This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

January 10, 2017 Security Conference Call

From HL7Wiki
Revision as of 20:00, 31 January 2017 by Mayada Abdulmannan (talk | contribs) (→‎Attendees)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Back to Security Work Group Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair x Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs . Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo x Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi . Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker . Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (2 min) Security WG Call Minutes December 20, 2016
  3. (15 min) TF4FA Behavioral Model Elaboration - Ioana Singureanu
  4. (5 min) Bernd Blobel TF4FA comments - Kathleen
  5. (5 min) John Moehrke's TF4FA comments - Kathleen
  6. (10 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
  7. (10 min) SLSv2 PSS - Diana
  8. (3 min) WGM Prep
  9. (5 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call

Minutes

  • Chaired by Alex
  • Agenda Approved (Kathleen, Ioana)
  • Security WG Call Minutes December 20, 2016-deferred to next meeting
  • TF4FA Behavioral Model Elaboration - Ioana Singureanu
    • Kathleen present Ioana who is tasked to move from conceptual model to background independent model showing services
    • Will present at connectathon
    • Ioana presented the source model:
    • The document is out for review shows high level concepts of trust framework
    • Trust contract, federated security policy negotiated between the two domains
    • Negotiation between domains results a signed agreed upon trust contract
    • Results in making authorization decision between the two federated domains
    • The Security token based on the trust contract and initiated an exchange flow between resources
    • All the systems will have trust marks with the capabilities
    • The two domains would be one initiating domain and one responding domain
    • The trusted policy federation services exposes
    • Assertions are also independently validated
    • Attribute and Role based access control policies
    • Kathleen requested for Ioana to look at different levels of assurances mechanisms within the HL7 vocabulary such as Trust Marks
    • Identity Management and Proofing is not covered, only asserting authorization level federation
    • Level of identity proofing can be asserted
    • A domain by definition has defined set Users, Data accessed by user, and Policy; The negotiation is about the negotiating the data in the contract. The level of assurance is Domain wise.
    • We use minimal identity proofing, we don't use two faze authentication, which allows each domain to apply its own policies
    • The operation for trust services is operation complete contract, with authorization policy, handling instructions, security label's functionality to deal with authorizations
    • Multiple level of assurances can occur within one domain
    • Between two organizations you can have hundreds of Domains depending on the two users; it is fluid and flexible


  • Below Agenda Items will be carried forward to next Work Group call:


  • Bernd Blobel comments - Kathleen
  • John Moehrke's TF4FA comments - Kathleen
  • gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
  • SLSv2 PSS - Diana
  • WGM Prep
  • FHIR AuditEvent and Provenance ballot comments & FHIR Security Call2 min) Roll Call, Agenda Approval
  • Security WG Call Minutes December 20, 2016
  • TF4FA Behavioral Model Elaboration - Ioana Singureanu
  • Bernd Blobel TF4FA comments - Kathleen
  • John Moehrke's TF4FA comments - Kathleen
  • gforge ballot spreadsheet - HL7 PASS Audit Ballot outcome] - Diane
  • SLSv2 PSS - Diana
  • WGM Prep
  • FHIR AuditEvent and Provenance ballot comments & FHIR Security Call
Retrieved from "https://wiki.hl7.org/w/index.php?title=January_10,_2017_Security_Conference_Call&oldid=132999"