This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "August 21, 2018 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 19: Line 19:
 
|-
 
|-
 
||  x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
 
||  x|| [mailto:Diana.Proud-Madruga@electro-soft.com Diana Proud-Madruga]
 +
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
 
||||.|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
 
||||.|| [mailto:fjaureui@electrosoft-inc.com Francisco Jauregui]
 
||||x|| [mailto:joe.lamy@aegis.net Joe Lamy]
 
||||x|| [mailto:joe.lamy@aegis.net Joe Lamy]
||||.||  .|| [mailto:rhonna.clark@va.gov Rhonna Clark]
 
||||.|| [ma.|| [mailto:glinden@lindentechadvisiors.com Greg Linden]
 
 
|-
 
|-
ilto:grahameg@gmail.com Grahame Grieve].
+
||  .|| [mailto:rhonna.clark@va.gov Rhonna Clark]
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]
+
||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden]
||||.|| [mailto: Matt Blackman, Sequoia]
+
||||.|| [mailto:grahameg@gmail.com Grahame Grieve]
 +
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
 
|-
 
|-
 
||. || [mailto:mjafari@edmondsci.com Mohammed Jafari]
 
||. || [mailto:mjafari@edmondsci.com Mohammed Jafari]
||||x|| [mailto:jim.kretz@samhsa.gov Jim Kretz]
+
||||.|| [mailto:jim.kretz@samhsa.gov Jim Kretz]
 
||||.|| [mailto:pbspamfilteracct@gmail.com Peter Bachman]
 
||||.|| [mailto:pbspamfilteracct@gmail.com Peter Bachman]
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver]
+
||||.|| [mailto: ]
 
|-
 
|-
 
||  .|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||  .|| [mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall]
 
||||.|| [mailto:Bo.Dagnall@dxc.com Bo Dagnall]
||||.|| [mailto:rikimerrick@gmail.com Riki Merrick]
+
||||.|| [mailto: ]
||||.|| [mailto: Julie Maas]
+
||||.|| [mailto: ]
 
|-
 
|-
 
|-
 
|-
Line 43: Line 43:
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
=='''Agenda'''==
+
=='''Agenda'''==  
 +
 
 +
Meeting Recording: https://fccdl.in/td2yp1GXTh (temporary)
 +
 
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(2 min)'' '''Roll Call, Agenda Approval'''  
 
#''(5 min)'' Review and Approval of:   
 
#''(5 min)'' Review and Approval of:   
Line 53: Line 56:
 
#* [http://wiki.hl7.org/index.php?title=Privacy_and_Security_Framework_Architecture_(PSAF)#Trust_Framework_for_Federated_Authorization_.28TF4FA.29  TF4FA Ballot Reconciliation (wiki)]
 
#* [http://wiki.hl7.org/index.php?title=Privacy_and_Security_Framework_Architecture_(PSAF)#Trust_Framework_for_Federated_Authorization_.28TF4FA.29  TF4FA Ballot Reconciliation (wiki)]
 
#* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180807sgw.xlsm Ballot Reconciliation Sheet_v20180724 for review offline]  
 
#* [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20180807sgw.xlsm Ballot Reconciliation Sheet_v20180724 for review offline]  
#** Comments 42-51 up for vote (review if necessary) ''' ''Suzanne to confirm''' ''
+
#** Comments 42-50 up for vote (review if necessary) '''
 
#''(10 min)'' '''PASS Audit ''' document update - Mike
 
#''(10 min)'' '''PASS Audit ''' document update - Mike
 
#* http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services
 
#* http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services
#''(05 min)'' '''TF4FA Trust Framework Volume 3''' (placeholder) - Mike, Chris
+
#''(05 min)'' '''TF4FA Trust Framework Volume 3''' - Mike, Chris
 
# Is Privacy Obsolete - Mike
 
# Is Privacy Obsolete - Mike
 
#* added to WGM agenda
 
#* added to WGM agenda
Line 70: Line 73:
 
