This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "November 2, 2010 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 33: Line 33:
 
# [http://www.cred.ca/skmt/ Standards Knowledgement Tool ('''SKMT'''] Discussion - Mike Davis [http://www.skmtglossary.org/Default.aspx?AspxAutoDetectCookieSupport=1 SKMT Glossary?]
 
# [http://www.cred.ca/skmt/ Standards Knowledgement Tool ('''SKMT'''] Discussion - Mike Davis [http://www.skmtglossary.org/Default.aspx?AspxAutoDetectCookieSupport=1 SKMT Glossary?]
 
## AGENDA Item: SKMT Discussion
 
## AGENDA Item: SKMT Discussion
(Mike) Not much is known on it.  HL7 has some information.
+
(Mike) SKMT has various vocabularies that it makes available to outside folks for sharing purposes.  (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.
It has various vocabularies that make it available to outside folks for sharing purposes.  (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.
 
  
TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 .    And ask about the SKMT
+
Note: GE/VA and possibly others on VPNs may not be able to access link. The ''' ''SKMT'' '''glossary does not seem to have the same problem.  
Note: GE/VA are using a categorization of websites and those on the VPNs are not able to access link – Google believes is fishy here. The ‘’’ ‘’SKMT ‘’ ‘’’glossary doesn’t seem to have a problem.  
 
  
(Mike) I’ve been talking with Deepak Calra—he says this ISO-HL7 joint effort to do SKMT joint effort. at an EHR meeting they gave presentation and mentioned that the permission catalog is apparently in the SKMT.  it’s a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards.  I actually got involved in this because of the POU specification – they were changing the names and definitions of access control because they (Canadians) didn’t like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous  to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever.  So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything.   
+
 
 +
 
 +
'''TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 .    And ask about the SKMT'''
 +
(Mike) I’ve been talking with Deepak Calra who says this is an ISO-HL7 joint effort. At an EHR meeting they gave a presentation and mentioned that the RBAC Permission catalog is apparently ''in'' the SKMT.  We see the SKMT at this point as a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards.  Mike actually got involved in this because of the Purpose of Use (POU) specification – they were changing the names and definitions of access control because they (Canadians) did not like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous  to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever.  So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything.   
 
It’s in the form of a Project Scope Statement, see LINK:  [http://gforge.hl7.org/gf/download/trackeritem/1679/7665/ProjectScopeStatement_Vocab_SKMT_Glossary_May2010_R2_clean.doc. International SDO Glossary at TSC Tracker # 1679, Project Insight ID# 495]
 
It’s in the form of a Project Scope Statement, see LINK:  [http://gforge.hl7.org/gf/download/trackeritem/1679/7665/ProjectScopeStatement_Vocab_SKMT_Glossary_May2010_R2_clean.doc. International SDO Glossary at TSC Tracker # 1679, Project Insight ID# 495]
 
We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start.  Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in.
 
We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start.  Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in.
Line 54: Line 55:
  
  
Agenda Item: (added)
+
Agenda Item: Security and Privacy Ontology Update (Tony Weida)
Tony Weida – Has been focusing on: adding description and source annotation to many of the classes in the security-privacy Owl portion of the ontology. So far I’ve been taking them verbatim in most cases..Not sure if they are satisfactory in the perspective of the ontology.  I’d like to send out as is…accepting proposals for improvement –hoping in next few days to get it out there for everyone to start reviewing it and provide comments.
+
Currently focusing on: adding description and source annotation to many of the classes in the Security-Privacy OWL portion of the ontology. Tony has been taking definitions verbatim in most cases--not sure if they are satisfactory in the perspective of the ontology.  Tony would like to send out the latest version as is in next few days and is accepting proposals for improvement.
 +
* members will be notified when latest version is posted.  Please provide comments and suggests back to [mailto:weida@apelon.com Tony Weida (weida@apelon.com)]
  
Mike ( john) do remember that lori brought us in a list of about 200 stands that she had listed down…classified by security area? Do you recall that?
 
John – no
 
Mike – that would be a relaly nice thing to have.  I think we took that we started our initial cuts and anysis of requiretns from that---that would be a goo thing to ghave … Mike TO ASK LORI F. TO FIND AND RE-PROVIDE THAT INFORMATION TO US.
 
