This wiki has undergone a migration to Confluence found Here
Difference between revisions of "2014-04-10 Tooling Call"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
==Tooling Meeting == | ==Tooling Meeting == | ||
===Meeting Information=== | ===Meeting Information=== | ||
− | |||
{|border="1" cellpadding="2" cellspacing="0" | {|border="1" cellpadding="2" cellspacing="0" | ||
Line 41: | Line 40: | ||
| .|| . | | .|| . | ||
|- | |- | ||
− | | ||Woody Beeler, interim Vocabulary liaison | + | |x ||Woody Beeler, interim Vocabulary liaison |
|- | |- | ||
− | | ||Wilfred Bonney, HL7 HQ | + | |x ||Wilfred Bonney, HL7 HQ |
|- | |- | ||
− | | || | + | |x ||Dennis Cheung, co-chair, CIHI |
|- | |- | ||
− | | || | + | |x ||Matt Graham, Mobile Health liaison |
|- | |- | ||
− | | || | + | |x ||Austin Kreisler |
|- | |- | ||
− | | || | + | |x ||Lynn Laakso, HL7 HQ Tooling Support |
|- | |- | ||
− | | || | + | |x ||Ken McCaslin |
|- | |- | ||
− | | || | + | |x ||John Quinn, CTO |
|- | |- | ||
− | | || | + | |x ||Andy Stechishin, Co-chair |
|- | |- | ||
− | | | + | |x ||Michael van der Zel, co-chair |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
| || | | || | ||
Line 78: | Line 65: | ||
|- | |- | ||
<!-- ***** Delete instructions and change quorum requirements ON NEXT LINE *****--> | <!-- ***** Delete instructions and change quorum requirements ON NEXT LINE *****--> | ||
− | |colspan="2" |'''Quorum Requirements Met (co-chair plus 3 counting staff): '''(yes | + | |colspan="2" |'''Quorum Requirements Met (co-chair plus 3 counting staff): '''(yes) |
|- | |- | ||
Line 140: | Line 127: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
===Minutes=== | ===Minutes=== | ||
Line 159: | Line 141: | ||
'''Minutes/Conclusions Reached:'''<br/> | '''Minutes/Conclusions Reached:'''<br/> | ||
+ | Convened at 2:04 PM - No GoToMeeting available today | ||
+ | * Roll Call & Agenda Review - no changes, approved by general consent | ||
+ | * Approval of previous minutes from [[2014-04-03 Tooling Call]] Andy moves and Woody seconds approval. Unanimously approved. | ||
+ | <!-- ACTION ITEMS --> | ||
+ | <!-- --> | ||
+ | * Review [http://gforge.hl7.org/gf/project/tool-proc-arch/tracker/?action=TrackerItemBrowse&tracker_id=445 action items] - | ||
+ | **Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library. Andy has not yet sent John an email. | ||
+ | **Andy (and Dennis) will follow up with Diego on the Education project; they have edits to make to a spreadsheet and may have it for next week. | ||
+ | **Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point. Andy has the metadata requirements for MIF and needs to put them on the wiki. The FHIR registry will need a FHIR based REST interface and may use Furore's proposed registry. | ||
+ | **Look into GForge project for the MWB source code on Delphi - Andy has not spoken with Matt about this. It's currently on sourceforge. Matt feels it could work either way but depends on Rob Snelick and the NIST folks. Discussion on sourceforge ensued. Matt adds he spoke with Viswan at sourceforge for committing the code and has some issues. He suggests we review with CGIT on how we want to pursue this. Specifically the flat file structure would benefit from some subdirectories. ACTION ITEM: Andy will reach out to Rob Snelick to check on sourceforge as the platform. | ||
+ | ***Matt adds that once checked in a licensing check is needed and update to the about page for the components that are freeware, open source, etc. | ||
+ | **Matthew to follow up with the ES regarding the Mobile Health project scope statement - project number 1055. The outstanding issue on ROI has been addressed. There may be other software packages out there for attendance tracking that might already do what we need. | ||
+ | <!--Tooling Liaison Reports - Third Thursdays--> | ||
+ | <!--REPORTS--> | ||
+ | <!-- --> | ||
+ | *Project Updates | ||
+ | **[http://www.hl7.org/Special/committees/v3toolstaskforce/projects.cfm?action=edit&ProjectNumber=913 PI# 913] [[HL7 Tooling Challenge]] - first webinar scheduled for Monday 4/14 to learn about the Tooling Challenge, moderated by Andy and panelists Woody and AMS. You can register at https://attendee.gotowebinar.com/register/6951886924193663745. Please forward this to anyone you think would be interested. | ||
