HL7 FHIR Security 2016-3-15

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Agenda

• Roll; approval of agenda and March 1, 2016 minutes
• Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.

• CPs for Review
  • Security CP 9563 Add onBehalfOf to Signature datatype - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer.
    • Review John's interaction diagrams for Provenance and AuditEvent showing how these may be generated by both the user system and the recipient server.
    • Discuss Homework for alternatives using XADES and for "onBehalfOf" - such as UCC "personal representative" as the name of the proposed Signature datatype element. Also, alternative and broader definitions not limited to delegation.
    • See John's comment in this CP for additonal information.
  • Review deferred Security PC 9407 Align AuditEvent and Provenance action/activity element definition Continue work on activity definitions.
  • RE: 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod: Consider use cases and modeling to clarify whether both Provenance.target and Provenance.entity should both have associated lifecycle elements in terms of W3C PROV differentiation of "activity" such as "generate" and the attribute edges that indicate lifecycle such as "was generated by".

• • Security PC 9407 Align AuditEvent and Provenance action/activity element definition Continue work on activity definitions.
• Next set of discussion
  • 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod
  • 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
  • 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
  • 9150 Provenance TODO section cleanup (John Moehrke) None
  • 9151 AuditEvent has TODO section to be removed (John Moehrke) None
  • 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
  • 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
  • 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
  • 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
  • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None

Minutes

• TBD chaired.
• TBD approval of agenda and minutes.
• Discussed John's two interaction diagrams to shows:
  • Provenance Interactions
    • Generation of a Provenance Resource recording the user agent activity that caused the Provenance.target
    • Possible linking of the user's Provenance Resource to a Resource that the user POSTS/PUTS on or TRANSFERS to a FHIR Server and possible persistence by the Server.
    • Generation of a Provenance Resource recording the Server's CREATE/UPDATE
  • AuditEvent Interactions
    • Generation of AuditEvent Resource recording the actions on the system triggered by the user agent and facilitating agent activities [e.g., user authenticating, system handshakes required for transfers, etc.]
    • Generation of AuditEvent Resource recording the actions by the Server.
• RE: Security CP 9563Add onBehalfOf to Signature datatype
  • “onBehalfOf" definition of " = Agent who delegated signing or did not have the legal standing to sign for themselves (such as a child) e.g., a party to a contract, consent directive, witness, attester, etc.
  • Add "onBehalfOfReference" definition: The delegator for which the “who” Reference, e.g., a Device, signed on behalf of. The delegator can only be a Referenced Resource type in the context in which the signature is used. E.g., in a contract, where a signing party must have legal standing, by limiting Referenced resources to Organizational or Person like Resources, may be enough of a constraint to prevent a device being the delegator to another device and thereby a signer which must have legal standing.
  • NOTE that W3C PROV Namespace has a description for "actedOnBehalfOf" = "Delegation is the assignment of authority and responsibility to an agent (by itself or by another agent) to carry out a specific activity as a delegate or representative, while the agent it acts on behalf of retains some responsibility for the outcome of the delegated work.
• Alternative approaches were discussed, including using XADES delegation and countersigning capabilities.
• Rob suggested using the UCC term "personal representative" vs the W3C PROV term "onBehalfOf".
• Homework: To review XADES and HL7 Digital Signature CDA IG for alternative approaches, and to consider alternatives to "onBehalfOf" as well as a definition that covers more than the delegation use case.
• Deferred discussion of Security CP 9407 - aligned AuditEvent.activity and Provenance.activity.