 
John – she probably doe shave something… woudn’t know hwa to search for in my archives
 
  
We can end the call here (out of agenda items)…  Meeting adjourned at 10:34 PST
+
At the top of the hour (1400 EST), attendees plesse read:[http://gforge.hl7.org/gf/download/docmanfileversion/5950/7714/11-1_SHIPS SHIPS Document] prior to start of CBCC meeting  
John – motion to adjourn
 
Suzanne: Second, motion to adjourn until top of the hour (1400 EST), with note to read SHIPS document [http://gforge.hl7.org/gf/download/docmanfileversion/5950/7714/11-1_SHIPS SHIPS Document] prior to start of CBCC meeting  
 
  
Meeting Adjourned at 10:30 PST, reconvened at the top of the hour with CBCC agenda
+
Meeting adjourned at 10:34 PST [JMoehrke-  motion to adjourn; Suzanne: Second.
 +
Meeting reconvened at the top of the hour (1400 EST with CBCC agenda)
  
 
==Action Items==
 
==Action Items==
  
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]

Revision as of 20:10, 3 November 2010

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page


Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) Standards Knowledgement Tool (SKMT Discussion - Mike Davis SKMT Glossary?
  3. (15 min) Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis
  4. (15 min) Item#
  5. (5 min) Other Business

Minutes

  1. Roll Call, Approve Minutes & Accept Agenda
    1. Meeting Minutes Approval: (No meeting held last week)
  2. Standards Knowledgement Tool (SKMT Discussion - Mike Davis SKMT Glossary?
    1. AGENDA Item: SKMT Discussion

(Mike) SKMT has various vocabularies that it makes available to outside folks for sharing purposes. (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.

Note: GE/VA and possibly others on VPNs may not be able to access link. The  SKMT glossary does not seem to have the same problem. 


TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 . And ask about the SKMT (Mike) I’ve been talking with Deepak Calra who says this is an ISO-HL7 joint effort. At an EHR meeting they gave a presentation and mentioned that the RBAC Permission catalog is apparently in the SKMT. We see the SKMT at this point as a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards. Mike actually got involved in this because of the Purpose of Use (POU) specification – they were changing the names and definitions of access control because they (Canadians) did not like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever. So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything. It’s in the form of a Project Scope Statement, see LINK: International SDO Glossary at TSC Tracker # 1679, Project Insight ID# 495 We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start. Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in. Agenda Item: Security-Privacy DAM, vocabulary harmonization spreadsheet We are continuing with work that Steve Connolly had begun in May 2010. We have this to work with Harmonized DAM Vocabulary spreadsheet. We need to go through the DAM and identify standards that support the classes. This was a US-Realm model, but OASIS is also asking this, they are producing some healthcare profiles for internation publication in ITU. They shouldn’t be developing these terminology attributes anddomains, but using the stuff that HL7 provides, that’s one of the motivations for this---publication. One of the things we need to do (looking for volunteers) is to go through DAM and identiy classes that are necessary explicitly for a requestor PROVIDING TO A PROVIDER – information model a has lots of clasees that have nothing to do with the request from the provider. (I have these roles, I have these things) we can use some assistance in identifying . You can mark them down the kinds of things that should/should not be in that kind of request.

Please take a look at the harmonized DAM [add GForge link Security-Privacy Harmonized Domain Analysis Model] Please comment on any international standard that could provide vocabulary, that would possible provide vocabulary in this manner. Provide to John Moehrke, Suzanne Gonzales-Webb or Mike Davis in any format---it would save us a lot of time that could give us assistance.

  1. Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis


Agenda Item: Security and Privacy Ontology Update (Tony Weida) Currently focusing on: adding description and source annotation to many of the classes in the Security-Privacy OWL portion of the ontology. Tony has been taking definitions verbatim in most cases--not sure if they are satisfactory in the perspective of the ontology. Tony would like to send out the latest version as is in next few days and is accepting proposals for improvement.


At the top of the hour (1400 EST), attendees plesse read:SHIPS Document prior to start of CBCC meeting

Meeting adjourned at 10:34 PST [JMoehrke- motion to adjourn; Suzanne: Second. Meeting reconvened at the top of the hour (1400 EST with CBCC agenda)

Action Items

Back to Security Main Page