+ | ***Woody asks for a few slides to open the discussion to describe this year's challenge and relationship to last year's challenge. Andy will create some | ||
+ | *Other | ||
+ | **Woody raises a question on OpenSSL vulnerabilities that have been reported and any effects on our hosted servers. Lynn will check with Mike to get a statement from GForge on exposure. The Wiki also may also be affected but that is an issue for ES. GForge is the Tooling WG's responsibility. As a server-side issue it affects servers e.g. FHIR but not client side i.e. most of the HL7 sponsored tooling. | ||
+ | **Ken/Austin report on the recent XSLT vulnerability finding in the CDA transform. Rick Geimer has been working on a fix and has a proposed solution. They wish to have a more thorough code review of the proposed solution and testing ideas. Josh Mandel initially identified the issues. | ||
+ | ***Michael notes that we are not the first to discover this so there must be tools out there to aid in testing. | ||
+ | ***Andy notes that this is a security hole in XML not in the CDA spec. Standard practice is to not arbitrarily display html from comment blocks but to "cleanse" it first before sending to the browser. He suggests a formal test be conducted to run with an old and new transform with a script exploiting the security. Austin suggests that Josh Mandel should specifically be invited to help test. He also suggests the ITS WG may have the real XML and XSL experts and we could invite them to help. Paul would be good for doing that but Dale is also employed by Lantana and would have a conflict of interest in testing Rick's fix. Woody, Andy, Josh Mandel, Michael vdZ and Lloyd would be a reputable test team. Dale and Lloyd still need to be asked; Ken will speak with Josh. | ||
+ | ***Woody asks if we need to add something to validate MIF files. Andy notes we could but it would probably not be valid. The authors of the MIF files have even more damaging access to other resources. | ||
− | + | Adjourned 2:57 PM. | |
− | |||
Line 178: | Line 183: | ||
| width="100%" align="left" style="background:#f0f0f0;"|'''Actions''' '' | | width="100%" align="left" style="background:#f0f0f0;"|'''Actions''' '' | ||
− | + | **Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library | |
− | * . | + | **Andy (and Dennis) will follow up with Diego on the Education project; |
+ | **Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point. | ||
+ | * . Andy will create some slides to open the discussion to describe this year's challenge and relationship to last year's challenge. | ||
+ | * Andy will reach out to Rob Snelick to check on sourceforge as the MWB code repository platform. | ||
|- | |- | ||
<!---======================================================================= | <!---======================================================================= |
Latest revision as of 19:20, 10 April 2014
Tooling Meeting
Meeting Information
HL7 Tooling Meeting Agenda/Minutes | |
Location: Phone: +1 770-657-9270; Participant PassCode:586935# GoToMeeting ID: 482-299-629 |
Date: 2014-04-10 Time: 2PM Eastern |
Facilitator: Dennis | Note taker(s): Lynn Laakso |
Attendee | Name, Affiliation |
. | . |
x | Woody Beeler, interim Vocabulary liaison |
x | Wilfred Bonney, HL7 HQ |
x | Dennis Cheung, co-chair, CIHI |
x | Matt Graham, Mobile Health liaison |
x | Austin Kreisler |
x | Lynn Laakso, HL7 HQ Tooling Support |
x | Ken McCaslin |
x | John Quinn, CTO |
x | Andy Stechishin, Co-chair |
x | Michael van der Zel, co-chair |
Quorum Requirements Met (co-chair plus 3 counting staff): (yes) |
Agenda
Agenda Topics
- Roll Call & Agenda Review
- Approval of previous minutes from 2014-04-03 Tooling Call
- Review action items -
- Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library
- Andy (and Dennis) will follow up with Diego on the Education project;
- Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point.
