April 3, 2018 Security Conference Call
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
| . | Diana Proud-Madruga | x | Francisco Jauregui | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| Beth Pumo | . | Bo Dagnall | . | Riki Merrick | . | Theresa Connor | ||||
| . | Mohammed Jafari | . | Ioana Singureanu | . | Rob Horn | . | [mailto: Matt Blackman, Sequoia] |
Agenda
- (2 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of March 27, 2018 minutes
- (5 min) TF4FA Normative Ballot submitted - Mike
- (15 min) FHIR Security Updates - John
- (15 min) Security Cologne May WGM Agenda
Meeting Minutes DRAFT
Roll Call, Agenda Approval Kathleen chair
Meeting Materials
- Trust Framework for Federated Authorization presentation
- TF4FA Vol. 2Behavioral Model May Ballot
- Is Privacy Obsolete Study Group news from EU
- HIMSS - What Healthcare Organizations need to know about the GDPR and HIMSS Presentation recording
- Dutch referendum: Spy tapping powers 'rejected'
Meeting Minutes (DRAFT)
Role Call, Agenda review, meeting minutes approval
Meeting Minutes for 3/27/2018 approved Motion to approve: (Suzanne/JohnM) objections: none; abstentions: none approval:
TF4FA Normative Ballot - Mike/Kathleen
- ballot submitted - Mike/Kathleen
- No comments
- need to confirm this is what intended for the v3 ballot package
- short discussion of the document included
- this goes to the link with the documents and the .xml file that is used to generate the HTML (PDFS, PSAF v3 Ballot package)
- note that CBCP co-chair are listed as co-sponsors
- Kathleen will confirm for the WG that it is ready to go
PSAF weekly calls are cancelled at this time and may be restarted once reconciliation starts
FHIR Securty Updates
- call just completed - new time is attracting more people
- ZULIP chat is security and privacy stream, additional stream so that only pertinent security and privacy information will be conveyed
- Johnathan was able to join, reviewed the key consideration of the ONC white paper
- recommend TL@ 1.2 or high in place of just "TLS" adding some references on why we say 1.2
- discussion around input validation and vulnerability assessment an dfuture improvement opportuntiites
Add information from FHIR Security Call
Connectathon - FHIR Connectathon track - hopefully, take GDPR as a set of requirement and take the S&P capabilities in and around FHIR--can we show a relationship between them
- 'hey we have provenancne resournce, can it aid with clase 243 and 398, etc
- without goingtinto too much detail, just showing relathiopi, showing how scenarios provie it.. themore we get done the better
- setting the bar low, trying to get a cross-reference with the S&P items we have
- in that level we can see that we have a gaping hole that we need to add ... if such a thing exisits
- the toerh is a less forma, grahame is stinterested in standing up a hyperledgerinfranstructiure (general purpose - block chair infrastrucutre) tofor block-chain
- call out in zulip chat, in developing asenario around that type of infrastructure... three different proposes but no fis onteh hook
Agenda for Cologne Agenda;;; patterns on FHIR
Kathleen received xx from Rene Spronk
- he is working on a gdpr presentation on healthcare data interoperability - on vocab we might need,
- longer than what we can use for the Q3/Q4 MOnday joint,
- Kathleen spoke to Gary Dickenson who thought it might be a good idea for meeting with EHR joint
- Rene goes through security lables an dmain parts of gdpr which is required in an authomated fashion
- possible new codes for v3
- have server which can deal with security labels
- mayb ebe able to mock up POU, certain kinds of actions, involving gdpr
- use cases featuring gdpr, SL, etc (suggested)
Next week - kathleen should have something to present in regard to the Cologne agenda reminder: one of th ethoguhts was to have a couple of our FHIR security topic areas have prominent spots in the weeklong agenda, for people who wouldn't normally find us...can find us
- johnM is trying to find what those times areas might be... (for cologne agenda)
- l*block of time...would be great to have input from the FHIR WG... risk management an ditems like that
- suggesteions requested for topic areas...we can determine where our priorities line up.
Additional items? in materials, kathleen adds salient information to meeting minutes -
- take a look at changes to .. so that you have a navigating
privacy obsolete - added links, to breahes, breaches to be considered in court, suveince techniques, etc. related to privacy issues the HIMSS presentation on GDPR is excellent if you wanto have a sense on what US entities might be interested on... may have interest
meeting call adjorned at 1228 Arizona time --Suzannegw (talk) 15:26, 3 April 2018 (EDT)
