Security Working Group Meeting

Back to Security Main Page

Attendees

• Tabitha Albertson
• Steven Connolly
• Mike Davis Security Co-chair
• Suzanne Gonzales-Webb CBCC Co-chair
• Don Jorgenson
• Rob McClure
• John Moehrke
• Milan Petkovic
• Pat Pyette
• Ioana Singureanu
• Walter Suarez
• Serafina Versaggi
• Tony Weida
• Craig Winter

Agenda

1. (05 min) Roll Call & Accept Agenda
2. (55 min) Ongoing Project Update
   • Security and Privacy Ontology Project
     • Ontology Development Methodology (Steve Connolly)

Minutes

1. Action Items

Reminder: Composite Security and Privacy Domain Analysis Model ballot is now open. Please remember to vote!

• Don: Report back to this group where SOA thinks these ontologies are going to fit within SAIF, and how they might influence or change anything we’ve done with PASS Access Control work.

2. Announcments

During next week's Security Work Group call (April 13), Tony Weida will demonstrate Protégé based work he is doing to model the RBAC operations as an OWL ontology.

3. Resolutions - none

4. Updates/Discussion

US Realm Value Sets

• Steve: The current version of this spreadsheet has not been updated since publication of the Composite Security & Privacy DAM, although updates may not be necessary. I will review and publish another version of the spreadsheet that we can review in future calls.
• Ioana suggests taking a look at section 4 (Vocabulary) of the Composite DAM. This section can be used as a stating point for identifying the coded value sets. While there were changes to the information model during the harmonization process, the concept domains applied to the coded attributes in the model have not changed.

Security and Privacy Ontology Project

Project Status Update

• • This project was formally approved by the TSC last week
  • SOA Ontology project has not yet been approved, although they are in the final stages of updating their scope statement. It is expected that project will receive approval by the ArB soon.
  • There are opportunities for harmonization between our project and SOA’s, primarily we should follow a similar process for creating our ontologies. There are also ongoing discussions regarding tooling. The SOA group is leaning toward using Protégé (version 4.0.2) which incorporates the latest version of OWL, v.2.
  • Next week during the weekly Security WG call, Tony Weida will demonstrate Protégé based on work he is currently doing to model the RBAC operations as an OWL ontology.
  • Another aspect of this ontology project is to observe related work in other SDOs so we can seek opportunities to harmonize with them.
    • The OASIS XACML committee is considering a proposal to create an ontology decision point, meaning the ability to handle an ontology representation to plug into XACML. (XACML is a standard for making decisions and enforcing security policies). This proposal has not yet been formally approved and was proposed by a group external to OASIS.
    • An ontology would be useful in this capacity, and particularly, the HL7 Role-based access control vocabulary in the form of an ontology would be useful to improve the speed and the processing of decision engines.
    • Last week, Jericho Systems indicated that internally, they’ve been developing an ontology for their product suite and they are interested leading an effort within OASIS to advance such a project. Other entities have been invited to participate as well.
    • At the next XACML meeting, Mike plans to discuss this opportunity with Jericho Systems.
    • There is also an opportunity to work with ANSI-INCITS (publisher of the RBAC standards) to bring ontologies into updates to their standards.
    • We can possibly leverage the work being done in these other projects.

Ontology Development Methodology

Steve presented a walkthrough of the Ontology Development Methodology document he sent to the Security list last week

• Competency questions are specific questions asked of the ontology that the ontology is expected to answer automatically, e.g., Direct care providers are allowed to access all patient records; Radiologists may only access Sam Jones' records for the purpose of treatment.
• Ioana: The Composite Security & Privacy Information Model that we’ve developed describes information intended to be exchanged to fulfill certain use cases. A useful concept to grasp is that an ontology is supposed to automate reasoning as compared to an information model which is just supposed to exchange information in a semantically interoperable way. The purpose of the ontology is what is really important - what we want to ontology to accomplish and what is the breadth of knowledge it is supposed to cover.
• The Work Group took a first pass at answering the competency questions:

1. The domain is Security and Privacy as described in the Harmonized Security &Privacy DAM
2. The purpose is to create an ontology for Security & Privacy that other consumers can use; we are not going to use the ontology directly. For example, if OASIS is to go forward with their project, they could consume this ontology as a product. The ontology would be used by OASIS.
   • The HL7 Security WG will use the ontology work to further inform our Information Model by developing this ontology and by incorporating it as an HL7 artifact into the SAIF.

• Don: Where does this take us beyond the DAM work? How is this a step forward from where we stand currently?
• Mike: An ontology is a architectural model, so we’re meeting the SAIF requirements by providing it. The ontology abstracts the classes in the information model by more completely describing in a formal way, the relationships between the concepts. We’ll start with the HL7 RBAC ballot and the Permission Catalog and create a ontology in Protégé. This will be a concrete way to focus on a small piece of the overall information model for starters.
• Tony: Another advantage is that a variety of Description Logic classifiers can be used with Protégé to prove that the model is internally consistent.
• Steve: Once the ontology has been defined within Protégé, you can test the internal consistency of the model. If there are logical missteps within the ontology these can be discovered by running the Reasoner within Protégé. What we are shooting for is asking the ontology the competency questions. If we have the conditions inserted into the ontology, the reasoning within the system will be able to answer the potential question.
• Mike: The kinds of questions that are immediately appealing are those having to do with our policy model. That’s what we’re using to develop our ontology, so the questions are related to the enforcement of policy.
  • The answer to the question of who will maintain the ontology is that the Security and Privacy (CBCC) Work Groups will be responsible since this is a joint effort and our work product.
  • Overall, I think as a first pass effort, we have the answers to the competency questions.
• Rob: Protégé will allow is to test out some of our assumptions about how reasoning over our Information Model can be accomplished. But when people build systems, they may utilize a series of tools that draw upon the information within an ontology to “reason” about a particular request, maybe some rules. However, rules are not a part of how Protégé functions. It doesn’t use rules, it uses classifications to see if a “concept” is-a-kind of something else. This is very interesting and another way of looking at the problem, but it may not be the single answer.
• Steve walked through the rest of the steps in the methodology which are self-explanatory in the document link above.
• Mike: We’ve reached the top of the hour, so we need to move into CBCC. Don, could you let us know where SOA thinks these ontologies are going to fit within SAIF, and how they might influence or change anything we’ve done with PASS Access Control work.

Meeting was adjourned at 2:00 PM EDT

No significant motions or decisions were made