- Look into GForge project for the MWB source code
- Matthew to follow up with the ES regarding the Mobile Health project scope statemen
- Project Updates
- PI# 913 HL7 Tooling Challenge - first webinar scheduled for Monday 4/14 to learn about the Tooling Challenge, moderated by Andy and panelists Woody and AMS. You can register at https://attendee.gotowebinar.com/register/6951886924193663745. Please forward this to anyone you think would be interested
- Other/New Business
Minutes
Minutes/Conclusions Reached:
Convened at 2:04 PM - No GoToMeeting available today
- Roll Call & Agenda Review - no changes, approved by general consent
- Approval of previous minutes from 2014-04-03 Tooling Call Andy moves and Woody seconds approval. Unanimously approved.
- Review action items -
- Andy will send John info about Regex expression license and follow up with Matt regarding MWB Library. Andy has not yet sent John an email.
- Andy (and Dennis) will follow up with Diego on the Education project; they have edits to make to a spreadsheet and may have it for next week.
- Andy will do an assessment of how well HingX meets those FMG registry requirements; Representation of metadata for DAMs might be different from the MIF metadata that Andy and Woody will work on for HingX (Patient Care, CIC) and will provide a starting point. Andy has the metadata requirements for MIF and needs to put them on the wiki. The FHIR registry will need a FHIR based REST interface and may use Furore's proposed registry.
- Look into GForge project for the MWB source code on Delphi - Andy has not spoken with Matt about this. It's currently on sourceforge. Matt feels it could work either way but depends on Rob Snelick and the NIST folks. Discussion on sourceforge ensued. Matt adds he spoke with Viswan at sourceforge for committing the code and has some issues. He suggests we review with CGIT on how we want to pursue this. Specifically the flat file structure would benefit from some subdirectories. ACTION ITEM: Andy will reach out to Rob Snelick to check on sourceforge as the platform.
- Matt adds that once checked in a licensing check is needed and update to the about page for the components that are freeware, open source, etc.
- Matthew to follow up with the ES regarding the Mobile Health project scope statement - project number 1055. The outstanding issue on ROI has been addressed. There may be other software packages out there for attendance tracking that might already do what we need.
- Project Updates
- PI# 913 HL7 Tooling Challenge - first webinar scheduled for Monday 4/14 to learn about the Tooling Challenge, moderated by Andy and panelists Woody and AMS. You can register at https://attendee.gotowebinar.com/register/6951886924193663745. Please forward this to anyone you think would be interested.
- Woody asks for a few slides to open the discussion to describe this year's challenge and relationship to last year's challenge. Andy will create some
- PI# 913 HL7 Tooling Challenge - first webinar scheduled for Monday 4/14 to learn about the Tooling Challenge, moderated by Andy and panelists Woody and AMS. You can register at https://attendee.gotowebinar.com/register/6951886924193663745. Please forward this to anyone you think would be interested.
- Other
- Woody raises a question on OpenSSL vulnerabilities that have been reported and any effects on our hosted servers. Lynn will check with Mike to get a statement from GForge on exposure. The Wiki also may also be affected but that is an issue for ES. GForge is the Tooling WG's responsibility. As a server-side issue it affects servers e.g. FHIR but not client side i.e. most of the HL7 sponsored tooling.
- Ken/Austin report on the recent XSLT vulnerability finding in the CDA transform. Rick Geimer has been working on a fix and has a proposed solution. They wish to have a more thorough code review of the proposed solution and testing ideas. Josh Mandel initially identified the issues.
- Michael notes that we are not the first to discover this so there must be tools out there to aid in testing.
- Andy notes that this is a security hole in XML not in the CDA spec. Standard practice is to not arbitrarily display html from comment blocks but to "cleanse" it first before sending to the browser. He suggests a formal test be conducted to run with an old and new transform with a script exploiting the security. Austin suggests that Josh Mandel should specifically be invited to help test. He also suggests the ITS WG may have the real XML and XSL experts and we could invite them to help. Paul would be good for doing that but Dale is also employed by Lantana and would have a conflict of interest in testing Rick's fix. Woody, Andy, Josh Mandel, Michael vdZ and Lloyd would be a reputable test team. Dale and Lloyd still need to be asked; Ken will speak with Josh.
- Woody asks if we need to add something to validate MIF files. Andy notes we could but it would probably not be valid. The authors of the MIF files have even more damaging access to other resources.
Adjourned 2:57 PM.
Meeting Outcomes
Actions
|
Next Meeting/Preliminary Agenda Items
|
© 2014 Health Level Seven® International. All rights reserved.