This wiki has undergone a migration to Confluence found Here
Difference between revisions of "January 10, 2017 Security Conference Call"
Jump to navigation
Jump to search
| Line 7: | Line 7: | ||
!x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name''' | !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name''' | ||
|- | |- | ||
| − | || | + | || |x|| [mailto:JohnMoerke@gmail.com John Moehrke]Security Co-chair |
||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair | ||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor]Security Co-chair | ||
||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||||x|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair | ||
| Line 19: | Line 19: | ||
|| x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | || x|| [mailto:gfm@securityrs.com Glen Marshall], SRS | ||
||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo] | ||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo] | ||
| − | |||| | + | ||||x|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] |
||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||
|- | |- | ||
| Line 40: | Line 40: | ||
||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||||.|| [mailto:bkinsley@nextgen.com William Kinsley] | ||
||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||||.|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
| − | |||| | + | ||||x|| [mailto:Mayada.Abdulmannan@va.gov Mayada Abdulmannan] |
|- | |- | ||
|| .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | || .|| [mailto:kamalinivaidya@systemsmadesimple.com Kamalini Vaidya] | ||
Revision as of 20:00, 31 January 2017
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| |x | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | x | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
| x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | . | Mohammed Jafari | |||
| x | Glen Marshall, SRS | x | Beth Pumo | x | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | . | Joe Lamy | . | Galen Mulrooney | |||
| . | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
| x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
| . | Kamalini Vaidya | . | Bill Kleinebecker | . | Christopher Shawn | . | Grahame Grieve | |||
| . | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Security WG Call Minutes December 20, 2016
- (15 min) TF4FA Behavioral Model Elaboration - Ioana Singureanu
- (5 min) Bernd Blobel TF4FA comments - Kathleen
- (5 min) John Moehrke's TF4FA comments - Kathleen
- (10 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
- (10 min) SLSv2 PSS - Diana
- (3 min) WGM Prep
- (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Minutes
- Chaired by Alex
- Agenda Approved (Kathleen, Ioana)
- Security WG Call Minutes December 20, 2016-deferred to next meeting
- TF4FA Behavioral Model Elaboration - Ioana Singureanu
- Kathleen present Ioana who is tasked to move from conceptual model to background independent model showing services
- Will present at connectathon
- Ioana presented the source model:
- The document is out for review shows high level concepts of trust framework
- Trust contract, federated security policy negotiated between the two domains
- Negotiation between domains results a signed agreed upon trust contract
- Results in making authorization decision between the two federated domains
- The Security token based on the trust contract and initiated an exchange flow between resources
- All the systems will have trust marks with the capabilities
- The two domains would be one initiating domain and one responding domain
- The trusted policy federation services exposes
- Assertions are also independently validated
- Attribute and Role based access control policies
- Kathleen requested for Ioana to look at different levels of assurances mechanisms within the HL7 vocabulary such as Trust Marks
- Identity Management and Proofing is not covered, only asserting authorization level federation
- Level of identity proofing can be asserted
- A domain by definition has defined set Users, Data accessed by user, and Policy; The negotiation is about the negotiating the data in the contract. The level of assurance is Domain wise.
- We use minimal identity proofing, we don't use two faze authentication, which allows each domain to apply its own policies
- The operation for trust services is operation complete contract, with authorization policy, handling instructions, security label's functionality to deal with authorizations
- Multiple level of assurances can occur within one domain
- Between two organizations you can have hundreds of Domains depending on the two users; it is fluid and flexible
- Below Agenda Items will be carried forward to next Work Group call:
- Bernd Blobel comments - Kathleen
- John Moehrke's TF4FA comments - Kathleen
- gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
- SLSv2 PSS - Diana
- WGM Prep
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call2 min) Roll Call, Agenda Approval
- Security WG Call Minutes December 20, 2016
- TF4FA Behavioral Model Elaboration - Ioana Singureanu
- Bernd Blobel TF4FA comments - Kathleen
- John Moehrke's TF4FA comments - Kathleen
- gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
- SLSv2 PSS - Diana
- WGM Prep
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
