This wiki has undergone a migration to Confluence found Here
Difference between revisions of "November 1, 2016 Security Conference Call"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
|||
| Line 68: | Line 68: | ||
* Roll Call, Agenda Approval -- Mike/Glen - Unanimous | * Roll Call, Agenda Approval -- Mike/Glen - Unanimous | ||
* Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes] -- Beth/Diana - unanimous | * Approve [http://wiki.hl7.org/index.php?title=October_25,_2016_Security_Conference_Call Security WG October 25, 2016 call minutes] -- Beth/Diana - unanimous | ||
| − | * Diana and Ken on SOA on FHIR | + | **Diana and Ken on SOA on FHIR |
| + | * Service specification NSCI level II process was pre-FHIR service specification | ||
| + | * After FHIR if you take functions like evaluate and implement in FHIR server | ||
| + | * How to implement FHIR consistand SOA specs into FHIR | ||
| + | * Leverage FHIR artifacts to adapt to service functional model | ||
| + | * Resources and implementation guides used to constitute a FHIR enabled service | ||
| + | * Action items to adapt FHIR peces as a collection as an emerging service | ||
| + | * To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific | ||
| + | * Implementation Guide will stitch all collective pieces to create the service | ||
| + | * FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc | ||
| + | * SFM will continue to be produced | ||
| + | * Alot will happen in parallel | ||
| + | * The process will govern how SOA does its work that is service related using FHIR | ||
| + | * Comment: Security Work group can have FHIR Framework that would have services- Mike Davis | ||
| + | * Recommendation: please include Security services with Health Care services- Mike Davis | ||
| + | * If anyone wants updates they can subscribe to SOA list | ||
| + | |||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9456/14844/SOA-FHIR%20Process%20v2.pptx SOA on FHIR] | ||
* Mike and Dave Silver to discuss any updates to the ballot material. | * Mike and Dave Silver to discuss any updates to the ballot material. | ||
** [http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA] | ** [http://gforge.hl7.org/gf/download/docmanfileversion/9457/14845/TF4FA%20Presentation%20v0.0.1.pptx PSAF/TF4TA] | ||
| + | * TF4FA using model open identity using trust specification | ||
| + | ** We have a legal framework for Security and Privacy for requirements and consent | ||
| + | ** We included certification criteria | ||
| + | ** We included technical framework | ||
| + | ** We maybe able to take the Trust model and make it FHIR specific | ||
| + | ** Potentially Trust Technical Framework may match the services described for FHIR by Ken | ||
| + | ** Models included: | ||
| + | ** Trust services model is part of the Trust Services | ||
| + | ** Domain Model | ||
| + | ** Class Model- Policy info model to realize a domain policy | ||
| + | ** Once we have trust framework services it will ultimately involve a legal framework | ||
| + | ** Trust Services Model has seven identified services | ||
| + | ** Requests would have user attributes, roles, clearances, and other access control information | ||
| + | ** The purpose of use would have the User and Request attributes | ||
| + | ** Each Domain will have Trust tokens | ||
| + | ** Policy information Model is also included | ||
| + | ** The context of IT841 is the security policy information File and guidelines | ||
| + | *** Policy Vocabulary is included, as well as Policy Handeling instructions | ||
| + | |||
* Kathleen mentioned need to review old ballot results next week [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition. | * Kathleen mentioned need to review old ballot results next week [http://gforge.hl7.org/gf/download/docmanfileversion/9452/14839/V3DAM_SECURITY_R1_I1_2014MAY_Greg_Staudenmaier_20140428144444.xls Security and Privacy DAM Reconcilation spreadsheet] - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition. | ||
| − | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned | + | * FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana |
Revision as of 20:01, 8 November 2016
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | . | David Staggs | . | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | . | Dave Silver | |||
| . | Rick Grow | . | William Kinsley | . | Paul Knapp | . | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | Paul Petronelli , Mobile Health | . | Russell McDonell |
Agenda DRAFT
- (2 min) Roll Call, Agenda Approval
- (3 min) Approve Security WG October 25, 2016 call minutes
- (15 min) PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
- (15 min) SOA on FHIR Diane and Ken Rubin
- (15 min) Review and Approval of the long overdue Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- (3 min) PASS Audit Conceptual Model – Diana
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- John chaired
- Roll Call, Agenda Approval -- Mike/Glen - Unanimous
- Approve Security WG October 25, 2016 call minutes -- Beth/Diana - unanimous
- Diana and Ken on SOA on FHIR
- Service specification NSCI level II process was pre-FHIR service specification
- After FHIR if you take functions like evaluate and implement in FHIR server
- How to implement FHIR consistand SOA specs into FHIR
- Leverage FHIR artifacts to adapt to service functional model
- Resources and implementation guides used to constitute a FHIR enabled service
- Action items to adapt FHIR peces as a collection as an emerging service
- To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific
- Implementation Guide will stitch all collective pieces to create the service
- FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc
- SFM will continue to be produced
- Alot will happen in parallel
- The process will govern how SOA does its work that is service related using FHIR
- Comment: Security Work group can have FHIR Framework that would have services- Mike Davis
- Recommendation: please include Security services with Health Care services- Mike Davis
- If anyone wants updates they can subscribe to SOA list
- Mike and Dave Silver to discuss any updates to the ballot material.
- TF4FA using model open identity using trust specification
- We have a legal framework for Security and Privacy for requirements and consent
- We included certification criteria
- We included technical framework
- We maybe able to take the Trust model and make it FHIR specific
- Potentially Trust Technical Framework may match the services described for FHIR by Ken
- Models included:
- Trust services model is part of the Trust Services
- Domain Model
- Class Model- Policy info model to realize a domain policy
- Once we have trust framework services it will ultimately involve a legal framework
- Trust Services Model has seven identified services
- Requests would have user attributes, roles, clearances, and other access control information
- The purpose of use would have the User and Request attributes
- Each Domain will have Trust tokens
- Policy information Model is also included
- The context of IT841 is the security policy information File and guidelines
- Policy Vocabulary is included, as well as Policy Handeling instructions
- Kathleen mentioned need to review old ballot results next week Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana
