March 12, 2013 Security Working Group Conference Call
Contents
Security Working Group Meeting
Attendees
- Bill Braithwaite
- Kathleen Connor
- Mike Davis Security Co-chair
- Suzanne Gonzales-Webb CBCC Co-chair
- Adrianne James
- Diana Proud-Madruga
- Richard Thoreson CBCC Co-chair
- Tony Weida
- [mailto: Reed Gelzer]
- [mailto: Pat Pyette]
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) Security and Privacy Ontology Work (IRIs, conformance, level of assurance, operations) - Tony
- (15 min) May 2013 WGM Ballot Materials / HCS IG review (pre-ballot review)
- (15 min) Item3
- (05 min) Other Business
Meeting Minutes
Roll Call, Approve Minutes & Accept Agenda Rolle taken, Mike Davis, Chair
Meeting minutes from February 26, 2013 were approved (vote: 7 affirmative / 0 negative / 1 abstention (Reed Gelzer)
Meetings Minutes for Febary 27, 2013 Approved: 7/0/one abstentions (Reed Gelzer)
Security and Privacy Ontology Work (IRIs, conformance, level of assurance, operations) Tony Weida ACTION ITEM: Conformance Statement Document to be circulated to listserve <add link: conformance statement document>
Noted website: http://www.hl7.org/ontologies/SecurityAndPrivacyOntology.owl
- Conformance Statement required as part of balloting procedures.
- 6 major Conformance statements in document
Discussion: Is there a way to mask digital information without encryption?
- Encryption is a mechanism which is different than a thing (as masking), encryption is a method for doing masking. What is comprable to masking is to make it unavailable---so, unless you have permission to see it (data), you can’t see it---you don’t have to encrypt something (i.e. data) to not see it, this can be accomplished through access control methods. (This is a security view per Mike’s claim)
Tony is looking for a definition for deduplicate currently has a temporary definition listed ( remove redundant copies of data) in a sense similiar to meaning how you can anonymize or deanonymize--as an inverse of practically anything. Anonymize and deanonyize are both intentional .
- According to world dictionary: deduplicate means to remove duplicated materials.
- Defintion: (sources needed)
Status of Ontology Ballot
Ballot needs to be submitted on Sunday
Ballot Status: Tony is cranking away—will contact Don Lloyd (HL7) about having more time if necessary. Tony will be using the same format as before--word or pdf document with a zip file for actual OWL ontology.
ACITON ITEM: Tony to discuss to Don for extension if necessary; otherwise Tony submit what he has completed and beg for an update to what has been submitted. ACTION ITEM: Tony must notify co-chairs of his decision
Question: How much additional work is needed? Will it be ready Friday/Saturday?
- Tony will make use of all time available until public review…on March 25, unless Don sets shorter time
- Add time for ontology discussion for next week security agenda
- Other questions, issue? (none at moment per Tony)
Healthcare Privacy and Security Classificatoin Ssytem - Kathleen
- Completed the draft as QA, ballot cleanut in progress. Bulk of the work
- Section onusing security labels with roles and users
- All pieces should be ready for submission on Sunday (on-time)
- A request for extension should not be required.
- Final version will/should be ready by Friday---
ACTION ITEM: Security group to review HCS IG for major things (show-stoppers) for input; otherwise comment should be reserved for ballot time.
Note: In the guide, some informative examples on how a document might look once the HCS has been applied to it—i.e. some developer input. That final part of it may still need to be completed.
ACTION ITEM: Guide will be posted to the listserve for the HCS draft guide
No other business.
Meeting adjourned.