This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

July 28, 2015 Security WG Conference Call

From HL7Wiki
Revision as of 03:19, 29 July 2015 by Suzannegw (talk | contribs)
Jump to navigation Jump to search

Attendees

x Member Name x Member Name x Member Name
x Mike DavisSecurity Co-chair . Duane DeCouteau . Chris Clark
John MoehrkeSecurity Co-chair Johnathan Coleman . Aaron Seib
x Alexander Mense Security Co-chair . Ken Salyards x Christopher Brown TX
. Trish WilliamsSecurity Co-chair . Gary Dickinson . Tim McKay
x Kathleen Connor . Ioana Singureanu . Mohammed Jafari
x Suzanne Gonzales-Webb . Darrell Woelk . Galen Mulrooney
x Diana Proud-Madruga Grahame Grieve x William Kinsley
x Rick Grow x Chethan Makoahalli Lloyd McKenzie
x Dave Silver x [mailto: Bill Kleinebecker] [

Back to Security Main Page

Agenda DRAFT

  1. ( 5 min) Roll Call, Agenda Approval, Approve July 21 Meeting Minutes
  2. ( 5 min) PASS Access Control Conceptual Model (SOA) Update - Diana, Don Jorgenson
  3. (10 min) ACS model - Mike/Dave Silver
  4. ( 5 min) Joint Vocabulary Alignment Update - Diana
  5. ( 5 min) PSAF Update - Kathleen
  6. ( 5 min) Status of Provenance and AuditEvent subcommittee - Kathleen/John
  7. ( 5 min) FHIR Security Discussion Block Vote for approval August 4
  8. ( 5 min) October 2015 HL7 WGM - Atlanta, Georgia USA - agenda items
    • Please send any agenda items to Suzanne

FHIR AuditEvent Block Vote

  • 7432 2015May core #720 - AuditEvent requestor (Helen Broberg) Not Persuasive
  • 7565 2015May core #856 - Fix link (Kathleen Connor) Not Persuasive with Mod
  • 8123 AuditEvent constraints are too tight (Lloyd McKenzie) Persuasive
  • 6233 AuditEvent confusion on 'idenfier' elements that are actually strings. Affects understanding as well as search (which should not be token) (John Moehrke) Persuasive with Mod
  • 6269 AuditEvent needs a Participant userId type code to explain how to understand the value in userId (e.g. Patient ID in CX form) (John Moehrke) Persuasive with Mod
  • 7431 2015May core #719 - AuditEvent source identifier (Helen Broberg) Persuasive with Mod
  • 7564 2015May core #855 - AuditEvent.event value set is a mess (Kathleen Connor) Persuasive with Mod

Meeting Minutes

Meeting Minutes for July 21'

  • Meeting Minutes for July 21 were unanimously approved
  • no additional agenda items suggested or added

PASS Access Control Conceptual Model (SOA) Update - Diana Discussion:

  • How obligation will fit into the PASS AC Model
  • How obligations are dealt with in terms of SLS, and
  • How to put obligations into the AC model at a higher (conceptual) level
  • SOA meeting on Monday, discussion w/Don; placement of SOA diagram
    • pointed to process documents that SOA follows when completed functional model documents
    • based on the template (SOP/development practice) the diagrams of the FM will come after the FM model requirements
    • Kathleen would like to know why SLS is more in the weeds than obligations
    • ACS is a conceptual model, whereas SLS is more specific

There are some drawings in the SLS that have been adapted for standards, with a little modification we can use those diagrams to update the SOA Access Control. Items will be covered conceptually

  • Per Kathleen, there are items already in HL7 on obligations and care should be taken to align with those items.
  • As an interoperability spec, we need to be able to relay that information
what the contract needs to say between the parties (what is being consumed)
what labels would be put on the document, including handling instructions which convey some policy.

When the obligations are a type of polcy that can be conved w security lables, but can also be enforced by custodian Discussion

ACS Model -

  • revised version of functional model and corresponding requirements statements (v3) to Diana,Kathleen for distribution to group/for comment
    • biggest changes is consolidation/streamlined the authorization manager and started to promote to green level
    • consolidated to be cleaner (and to what Muhammad has recommend)

otherwise generally the same

Capabilities listing

  • within the functional model diagram, reworked into a requirements statement
  • in most cases, its background, or clarification. a subrequirement
    • recommend items should read as shall
    • additional recommendations noted
  • note that guidance is heavily 'copy and paste'

What is the timeline for folks to provide comments?

  • not specified yet
  • items will be posted on GForge and link sent to Security WG

Joint Vocabulary Alignment

  • preliminary guide for creating dicitionary vocabulary
  • basic process outlined in the guide, in using the process group has come up with definitions in the viewpoint in EHR which will allow Security, Provenance and ___ and where they fit
  • two definitions were processed (not quickly) at the last meeting; several distinctions were relayed at the last meeting making the process not quick, not repeatable. Having a process is better than where we were but the fine-grained distinctions may not relay to other languages.
  • the notion of the extended definitions i.e. W3C mold, there is a core, one-sentence/well-crafted definition (following the rules), the extended definition contains much more detail, and in general where the definition is trying to get to. A broader description
  • definite progress made, but there is concern on how long it will be before the definitions will be completed
  • rules were determined from several places including Wiktionary (dictionary version of Wikipedia)

Example shown

PSAF Update - Kathleen sketching out policy information models previsoulsy working on the HCS in Harmonization:

  • an e-mail thread
  • technical conficitiaonly changes
  • presentation by Graham/Lloyed and approved by JOhn Moehrke
    • in the proposal it said that the Security WG -
    • provenance observation

issue raised on governance