November 26, 2013 Security WG Conference Call
Attendees
Member Name | Present | Member Name | Present | Member Name | Present | |||
---|---|---|---|---|---|---|---|---|
Mike Davis Security Co-chair | x | John Moehrke Security Co-chair | Trish Williams Security Co-chair | |||||
Bernd Blobel, Security Co-chair | . | . | . | |||||
Johnathan Coleman | Kathleen Connor | x | Duane DeCouteau | x | ||||
Reed Gelzer | Suzanne Gonzales-Webb CBCC Co-chair | x | Brian Handspicker | . | ||||
Muhammed Jafari | Don Jorgenson | Diana Proud-Madruga | x | |||||
Harry Rhodes | Ioana Singureanu | David Staggs | . | |||||
Richard Thoreson CBCC Co-chair | Tony Weida | x | Rick Grow | x | ||||
. | . | |||||||
. | . | . |
Agenda
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- Security Labeling Service (SLS) Ballot- Mike Davis, Kathleen Conner
- (10 min) Other Business
Meeting Minutes
We've completed the major service components of the SLS Kathleen has a colloboration diagram we will review Continue the disucssion, answer any questions - we have an issue with the PSS (we will need to take a vote to approve the change(s) being made)
Diagram being shown: Privacy and Protective Services (was Privacy Protective Service and the Security Labeling Service
- SLS service
- applies the human readable annotations on the document when its ready to go
The SL labels content based on the clinical attributes accorind to a rule. In the first diagram you see ADI ('some requester'), the requester makes a request of the SLS to label some ressource and provide as input (the thing it wants labeled) with clinical tags on it.
The service will request the policy to correlate and tag the resource with the SL (security labels)
We have another call to invoke an external resource for access ...<14:00>
we're going to security label an order for AZT, we don't know if you are given for AIDS or .... once you ahve all the ADI then you can label the item.
the portion of the AC system that looks at these SL will be using them agains t another set of policyies on how to make a decision on the document. if the MD has a clearance for HIV, then access would be allowed because the clearnace and the tag match.
the second diagram is the PPS - this gets a request for privac protection reqest . when a decision is made for access. returned is a decision (know, idon't know), an obligation is some operation ithat needs to be performed ... i.e. doing an audit report, normally
Next Diagram
ACS Boundary View
Collaboration Diagram (Collab MD4 tab) we've been working on getting the labels interaction consistent with the collaboration model
- new actors - External ADI Providers
- Security label service actor
- privacy & protective service provider new
There are policy issues, issue that we need to deal with but these are not security, and outside the scope of the SLS. we are proposing the model of the SLS and the presumptions--labeled structured data (and not unstructed data) The primary authors: Mike, Kathleen, Duane - we are working on consistent vocabulary in the document.
Due on December 8th
Issue: when we submit the PSS for everything we do--process is to go through the steering division then to Steering technical committee; initially we ahd a ver relaxed scheduled. in January we have an informative ballot, normative ballot a year later. The original scope statement however says informative. Mike would like to change this to Normative as this is an extension of the HCS; we don't have to change the AC service in order to add this piece. We want to have an SLS avaiblel under the provenance of the control service
Motion: The proposal is that we return to the TSC in view of the fact---the SLS is an extention of the HCS archtiectture, it has been demononstrated, we have DS4P IG and an S&P ontology, we would like this go forward as a normative ballot. an email has been sent to the other co-chairs (and get back to the TSC); Bernd has no objections and supports the ballot be normative
"Take to the TSC and place on the normative track" (Kathleen / Diana (second)
discussion: the TSC should be approached with full support from SOA (interested party) the CBCC and the Security chairs. recommend delition of DSTU since we are going normative (and 2015 to 2014, and 2016 to 2015)
objections: none / abstentions: none / proposal passes (6) Suzanne to speak to co-chairs on the proposal above for confirmation on agreement.
Meeting adjourned: 15:01 PST