Security Work Group Weekly Conference Call

Meeting Information

Attendees

• Bernd Blobel Security Co-chair, absent
• Steven Connolly
• Mike Davis Security Co-chair
• Suzanne Gonzales-Webb CBCC Co-chair
• Allen Hobbs
• Rob Horn
• Don Jorgenson
• John Moehrke Security Co-chair
• Milan Petkovic
• Scott Robertson
• Ioana Singureanu
• Richard Thoreson CBCC Co-chair, absent
• Serafina Versaggi scribe
• Tony Weida
• Craig Winter

Agenda

1. (05 min) Roll Call, Minutes March 2, 2010 & Call for Additional Agenda Items
2. REPORT OUTS
   • (10 min) RSA Conference
3. ACTIVE PROJECTS
   • (10 min) Security and Privacy Ontology project
4. (40 min) Harmonized Privacy and Security DAM Peer Review

Announcements

Security & Privacy Ontology Scope Meeting Info

Thursday Mar 11, 2010 5 PM – 7 PM EST (2 PM – 4 PM PST)

• 800-767-1750 Access: 49082#
• https://www.livemeeting.com/cc/vaoi/join
  • Meeting ID: 82MSQ2
  • Entry Code: gFH&(,6

Minutes

1. Action Items

2. Resolutions

To meet the target dates for the May ballot, the joint Security/CBCC Work Group meeting will dedicate one hour each week to address the harmonized Security & Privacy DAM issues so that all work group members have the opportunity to voice their input.

• If the group feels more time is required to resolve issues, additional meeting(s) can be scheduled

3. Updates/Discussion

RSA Conference

• This focus of this year’s conference was on threats and response to threats reflecting reaction to real world, present day security concerns. The conference was less application-security focused than network security focused
• There was a lot of government representation this year: Directors of the FBI and Homeland Security were some of the keynote speakers
• In the past, the conference had more of a forward thinking flavor – what is the next technology
  • Two tracts that traditionally have been part of this conference, Secure software development and Identity and Access Management were missing indicating that interest in those areas has either declined or has become more mature. There were only two presentations in these areas this year
  • Mike and David Staggs gave a presentation related to the security implications of the joint project between the VA and Kaiser Permanente in San Diego which was very well received
  • That demonstration included the use of SAML, XACML & WS-Trust supporting use cases for the enforcement of clinical roles, emergency access and patient consent directives
  • Mike and David also participated in an OASIS demonstration that included the Department of Defense, IBM, Oracle/Sun and Jericho Systems. This demonstration advanced the work done in 2009 at the HIMSS conference. This year’s demo included use cases that extends the HITSP work and allowed vendors to demonstrate that they can assert the XSPA WS-Trust health care profiles, which advances XSPA WS-Trust as a standard. The OASIS profiles include the HL7 Permissions Catalog
  • The major theme of this conference was Cloud Computing – everyone had Cloud Computing in the title of their presentation. The Federal government is approaching Cloud Computing cautiously with concern about the security implications
  • OASIS also demonstrated the utility of security and privacy protection for genomics indicators included in an NIH database called the genomic-wide association studies (GWAS) – see footnote below for more information on GWAS
  • The security system was adaptive as well, meaning that as new indicator pairs are identified and are come into the database, the system recognizes them and applies the privacy rules to the new pairs

Security and Privacy Ontology project

• Still trying to answer questions from the ArB and TSC about the intent of this project. A special meeting to address their questions has been scheduled for Thursday afternoon, 5:00 – 7:00 PM EST (meeting details below for anyone interested in joining)
  • One of their questions is “what are we doing with decision support?”since we identified decision support as one area. The answer to what question is that decision support is one of the use cases we’re using security ontology for; we’re not trying to do decision support specifically.
  • If there are significant changes to the scope statement, we’ll have to take it back to the Steering Division, so we’re hoping to be able to address their questions successfully

Harmonized Privacy and Security DAM Peer Review

• Steve had submitted a suggestion to the listserv for changing the process for this review. Steve’s feeling is that the process for submitting peer review comments to Ioana which are then incorporated into a new version and then posting that revised version for review will take considerable time to get us to a ballot-able artifact
  • His proposal is to have a sub-group or task force meet separately from this meeting to discuss the details of the model
  • John agreed, indicating that he was in favor of more elaborate discussion with the group, and if this is a motion, would second the motion
  • Steve made a motion to create a meeting separate forum the WG meeting ,where interested parties can discuss the harmonized Security Privacy DAMs
  • John seconded the motion and added that the result of those meetings should be summarized, not in excruciating detail, during the regular Security WG meeting for those who are unable to attend the additional meeting
• Following the motion, Mike called for discussion before taking a vote. The Security Work Group call is the appropriate venue for technical work that is the focus of this and the CBCC committees. John concurred that this meeting is preferable to scheduling a separate and additional session
• Ioana re-iterated the Peer Review process. A few people have submitted comments, mostly as annotated versions of the document rather than using the Peer Review form. This creates additional clerical work (to transfer comments onto a single Peer Review for) makes the process a bit less efficient. The form is designed to consolidate all reviewer comments so that a disposition can be assigned to each comment. Comments/dispositions are reviewed during Work Group meetings. Many comments (typos, etc.) are trivial, but for those where further discussion is required, the process is an attempt to make comment review more efficient, not to inhibit input
  • Ioana wanted to assure the group that by using this process, it allows those who have not submitted comments themselves to review what others have submitted. Where the comment is not trivial and the disposition not obvious, part of the disposition process is to ask questions. Ioana does not attempt to substitute her own judgment. If something changes the intent of the document it has to be discussed by the group
  • Mike supports the Peer Review approach and says it provides an additional advantage by documenting the issues that were brought up and how they were resolved. This documentation is useful to others who were not part of the process
• The motion was amended by Mike to dedicate the first hour of the regularly scheduled joint Security/CBCC WG call on Tuesdays to conduct the technical work required to complete the harmonized DAMs in order to meet the intended May ballot. If additional meetings are necessary to make that target, we can schedule additional meetings
  • Mike asked whether the co-chair of CBCC had any objections to the amendment. Suzanne agreed to the amendment
  • Motion seconded by Steve
  • This issue does not really require discussion since the effect is to conduct the usual work of these work groups. But given the discussion and the original motion, we took a vote:
  • Vote: 12/0/0
• The agenda for next week will include one hour dedicated to address the comments that have been disposed by Ioana
• Ioana requested some time during the last 15 minutes of today’s meeting to address some questions that were submitted by Milan Petkovic
  • Should we have a single diagram containing all the classes in a single view? Ioana was hesitant to create such a large diagram because it becomes unwieldy
  • Mike (and others in the group) were under the impression that there would be such a diagram and that it would be beneficial to see all of the classes in a single diagram, with the ability to depict the individual (Security and Privacy) views as well – more of a logical binding than a real one
  • Mike asked whether it would be possible to create a Visio version of the class diagram because not everyone has the modeling tool used to manipulate the model. Ioana will import the model into Enterprise Architect which has a Visio plug-in and will produce that version
  • Another question raised by Milan based on the Consent Directive diagram: Since the information model is covers consumer privacy preferences, how can a consumer specify that certain individuals may or may not have access to my health record. This comment is specific to the Privacy Policy structure overview diagram which only has a relationship between PrivacyRule and Role. Given that model, how can you express that only certain individuals can access a client’s personal health record since there is no relationship between PrivacyRule and User?
  • Ioana responded by saying this is supported by the information model, but this question raises a point. The policy itself does not allow you to specify use by name, but the Consent Directive does. The original Privacy DAM contained object diagrams showing specific instantiations of the model – specific instances of privacy policies and consent directives that show how the model could be instantiated (the classes are replaced by objects). In creating the harmonized DAM, the object diagrams were dropped. Should the object diagrams be included, and should we add new ones for the security policy?
  • The Consent Directive Overview Diagram (figure 10 in the Composite Privacy Domain Analysis Model Version 1 Release 2 DSTU) contains the user identity
  • Ioana will restore the object diagrams in a revised version