November 26, 2013 Security WG Conference Call
Attendees
Member Name | Present | Member Name | Present | Member Name | Present | |||
---|---|---|---|---|---|---|---|---|
Mike Davis Security Co-chair | x | John Moehrke Security Co-chair | Trish Williams Security Co-chair | |||||
Bernd Blobel, Security Co-chair | . | . | . | |||||
Johnathan Coleman | Kathleen Connor | x | Duane DeCouteau | x | ||||
Reed Gelzer | Suzanne Gonzales-Webb CBCC Co-chair | x | Brian Handspicker | . | ||||
Muhammed Jafari | Don Jorgenson | Diana Proud-Madruga | x | |||||
Harry Rhodes | Ioana Singureanu | David Staggs | . | |||||
Richard Thoreson CBCC Co-chair | Tony Weida | x | Rick Grow | . | ||||
. | . | |||||||
. | . | . |
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- Security Labeling Service (SLS) Ballot- Mike Davis, Kathleen Conner
- (10 min) Other Business
Meeting Minutes
We've completed the major service components of the SLS Kathleen has a colloboration diagram we will review Continue the disucssion, answer any questions - we have an issue with the PSS (we will need to take a vote to approve the change(s) being made)
Diagram being shown: Privacy and Protective Services (was Privacy Protective Service and the Security Labeling Service
- SLS service
- applies the human readable annotations on the document when its ready to go
The SL labels content based on the clinical attributes accorind to a rule. In the first diagram you see ADI ('some requester'), the requester makes a request of the SLS to label some ressource and provide as input (the thing it wants labeled) with clinical tags on it.
The service will request the policy to correlate and tag the resource with the SL (security labels)
We have another call to invoke an external resource for access ...<14:00>
we're going to security label an order for AZT, we don't know if you are given for AIDS or .... once you ahve all the ADI then you can label the item.
the portion of the AC system that looks at these SL will be using them agains t another set of policyies on how to make a decision on the document. if the MD has a clearance for HIV, then access would be allowed because the clearnace and the tag match.
the second diagram is the PPS - this gets a request for privac protection reqest . when a decision is made for access. returned is a decision (know, idon't know), an obligation is some operation ithat needs to be performed ... i.e. doing an audit report, normally