This wiki has undergone a migration to Confluence found Here

Difference between revisions of "August 07, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 33: Line 33:
 
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
|-
 
|-
||  .|| [mailto:Beth.Pumo@kp.org Beth Pumo]
+
||  x|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall]
 
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall]
 
||||.|| [mailto:rikimerrick@gmail.com Riki Merrick]
 
||||.|| [mailto:rikimerrick@gmail.com Riki Merrick]
Line 66: Line 66:
 
Roll taken, No updates to the agenda
 
Roll taken, No updates to the agenda
  
 +
* July 17 - meeting minutes approval motion: (Mike / Suzanne)
 +
** Objections: none; abstentions: none; approve:  Minutes approved: 11
  
July 17 - meeting minutes approval motion: (Mike / Suzanne)
+
* July 31 - meeting minutes approval, motion: (Suzanne / Mike)
Objections: none; abstentions: none; approve:  Minutes approved
+
** Objections: none; abstentions: none; approve: 11
 
 
 
 
July 31 - meeting minutes approval, motion: (Suzanne / Mike)
 
 
 
objections: none; abstentions: none; approve: 11
 
 
 
  
 
'''GDPR whitepaper on FHIR update'''
 
'''GDPR whitepaper on FHIR update'''
* no update
+
* No update
  
 
'''TF4FA Ballot Reconciliation'''
 
'''TF4FA Ballot Reconciliation'''
 
Suzanne or Chris to send out ballot reconciliation spreadsheet for review by Security WG attendees
 
Suzanne or Chris to send out ballot reconciliation spreadsheet for review by Security WG attendees
* motion made to approve 11-25 block of dispositions (Kathleen / Mike)
+
* Motion made to approve 11-24 block of dispositions (Kathleen / Mike)
Objections: none; Abstentions none, approval 11
+
** Objections: none; Abstentions none, approval 11
* please review dispositions 25-41 for next week vote
+
* Please review dispositions 25-41 for next week vote
* also, attach ballot reconciliation attach documents to meeting invite
+
* ACTION: Attach ballot reconciliation, attach documents to meeting invite
 
* no additional comments/questions
 
* no additional comments/questions
  
Line 93: Line 89:
  
 
'''TF4FA Volume 3'''
 
'''TF4FA Volume 3'''
* Dave Silver -  
+
* Dave Silver – sharing screen
** we have had osme further clairification of the ocmponents of provenance; we are usisng the features of the PASS Audit services to implement provenance to implenetn capablitys of lifecycle events; using
+
(provenance components)
using aligning r... the needs are to ollet the audit, bu tht euadiot of colelcion is fromt he xxx policy.  each of the ose might hae ther own policy of information to be collected and report back to the provenance repository or chain
+
Volume 3 – Audit Provenance Diagram v0 0.4 pptx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Audit-Provenance%20Diagram%20v0.0.4.pptx
 +
Volume 3 – Diagrams v0 0.5 vsdx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Diagrams%20v0.0.5.vsdx
 +
* we have had some further clarification of the components of provenance; we are using the features of the PASS Audit services to implement the provenance using its to implement capabilities of lifecycle events; using
 +
* the needs are to collect the audit, but the audit collection is based upon a community of interest policy.  Each of the those might have to be collected and report back to the provenance repository or chain
  