Roll taken, agenda changes: none  
 
Roll taken, agenda changes: none  
  
 
+
Meeting minutes to approve:
Meeting minutes:  
+
* August 7, 2918 Motion for approval: (Suzanne / Kathleen)
August 7, 2918 Motion for approval: (Suzanne / Kathleen)
 
 
Opposed: none; abstentions: none approved 7
 
Opposed: none; abstentions: none approved 7
  
August 14, 2018 Motion for approval: (Suzanne / Kathleen)
+
* August 14, 2018 Motion for approval: (Suzanne / Kathleen)
 
Opposed: none; abstentions: none: approved: 7
 
Opposed: none; abstentions: none: approved: 7
If we are going talk to Federal Agencies, we should start the outreach now
+
Comment: ''If we are going talk to Federal Agencies, we should start the outreach now''
  
''''GDPR White Paper on FHIR'''
+
'''GDPR White Paper on FHIR'''
* talked about this subject on the FHIR-Securit
+
* talked about this subject on the FHIR-Security
 
** chat-a-ton tract at the upcoming FHIR Connectathon
 
** chat-a-ton tract at the upcoming FHIR Connectathon
* for people at the conenctathon to come in and have a discussion with 'us' regarding GDPR
+
* for people at the Connectathon to come in and have a discussion with 'us' regarding GDPR
* additional--Alex is now completed with his holiday and will pick up where he left off with meetings; there was an ask to reinvigorate the text tht has already been written
+
* additional--Alex is now completed with his holiday and will pick up where he left off with meetings; there was an ask to reinvigorate the text that has already been written
 
** there isn't significant work at the moment that has been completed, but hopefully more by WGM
 
** there isn't significant work at the moment that has been completed, but hopefully more by WGM
 
* is GDPR white paper for here? Internationally?
 
* is GDPR white paper for here? Internationally?
** white paper to expressto eexpress capabilies integrated into fhir which have anapplicability relative to GDPR for security and privacy
+
** white paper to express capabilities integrated into FHIR which have an applicability relative to GDPR for security and privacy
**suspect portabilytwill be touched upon, may integrate FHIRi but not much more to say about that now
+
**suspect portability will be touched upon, may integrate FHIRi but not much more to say about that now
 
** check, check no check the FHIR feature to security and Privacy?  (Answer: Yes)
 
** check, check no check the FHIR feature to security and Privacy?  (Answer: Yes)
* additional questions/commetns?  none brough forward
+
* additional questions/comments?  none brought forward
 +
 
 +
'''TF4FA Ballot reconciliation'''
 +
Vote: 42-50 ballot comments Motion to accept the dispositions for comments 42-50 (date dispositions completed 8/14) Suzanne/Mike
 +
opposed: none; abstain: 1 (Joe Lamy); approve: 6
 +
 
 +
Please review 51-57 for voting next week spreadsheet link: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)
 +
 
 +
'''PASS AUDIT post ballot document update'''
 +
* no update
 +
 
 +
'''TF4FA Volume 3''' Audit - in progress (''it’s more about Provenance'' than anything else)… Volume 3 - Provenance
 +
* Plan is to discuss during the September meeting, ballot in January
 +
* because of work with both audit and trust framework volumes 1,2 - we have a shortage of resources
 +
* hoping we will have more available beyond the already presented graphics
 +
* general update at MON Q3/Q4 plus additional discussion during Security-only call during WGM
 +
 
 +
'''Privacy Obsolete'''
 +
* declaring victory and wrapping up
 +
** Facebook or Amazon or Twitter, the sage of GDPR is playing out
 +
** at a point where we are not taking more input and write up what we have
  
 +
'''Baltimore WGM Agenda'''
 +
* not all engaged in FHIR Security; Mike would like JohnM to report out on the details/overview of FHIR-Security and Privacy - time to cover in detail at another Q
 +
** Monday Q3/Q4 - small segment, high level ''what is security privacy in the context of FHIR'' (not deep)
 +
** since Dave Pyke will not be available, the Tuesday Q3 will cover a deeper discussion of Security and Privacy FHIR capabilities, with Q&A, move forward plan in the upcoming 6-months or so; changes since STU3
 +
** may record (no indicated technical constraints for the Baltimore meeting)
 +
** John may be able to locate some FHIR Security (background) videos if anyone is interested
  
