This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

HL7 FHIR Security 2015-12-15

From HL7Wiki
Jump to navigation Jump to search

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Suzanne Gonzales-Webb CBCC Co-Chair
Gary Dickinson EHR Co-Chair Johnathan ColemanCBCC Co-Chair x Judy Fincher
Reed Gelzer RM-ES Lead x Glen Marshal x Galen Mulrooney
Dave Silver x Rob Horn [1]

Agenda

  • Should we cancel next week?

For this call, Kathleen proposes that we try to close CP 7597 and 7563 from the May ballot:

  • RE: 7597 Isn't this resolved with the addition of Provenance.activity?  If so, we could close this CP as resolved.7597 2015May core #888 - This resource is missing any reference to the "action" performed on the entity. Is there a default "create" action or is it an omission? (Ioana Singureanu) Considered for Future Use
  • RE: 7563 - My comments were partially addressed by inclusion of the first two sentences in the proposed additional wording.  However, several other points have not been adequately addressed. If these can be addressed or resolved, then this CP could be closed. 
    • RE: 3rd sentence: "Senders and receivers should establish policies about their expectations with regard to ensuring the continuity of provenance information is available as applicable to their use cases in accordance with FHIR specifications."  John commented that he would build this into the front matter but I don't see where it is included.  Let's confirm that this will be added. 
    • RE: 4th sentence:  "Workgroups with scope encompassing various FHIR Resources are responsible for ensuring that the FHIR Provenance Resource is appropriately bound to their Resources given the requirements of their disciplines and domains, and to provide sufficient guidance to implementers to enable deployment without deep subject matter expertise on this topic."  John commented that this is policy or instructions to WGs and not appropriate for Spec.  Grahame recommends adding it to the wiki - I'm fine with that but which wiki?  Should we have a page on the HL7 Security FHIR wiki section for guidance to WGs?
    • RE: last paragraph "When an application initiates interactions on a server that manages the state or operations on Resources, the application assigns a Provenance Resource to the target Resource and any previously bound Provenance Resources, which the server persists to enable end users to evaluate the authenticity, reliability, and trustworthiness of that Resource.  The application’s actions are tracked by the application’s AuditEvent component, which must record the application’s behavior that enabled the application user to initiate the actions recorded in the Resource’s Provenance.  Once the interaction is completed, the server’s AuditEvent component must record the server’s behavior, which enabled the persistence of any Provenance Resources assigned to the interaction’s target Resource."  Grahame commented "I'm happy to define this as one best practice pattern for their usage, but not to mandate this."  I would be happy to have this paragraph included as a "best practice."  I would also like to add "The Resource Server should record its own Provenance Resource about its actions on the inbound target Resource, including its binding of both its Provenance and any Provenance Resource(s) bound to the inbound target."
    • Should we describe best practices/FHIR mechanisms for maintaining the binding of all Provenance Resources to a target for ongoing management of the target's Lifecycle.

To Discuss

  • 9128 Provenance.agent should be required. Change to 1..* from 0..* (John Moehrke) None
  • 9105 Change Provenance.activity to coding and bind to FHIR ProvenanceEvent value set. (Kathleen)
  • 9078 HTTP Caching Warning for FHIR GET REST services (Kathleen Connor) None
  • 8638 how does Provenance work when deleting records (Grahame Grieve) None
  • 7597 2015May core #888 - This resource is missing any reference to the "action" performed on the entity. Is there a default "create" action or is it an omission? (Ioana Singureanu)
  • 9036 Handling of meta values that should force version, such as security_labels (John Moehrke) None
  • 9037 Security page should recognize HEART (John Moehrke) None
  • 8790 Give guidance on AuditEvent that codes don't need DisplayName populated (Paul Knapp) None

Related to RBAC

  • 3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) Considered for Future Use

Awaiting vocabulary

  • Review ProvenanceEvent value set
  • 9051 Remove AuditEvent.participant.role binding to http://hl7.org/fhir/ValueSet/dicm-402-roleid. Bind this value set to AuditEvent.particpant.userid (Kathleen Connor) None
  • 9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
  • 9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
  • 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
  • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) Considered for Future Use

Other Provenance

  • 7563 2015May core #854 - Expand on how to use Provenance (Kathleen Connor) Considered for Future Use
  • 7567 2015May core #858 - Provenance isn't sufficiently aligned with w3c spec (Kathleen Connor) Considered for Future Use
  • 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) Considered for Future Use
  • 7569 2015May core #860 - Clarify relationship agents and entities used in activity (Kathleen Connor) Considered for Future Use
  • 7570 2015May core #861 - Clarify relationship agents and entities used in activity (Kathleen Connor) Considered for Future Use
  • 8803 Provenance for a subset of a resource (Chris Grenz) None

Other Signature

  • 8731 Canonicalization for signatures (Lloyd McKenzie) None
  • 8827 Signature datatype does not include counter-signature type (John Moehrke) None
  • 7752 2015May core #1073 - Replace value set with FHIR Signer Type value set (Kathleen Connor) Not Related

Other

We have "Open Issues and Request for Comments" on AuditEvent and on Provenance. These need to be cleaned up by the DSTU 2.1 ballot time. This is mostly a narrative of the CPs we had open at the DSTU2 ballot time, so by closing the above CPs we likely close these TODO, and thus could eliminate these sections.

  • 9150 Provenance TODO section cleanup
  • 9151 AuditEvent has TODO section to be removed

Minutes

  • Galen provided on-the-spot gotomeeting.. thanks
  • We will hold meeting next week. Might focus on creating simple text content.
  • Approved 5-0-0 CP 7597
  • Discussed and made a plan for CP 7563 -- plan captured in the CP.
  • Need to progress on vocabulary proposal http://wiki.hl7.org/index.php?title=HL7_FHIR_Provenance_Resource&section=4
  • Approved 5-0-0 9128 Provenance.agent should be required. Change to 1..* from 0..* (John Moehrke) None
  • Approved 4-0-1 9105 Change Provenance.activity to coding and bind to FHIR ProvenanceEvent value set. (Kathleen)

Action Items

  • Kathleen continue to evolve http://wiki.hl7.org/index.php?title=HL7_FHIR_Provenance_Resource&section=4 with John's help on importing V3 vocabulary mechanism in the FHIR build
  • Rob provide paragraph that guides reader on how to apply Resource Versioning with Provenance so that linkage is maintained, and warn against provenance use when server doesn't support Versioning.
  • John to add to the FHIR wiki on the page that tells editors how to create a Resource. a discussion on Provenance and W5. and pass links to group including Gary
  • John -- noted some descriptions in AuditEvent need yet to be fixed up regarding participant->agent, and object->entity.