 
* focused on  
 
* focused on  
* conceptual model showl : leveraging audit service (provenance Model)
+
* conceptual model shown: leveraging audit service (provenance Model)
** must be configures to record lifecycle events; goes to the audit disposition service, this is now both audit and provenance.  provisioned for provenance. iin process A all the lifecycle events are taken (coded into application) the dispositions servie basedon the xx whdetermine which events need to e configured at a certain time. then goes to delivery service; then to  
+
** the application must be configured to record lifecycle events; goes to the audit disposition service, this is now both audit and provenance.  And now provisioned for provenance. In process A all the lifecycle events are collected (coded into application) but the dispositions service based on the configuration policy determine which events need to be configured at a certain time. Then goes to delivery service which has multiple outputs; then to the recording service, etc.
*
+
* action service; recording actions (probably internally)
* action service probably intermally
+
* alarm service – Mike wanted to make sure WG understands; there may be provenance events that are such a nature wherein... some occur wherein we send the provenance event and notify participants in that block chain that something has happened.  it may be that some information in the chain has been determined to be invalid i.e. we want to notify participants that event should be ignored; i.e. its harmful to patient if accepted, we found that it was wrong and…maybe we have an alarm for that purpose--- doesn't hurt to keep or remove; just imagining scenarios for keeping it in. ; the ability to support alarm for the community of service
* alarm - wanted to make sure WG understands; there may be provnanc events... some occure wherein we send th eprovenance event and notify participants in that block chain that something has happened.  it may be ethat some inforaiton in the chain has been determined to be invalid i.e. … or may... we want to notify participants that even should be ignored; i.e. its harmful to patient if accepted, we found that it was invlad..maybe we have an alarm for that particil… doesn't hurt to keep or remove; just imagining scenarios for keeping it in. ; the ability tos support alam
+
* through the export service, is extracted from the local provenance repository then pushed to the community wide provenance repository which is some kind of legal record trail block chain; there is a provenance analysis service that the individual domain users can request provenance wide information. 
* thorught the export service, is extracted from the local provenance reposity then pushed to the community wide  
+
Jim: where is the block chain shown in the model?
 +
Mike: staying away from 'block chain' saying / leaning more toward electronic ledger. 
  
 
+
<<link to volume 3>> Dave Silver sending to Suzanne
staying away from 'block chain' saying / leaning more toward electronic leger. 
+
is there any specific data being recorded?
 
 
==<<link to volume 3>>==
 
s there any specific data being recorded?
 
 
* audit log … using the same machine because they are close
 
* audit log … using the same machine because they are close
** provenance log collects data that corresponds to lifecycle events that the community interest want sto store in their electronic leger (25 events defined, 18 of which are create/up--which is what FHIR is most interested in)
+
** provenance log collects data that corresponds to lifecycle events that the community interest wants to store in their electronic leger (25 events defined, 18 of which are create/up--which is what FHIR is most interested in)
** configure as on/off - when that event happened it tirggers the provenance trail; or audit train (each use the same machine but report different paths); in the case of ht provenance, it typically, there is an interest that connects it tot he e-leger, usually local kept.. provenance different wherein you can have local rules 1-5;  
+
** configure as on/off - when that event happened it triggers the provenance trail; or audit train (each use the same machine but report different paths); in the case of provenance, it typically, there is an interest that connects it to the e-leger, usually local kept. provenance different wherein you can have local rules 1-5;  
 
community interests only cares about 2,3,4
 
community interests only cares about 2,3,4
  
jim - how does the actor get recorded? i.e. national provider ID? name
+
Jim - how does the actor get recorded? i.e. national provider ID? name
mike - this is cocnpetual model th eprovance record has the agent involved in terms of provenance.  we're staying at this level and ot specifying conceptual model... just trying to get the big chunks in place
+
mike - this is conceptual model the provenance record has the agent involved in terms of provenance.  we're staying at this level and to specifying conceptual model... just trying to get the big chunks in place
the actiit is associated with that agent.  we ould have Jim as actor (14706),  
+
the activity is associated with that agent.  we could have Jim as actor (14706),  
tryingto tyie together the conceptual figures
+
trying to tie together the conceptual figures
  
  
 
Federated Provenance Domain (figure showed)
 
Federated Provenance Domain (figure showed)
* has for all the memebers in the domain, there is a provenance policy (agreed to by the members, implement in the indiciuatl mreains) which is then pused to the digital leger as they occure.  Policy gellls members what to coll and pushed down the left path
+
* has for all the members in the domain, there is a provenance policy (agreed to by the members, implement in the individual means) which is then pushed to the digital leger as they occur.  Policy grabs members what to collect and pushed down the left path
  
* federated user have their own thing whereinthey carn request provenance data from the ledger (nothing to do with pushing infor there) provenance service returns
+
* federated user has their own thing wherein they can request provenance data from the ledger (nothing to do with pushing information there) provenance service returns
** this is mechanism to search in the digital leger
+
** this is mechanism to search in the digital leger
** its possible in thae exchange of inforaiton itself that th eprovance goes ith it...tht's a differetrocessl The data itsel
+
** it’s possible in the exchange of information itself that the provenance goes it it...that’s a different process  
* there esre discussion of dta moving around (JIM)...WITH QUEESTIONS 'who recorded this...?'  it would somhow say dr. bob at facility: XYZ
+
* there’s discussion of data moving around (JIM)...with questions 'who recorded this...?'  it would somehow say dr. bob at facility: XYZ
 
