This wiki has undergone a migration to Confluence found Here
March 14, 2017 Security Conference Call
Back to Security Work Group Main Page
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
. | John MoehrkeSecurity Co-chair | x | Kathleen ConnorSecurity Co-chair | . | Alexander Mense Security Co-chair | . | Trish WilliamsSecurity Co-chair | |||
x | Mike Davis | x | Suzanne Gonzales-Webb | x | David Staggs | x | Mohammed Jafari | |||
x | Glen Marshall, SRS | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Galen Mulrooney | |||
. | Duane DeCouteau | . | Chris Clark | . | Johnathan Coleman | . | Aaron Seib | |||
. | Ken Salyards | . | Christopher D Brown TX | . | Gary Dickinson | x | Dave Silver | |||
x | Rick Grow | . | William Kinsley | . | Paul Knapp | x | Mayada Abdulmannan | |||
. | Kamalini Vaidya | . | Bill Kleinebecker | x | Christopher Shawn | . | Grahame Grieve | |||
. | Oliver Lawless | . | Ken Rubin | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Review and Approval of Security WG Call Minutes March 7, 2017
- (40 min) TF4FA Ballot Reconciliation Spreadsheet Disposition Review and current TF4FA with some of the Comments with typo Errata
- (5 min) Review any Security WG comments on ONC-sponsored: PGHD Overview and Google Document version for inline comments Consumer Electronics Association Guiding Principles on Privacy and Security of Personal Wellness Data Comment deadline Moved to March 10th. Diana to present comments collected to date for approval.
- (2 min) Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen
- (2 min) [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- (2 min) Security Labeling Service Revision Update - Diana
- (2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call - cancelled.
Minutes
- Chaired by Kathleen
- Agenda Approved
- Review and Approval of Security WG Call Minutes March 7, 2017 (Defered to next call)
- TF4FA Ballot Reconciliation Spreadsheet Disposition Review and current TF4FA with some of the Comments with typo Errata
- Motion approved on Block Vote for Comments made by David and Ioanna's (Beth, Diana, Donna)
- Ioanna's Block comment 69-75 are approved
- Comments were emailed out to group to ballot in May 2017
- Johns comments and concerns Reviewed:
- The Difference between Concrete and Abstract on Security labels
- Diagram on Token Exchange
- John provided further explanation: When we are in a portion of describing abstract we should remain consistent and not include specific technology specific information
- There other ways to describe negotiation
- Too much context was described for security tokens which would force it to be platform specific on using eg: XAML
- Kathleen comment: I do not see anything specific, we should revisit this topic to verify if it is platform specific
- Next Step: David will verify if the references are platform specific definition
- Johns comment/issue:
- What is the difference between Run time vs Trust Model Application accepting Requests
- Is this intended to be done as an approach to building a persistent trust framework between organization
- Or; is it intended to be done transaction by transaction basis?
- Kathleen response: Volume will highlight the different type of behaviors
- Glen Comment: HL7 has been using stateless protocols, there will be no persistence across transactions
- Next Step: Should be made clear in Volume 2
- John requests it to be addressed
- Johns request: Only creating a Trust Domain, interoprability defines the way to create the Trust Framework
- Kathleen's response: One meaning is exchanging the policies in Federated Trust Framework
- (Persuasive with Mod) - Differentiate the representation of policies vs interoparability exchange
- Comment: Assumptions should include code set of services implementation and not be more abstract
- eg: In the Spec everyone should see the Code set for example is normal
- Codes used for roles and sensativity tagging
- eg: Data Services Agreement is an instance of concrete example
- Next step: David to update Terminology of Use of Content
- Comment: To spell out DRSA acronym as it is not commonly used
- (Persuasive)
- Comment: Claim vs Identity Attributes
- (Persuasive)
- Comment: Claim attributes should describe identity, does not go into detail authentication
- (Non-persuasive with Mod)
- Motion to approve disposition ( Diana, John)
- Review any Security WG comments on ONC-sponsored: PGHD Overview and Google Document version for inline comments Consumer Electronics Association Guiding Principles on Privacy and Security of Personal Wellness Data Comment deadline Moved to March 10th. Diana to present comments collected to date for approval.
- Project Scope Statement - Medical Devices Security - deferring follow up of outreach to Medical Device WG until ballot recons are completed- Kathleen
- [gforge ballot spreadsheet - HL7 PASS Audit Ballot Reconciliation Update] - Diana
- Security Labeling Service Revision Update - Diana
- FHIR AuditEvent and Provenance ballot comments & FHIR Security Call - cancelled.