January 27th 2008 Security Conference Call
Security Working Group Meeting
Attendees
- Ed Coyne
- Mike Davis Security Co-chair
- Suzanne Gonzales-Webb CBCC Co-chair
- Bob Horn
- Glen Marshall Security Co-chair, absent
- Rob McClure
- John Moehrke
- Ioana Singureanu
- David Sperzel
- Tony Weida
- Craig Winter
- Tanya Newton
- Nancy LeRoy
- Russ Hamm
- Alan Hobbs
- Pat Pyette
Agenda
- (05 min) Roll Call
- (05 min) Approve Minutes & Accept Agenda
- (15 min) Milestones, Goal expansion
- (15 min) Item2
- (15 min) Item3
- (5 min) Other Business
milestones and goals identification
identified at this meeting :
- Separate out objects that are functionality (process, workflow) vs artifacts ('noun', i.e. report)
- concentrate first on artifacts, then functionality
- may hold until after RBAC Role Engineering process presentation
- Review current RBAC objects, identify overlaps (David, Rob, Suzanne)
-want to see a consisent source of objects, more restricted on our first pass/things that we can control within a boundary (i.e. vocabulary source) -Agreement to use current list of objects minimum set; point to another vocabulary (i.e. SNOMED CT for other terms that are currently in the current list)
- clinical objects list (see what is left out of current list)
- remove duplicates
- use current objects to start
-resource: RBAC Task Force (includes VA, Kaiser, GE, Siemans and other SMEs)
- two areas that need vocabulary to be extended/expanded
-Financial (area is 'shallow'), need to identify resources -Consent (currently working on with CBCC)
- Map to ICD Codes, SNOMED CT as well as add to these standardized vocabularies
- Confirm text defintions of current objects
- identify resources
-do we have a source or SME for definitions? (Authoritative source)
- once object list is set, compare definitions to current HL7 definitions
- Update RBAC Role Engineering Process document with findings (Suzanne, Security WG)
- Goal: Ballot for September - Update to Permission Catalog with addition of Financial Management vocabulary and Consent Vocabulary
- Review of current Use cases (relevance)
Things we want to Control Access to, Protect [Note: All current objects are supported by use cases]
- Object - Order
- Object - Report
- Object - Workflow (Activity, Functionality, Task Scenarios, Steps) do we want to adopt "workflow" to encompass, refer to RBAC Role Engineering Process (which is one of the Informative documents submitted with the RBAC Permission Catalog) ADD LINK workflow is an incremental piece inside an object/item.
Note: the Secretary of DHHS has taken note of RBAC so the revision that we work on should be done in a timely manner
Action Items
(next meeting) Suzanne to do briefing on RBAC Role Engineering Process next meeting. (before next meeting) Send link to RBAC Engineering Process document, use cases to Rob, David for review.