* md
 
* md
 +
 +
Q Kathleen... 30:00
 +
MikeD if you are interested in the information - you join the domain.
 +
as a conceptual model I don't want too many use cases to explore.  what you're saying is logical.  what I would like is to have the group to present two models... to make sure there is no disagreement with the alarm
 +
* presenting as we go;
 +
* Motion: That we accept the two diagrams as is (if they are changed then we will review again) (Mike / (no second?)
 +
** objections: none; abstain: none; approve: diagrams as accepted (11)
 +
(Dave Silver to send diagrams as presented to Suzanne), Suzanne to link
 +
 +
‘’Intent is to have a complete set of core illustrations (presented in pieces) saying that the WG has reviewed and approved.’’
 +
 +
'''Privacy Obsolete'''
 +
* privacy remains a troubled area (no update)
 +
* May call an end to research, results may be somewhat indeterminate.  There isn't a solid definition for privacy (changes from country to country)
 +
* In general, there is greater attention to protection of personal information unless govt is collecting
 +
* GDPR is having a big impact, changing environment around the world but still much stays the same
 +
* Facebook, are seeing new technologies to market you but not with credentials but as a member of a group wherein they don't need to know who you are.  It’s a changing landscape
 +
* in the chaos it’s hard to say its bolete, big data and AI have a potential to make privacy obsolete.
 +
** forced agreement (wherein you can't get in unless you agree to all their terms
 +
 +
''''Baltimore Meeting HL7'''
 +
* agenda items being updated
 +
 +
Motion made to adjourn (Mike) meeting adjourned at 1242 PM Arizona time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:43, 7 August 2018 (EDT)

Latest revision as of 20:45, 28 August 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga x Francisco Jauregui . Joe Lamy . Greg Linden
. Rhonna Clark . Grahame Grieve . Johnathan Coleman . [mailto: Matt Blackman, Sequoia]
. Mohammed Jafari x Jim Kretz . Peter Bachman x Dave Silver
x Beth Pumo . Bo Dagnall . Riki Merrick . [mailto: Julie Maas]

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of:
  3. (5 min) GDPR whitepaper on FHIR update - Alex, John, Kathleen
  4. (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
  5. (10 min) PASS Audit post ballot reconciliation document update - Mike
  6. (05 min) TF4FA Trust Framework Volume 3 (placeholder) - Mike, Chris
  7. Is Privacy Obsolete - Mike
  8. (05 min) Placeholder: HL7 WGM Baltimore planning

Back to Security Main Page

Meeting Minutes (DRAFT)

Chair: Chris Shawn

Roll taken, No updates to the agenda

  • July 17 - meeting minutes approval motion: (Mike / Suzanne)
    • Objections: none; abstentions: none; approve: Minutes approved: 11
  • July 31 - meeting minutes approval, motion: (Suzanne / Mike)
    • Objections: none; abstentions: none; approve: 11

GDPR whitepaper on FHIR update

  • No update

TF4FA Ballot Reconciliation Suzanne or Chris to send out ballot reconciliation spreadsheet for review by Security WG attendees

  • Motion made to approve 11-24 block of dispositions (Kathleen / Mike)
    • Objections: none; Abstentions none, approval 11
  • Please review dispositions 25-41 for next week vote
  • ACTION: Attach ballot reconciliation, attach documents to meeting invite
  • no additional comments/questions

PASS Audit

  • reconciliation completed, need to complete dispositions to the document
  • Diana indicated completion of most of the 'easy' comments
  • no additional comments/questions

TF4FA Volume 3

  • Dave Silver – sharing screen

(provenance components) Volume 3 – Audit Provenance Diagram v0 0.4 pptx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Audit-Provenance%20Diagram%20v0.0.4.pptx Volume 3 – Diagrams v0 0.5 vsdx: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20Volume%203/Vol3%20-%20Diagrams%20v0.0.5.vsdx

