This wiki has undergone a migration to Confluence found Here
July 08, 2014 Security WG Conference Call
Jump to navigation
Jump to search
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | ||||
---|---|---|---|---|---|---|---|---|---|---|---|
x | Mike DavisSecurity Co-chair | . | John MoehrkeSecurity Co-chair | . | Trish WilliamsSecurity Co-chair | . | Bernd BlobelSecurity Co-chair | ||||
. | Chris Clark | . | Johnathan ColemanCBCC Co-Chair | x | Kathleen Connor | x | Duane DeCouteau | ||||
. | Reed Gelzer | x | Suzanne Gonzales-WebbCBCC Co-chair | x | Rick Grow | x | David Henkel | ||||
. | Mohammed Jafari | . | Don Jorgenson | x | Alexander Mense | . | Amanda Nash | ||||
. | Paul PetronelliMobile Health Security Co-chair | x | Diana Proud-Madruga | . | Harry Rhodes | , | Aaron Seib | ||||
. | Ioana Singureanu | . | Walter Suarez | x | Tony Weida | . | Paul PetronellimHealth Co-chair | ||||
. | . | . | . | . | . | . | . |
Agenda
- (05 min) Roll Call, Approval of Meeting Minutes
- (10 min) Update: Way with Verbs - Tony
- (10 min FHIR disposition - review/discussion
- (05 min) PSS Patient Friendly Security and Privacy
- (05 min) Other business, action items, and adjournment
Minutes Summary
- The meeting minutes for June 24, 2014were unanimously approved
- The project scope statement for Patient Friendly Natural Language Steering Division eVote ended on July 9, 2014. There were 3 affirmatives, 3 negatives, and 3 abstentions. Suzanne has answered two of the "negatives," but will defer the one question on FHIR to John Moehrke. She has asked the "negatives" to change their vote.
FHIR disposition - review/discussion
- ID 3298; Summary Binary resources can be subverted for cross-site scripting
- assigned to Duane to provide thoughts on the implication
- assigned to Alex
Security labels in the http header that may be exposed (submitted by Kathleen) is missing
- if you put the security labels in the body of the FHIR payload, it may not necessarily be in the clear
ID 3350; Summary: Request change to Tag
- assigned to Kathleen; misspelling present, item should be closed.
ID 3312; Summary: Security Event for Tag modification
- from Richard Schneider
- Mike does not like the idea of modifying the information at will. There should be some provenance information, including who has modified it and when, etc.
- Kathleen - this is an issue: how they can create operations and change TAGs
- security group needs to decide on how to do updates on TAGs.
- Mike - this could be a major role for Provenance
- assigned to Kathleen; with help
ID 3318
- assigned to Mike and others
ID 3310 Add additional notes to the RESTful API about security
- assigned to Alex Mense
Mike recommends that these items are to be monitored on a weekly basis
Update: Way with Verbs - Tony
- There are concerns with the project scope statement as well as with the governance.
- The WwV team will meet to discuss how to move forward given the lack of communication from Steve Hufnagel of the HL7 EHR Interoperability team.
- Tony Weida is going to take his proposed methodology and put it into a Word document.
- Diana Proud-Madruga will work on presenting some examples using Tony's methodology while still incorporating the work that Steve is doing.
Action Items
None
Meeting Adjourned: 1450 PDT --Suzannegw (talk) 21:49, 8 July 2014 (UTC) Additional minutes provided by --Rgrow (talk) 19:51, 11 July 2014 (UTC)