November 1, 2016 Security Conference Call

Back to Security Work Group Main Page

Attendees

Back to Security Main Page

Agenda DRAFT

1. (2 min) Roll Call, Agenda Approval
2. (3 min) Approve Security WG October 25, 2016 call minutes
3. (15 min) PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
4. (15 min) SOA on FHIR Diane and Ken Rubin
5. (15 min) Review and Approval of the long overdue Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
6. (3 min) PASS Audit Conceptual Model – Diana
7. (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call

Minutes

• John chaired
• Roll Call, Agenda Approval -- Mike/Glen - Unanimous
• Approve Security WG October 25, 2016 call minutes -- Beth/Diana - unanimous
  • Diana and Ken on SOA on FHIR
  • Service specification NSCI level II process was pre-FHIR service specification
  • After FHIR if you take functions like evaluate and implement in FHIR server
  • How to implement FHIR consistand SOA specs into FHIR
  • Leverage FHIR artifacts to adapt to service functional model
  • Resources and implementation guides used to constitute a FHIR enabled service
  • Action items to adapt FHIR peces as a collection as an emerging service
  • To produce a FHIR SOA Profile, and extent the resource extensions necessary that will service/profile sepcific
  • Implementation Guide will stitch all collective pieces to create the service
• FHIR community allows customization, naming conventions will be used such as prefix and suffix of SOA etc
  • SFM will continue to be produced
  • Alot will happen in parallel
  • The process will govern how SOA does its work that is service related using FHIR
  • Comment: Security Work group can have FHIR Framework that would have services- Mike Davis
  • Recommendation: please include Security services with Health Care services- Mike Davis
  • If anyone wants updates they can subscribe to SOA list

• • SOA on FHIR
• Mike and Dave Silver to discuss any updates to the ballot material.
  • PSAF/TF4TA
• TF4FA using model open identity using trust specification
  • We have a legal framework for Security and Privacy for requirements and consent
  • We included certification criteria
  • We included technical framework
  • We maybe able to take the Trust model and make it FHIR specific
  • Potentially Trust Technical Framework may match the services described for FHIR by Ken
  • Models included:
  • Trust services model is part of the Trust Services
  • Domain Model
  • Class Model- Policy info model to realize a domain policy
  • Once we have trust framework services it will ultimately involve a legal framework
  • Trust Services Model has seven identified services
  • Requests would have user attributes, roles, clearances, and other access control information
  • The purpose of use would have the User and Request attributes
  • Each Domain will have Trust tokens
  • Policy information Model is also included
  • The context of IT841 is the security policy information File and guidelines
    • Policy Vocabulary is included, as well as Policy Handeling instructions

• Kathleen mentioned need to review old ballot results next week Security and Privacy DAM Reconcilation spreadsheet - Kathleen: We need to get these affirmative comments resolved and uploaded to the ballot site in order to get the DAM published and included in the 2017 Normative Edition.
• FHIR AuditEvent and Provenance ballot comments & FHIR Security Call is planned- Diana