" (finding absent, procedure not done, etc.).

We have begun by assembling a catalog of statements that seem to use negation. Our goal is to collect as many as possible and then classify them in order to derive a finite set of negation patterns. These patterns can be used for two things: to inform some best practice guidance on representing negated statements, and to provide design teams with a way to test their formalisms against a catalog of potential requirements.

We would very much like for the <WG name> workgroup to review our list of requirements.

We are asking domain expert groups for either confirmation that our list addresses all of the real world negation requirements you would expect a design formalism to support or, if it doesn't, additional requirements.

We are asking design groups for input on how such a list can be made more useful to a design team, either by confirming that the semantic pattern and design mapping approaches look useful or, if they don't, suggestions for improvement.

Further information about the scope of the project is available on the wiki; we also would be happy to attend a call to answer any questions.

Would CBCC & Security WGs be able to appoint a representative to conduct such a review and provide feedback to our team?

The project wiki is at http://wiki.hl7.org/index.php?title=Negation_Requirements

​I plan to attend ​next Tuesday's CBCC & Security (Aug 8) to answer any questions I'm able to answer.

Let me know if you can add this to the agenda this week. The project asked for work group feedback by the end of August to best prepare for discussions that will take place at the upcoming September WGM.

Many thanks, Serafina

Minutes

  • John chair
  • Agenda review, nothing to add
  • Approve minutes of July 19 -- Suzanne/Rob: 9-0-1
  • Review Negation Project
    • Rob -- Are they covering the concept of a negative consent? -- Not likely, but we should add this to the list of concerns
    • John -- They should avoid use of Negation, as it makes it hard to enforce Privacy and Security policies (including consents)
    • Glen -- They should not use negation as a verb, as a verb negating a positive thing. Rather assertive concepts of negative findings are needed
    • We need to report these concerns to the team, not try to solve them here
  • HL7 ballot signup is open. Get signed up.
  • PASS Access Control Services Conceptual Model - Diana
    • All negatives are withdrawn, so final will be prepared
  • PASS Audit Conceptual Model – Diana
  • Purpose of Use paper - Mohammad Jafari
    • Mohammad has put together the concept of PurposeOfUse, covering the space where we have used it. Mike is reviewing
    • This is an effort to create understanding. Not clear if this will result in any formal changes.
  • HEART Update on FHIR nexus -
    • Glen and John and Kathleen are participating. Not progressing as quickly as it should
    • HL7 FHIR core is looking for more specific guidance to be included in FHIR on use of OAuth
  • call for input on Baltimore WG Agenda Items
  • Adjourn