  • we have had some further clarification of the components of provenance; we are using the features of the PASS Audit services to implement the provenance using its to implement capabilities of lifecycle events; using
  • the needs are to collect the audit, but the audit collection is based upon a community of interest policy. Each of the those might have to be collected and report back to the provenance repository or chain
  • focused on
  • conceptual model shown: leveraging audit service (provenance Model)
    • the application must be configured to record lifecycle events; goes to the audit disposition service, this is now both audit and provenance. And now provisioned for provenance. In process A all the lifecycle events are collected (coded into application) but the dispositions service based on the configuration policy determine which events need to be configured at a certain time. Then goes to delivery service which has multiple outputs; then to the recording service, etc.
  • action service; recording actions (probably internally)
  • alarm service – Mike wanted to make sure WG understands; there may be provenance events that are such a nature wherein... some occur wherein we send the provenance event and notify participants in that block chain that something has happened. it may be that some information in the chain has been determined to be invalid i.e. we want to notify participants that event should be ignored; i.e. its harmful to patient if accepted, we found that it was wrong and…maybe we have an alarm for that purpose--- doesn't hurt to keep or remove; just imagining scenarios for keeping it in. ; the ability to support alarm for the community of service
  • through the export service, is extracted from the local provenance repository then pushed to the community wide provenance repository which is some kind of legal record trail block chain; there is a provenance analysis service that the individual domain users can request provenance wide information.

Jim: where is the block chain shown in the model? Mike: staying away from 'block chain' saying / leaning more toward electronic ledger.

<<link to volume 3>> Dave Silver sending to Suzanne is there any specific data being recorded?

  • audit log … using the same machine because they are close
    • provenance log collects data that corresponds to lifecycle events that the community interest wants to store in their electronic leger (25 events defined, 18 of which are create/up--which is what FHIR is most interested in)
    • configure as on/off - when that event happened it triggers the provenance trail; or audit train (each use the same machine but report different paths); in the case of provenance, it typically, there is an interest that connects it to the e-leger, usually local kept. provenance different wherein you can have local rules 1-5;

community interests only cares about 2,3,4

Jim - how does the actor get recorded? i.e. national provider ID? name mike - this is conceptual model the provenance record has the agent involved in terms of provenance. we're staying at this level and to specifying conceptual model... just trying to get the big chunks in place the activity is associated with that agent. we could have Jim as actor (14706), trying to tie together the conceptual figures


Federated Provenance Domain (figure showed)

  • has for all the members in the domain, there is a provenance policy (agreed to by the members, implement in the individual means) which is then pushed to the digital leger as they occur. Policy grabs members what to collect and pushed down the left path
  • federated user has their own thing wherein they can request provenance data from the ledger (nothing to do with pushing information there) provenance service returns
    • this is mechanism to search in the digital leger
    • it’s possible in the exchange of information itself that the provenance goes it it...that’s a different process
  • there’s discussion of data moving around (JIM)...with questions 'who recorded this...?' it would somehow say dr. bob at facility: XYZ
  • md

Q Kathleen... 30:00 MikeD if you are interested in the information - you join the domain. as a conceptual model I don't want too many use cases to explore. what you're saying is logical. what I would like is to have the group to present two models... to make sure there is no disagreement with the alarm

  • presenting as we go;
  • Motion: That we accept the two diagrams as is (if they are changed then we will review again) (Mike / (no second?)
    • objections: none; abstain: none; approve: diagrams as accepted (11)

(Dave Silver to send diagrams as presented to Suzanne), Suzanne to link

‘’Intent is to have a complete set of core illustrations (presented in pieces) saying that the WG has reviewed and approved.’’

Privacy Obsolete

  • privacy remains a troubled area (no update)
  • May call an end to research, results may be somewhat indeterminate. There isn't a solid definition for privacy (changes from country to country)
  • In general, there is greater attention to protection of personal information unless govt is collecting
  • GDPR is having a big impact, changing environment around the world but still much stays the same
  • Facebook, are seeing new technologies to market you but not with credentials but as a member of a group wherein they don't need to know who you are. It’s a changing landscape
  • in the chaos it’s hard to say its bolete, big data and AI have a potential to make privacy obsolete.
    • forced agreement (wherein you can't get in unless you agree to all their terms

'Baltimore Meeting HL7

  • agenda items being updated

Motion made to adjourn (Mike) meeting adjourned at 1242 PM Arizona time --Suzannegw (talk) 15:43, 7 August 2018 (EDT)