Security Working Group Meeting

• Meeting Information

==Attendees== (expected)

• Steven Connolly
• Tom Davidson
• Mike Davis Security Co-chair
• Suzanne Gonzales-Webb CBCC Co-chair
• Rob Horn
• Don Jorgenson
• Glen Marshall Security Co-chair
• Rob McClure
• John Moehrke
• Milan Petkovic
• Pat Pyette

• Scott Robertson
• David Sperzel
• Richard Thoreson CBCC Co-chair
• Ioana Singureanu
• Servafina Versaggi
• Tony Weida
• Craig Winter
• Kathleen Connor

Agenda

1. (05 min) Roll Call, Approve Minutes & Accept Agenda
2. (15 min) HL7 Security Risk Assessment Document v2.1
3. (15 min) Appeal to member on call to vote affirmatively on Permission Catalog work

• Comment to be made on ballot (negative), regarding the need of authoritative sources on both the actions and objects. Adding sources would not be a major change (and we would not have to reballot. We should be consistent wit polocy and include these sources.
  • Operation defintions (current) were developed specifically for RBAC
    • Discovery of

1. (15 min) Action items from last call

• Negotiations use cases - informally agreed to document these use cases
  • human to human negotation (to be provided by Steve Connolly
  • human to machine negotiation (to provided by John Moehrke) i.e. override/break glass use case
  • machine to machine (fully automated, to be provided by Steve Connolly) set of policies some of which are jurisditional defaults/access control policies which need to combined in some certain way - which is IN SCOPE for our project

Exploring 3 use cases and not deciding at this time MOTION: We will prepare 3 use cases that synthesize the discussion we have had about privacy policy. collaboration to ensue. John Moehrke and Steve Connolly will collaborate and provide the first draft. Purpose of the use cases is to come to grips to defintion of negotiation and other concepts which may come out of it Amendment: To create a glossary of terms and small set of use cases Clarification of policy/scope of motion: access control policies such as: access disclosure, privacy policies,consent directive that have to do with access use. (i.e. related to patient privacy preference) Call to VOTE: Objections/OPPOSE: 0; Abstain: 0 Affirmative/PASS: 16 Discussion:

1. (5 min) Other Business

TO DO LIST

1. VOTE - Ballot Closes Monday, September 14th
2. Provide comments to the above HL7 Security Risk Assessment Document to [suzanne.l.gonzales-webb@saic.com Suzanne] or have comments prepared for Security WG meeting in Atlanta. Note: Presentation accompanying document to be posted before the end of this week

REMINDER: BALLOT

There is a week remaining until Ballot Voting Closes, Monday, September 14th. Please be sure to vote before this deadline.

Voting Close Date – September 14 Voting for all pools closes on Monday, September 14 (end-of-day, midnight Eastern time). Please note that Ballot Pool sign up closed yesterday--September 07

Ballot Announcement

Ballot Desktop (will reflect any changes to ballot level

Action Items

Back to Security Main Page