TF4FA Balot reconciliation
+
Additional Agenda items?  none added for WGM or Teleconference
Vote: 42-50 ballot comments Motion to accept the dispositions for comments 42-51 (date dispositions completed 8/14) Suzanne/Mike
+
* topics: Kathleen will outreach to Trish, Alex for topics
opposed: none; abstain: 1(Joe Lamy); approve: 6
 
  
Please review 51-57 for voting next week
+
Motion to adjourn (Kathleen)
 +
Meeting adjourned at --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 15:39, 21 August 2018 (EDT) Arizona Time

Latest revision as of 20:32, 10 September 2018

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
x John Moehrke Security Co-chair x Kathleen Connor Security Co-chair . Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis . David Staggs
x Diana Proud-Madruga . Johnathan Coleman . Francisco Jauregui x Joe Lamy
. Rhonna Clark . Greg Linden . Grahame Grieve x Dave Silver
. Mohammed Jafari . Jim Kretz . Peter Bachman . [mailto: ]
. Beth Pumo . Bo Dagnall . [mailto: ] . [mailto: ]

Back to Security Main Page

Agenda

Meeting Recording: https://fccdl.in/td2yp1GXTh (temporary)

  1. (2 min) Roll Call, Agenda Approval
  2. (5 min) Review and Approval of:
  3. (5 min) GDPR whitepaper on FHIR update - Alex, John, Kathleen
  4. (5 min) TF4FA Normative Ballot reconciliation (formerly PSAF) - Mike, Chris
  5. (10 min) PASS Audit document update - Mike
  6. (05 min) TF4FA Trust Framework Volume 3 - Mike, Chris
  7. Is Privacy Obsolete - Mike
    • added to WGM agenda
  8. (05 min) Security Working Group - upcoming HL7 Working Group Meeting, Baltimore Maryland

Back to Security Main Page

Meeting Minutes (DRAFT)

Chair: Chris Shawn

Roll taken, agenda changes: none

Meeting minutes to approve:

  • August 7, 2918 Motion for approval: (Suzanne / Kathleen)

Opposed: none; abstentions: none approved 7

  • August 14, 2018 Motion for approval: (Suzanne / Kathleen)

Opposed: none; abstentions: none: approved: 7 Comment: If we are going talk to Federal Agencies, we should start the outreach now

GDPR White Paper on FHIR

  • talked about this subject on the FHIR-Security
    • chat-a-ton tract at the upcoming FHIR Connectathon
  • for people at the Connectathon to come in and have a discussion with 'us' regarding GDPR
  • additional--Alex is now completed with his holiday and will pick up where he left off with meetings; there was an ask to reinvigorate the text that has already been written
    • there isn't significant work at the moment that has been completed, but hopefully more by WGM
  • is GDPR white paper for here? Internationally?
    • white paper to express capabilities integrated into FHIR which have an applicability relative to GDPR for security and privacy
    • suspect portability will be touched upon, may integrate FHIRi but not much more to say about that now
    • check, check no check the FHIR feature to security and Privacy? (Answer: Yes)
  • additional questions/comments? none brought forward

TF4FA Ballot reconciliation Vote: 42-50 ballot comments Motion to accept the dispositions for comments 42-50 (date dispositions completed 8/14) Suzanne/Mike opposed: none; abstain: 1 (Joe Lamy); approve: 6

Please review 51-57 for voting next week spreadsheet link: https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)

PASS AUDIT post ballot document update

  • no update

TF4FA Volume 3 Audit - in progress (it’s more about Provenance than anything else)… Volume 3 - Provenance

  • Plan is to discuss during the September meeting, ballot in January
  • because of work with both audit and trust framework volumes 1,2 - we have a shortage of resources
  • hoping we will have more available beyond the already presented graphics
  • general update at MON Q3/Q4 plus additional discussion during Security-only call during WGM

Privacy Obsolete

  • declaring victory and wrapping up
    • Facebook or Amazon or Twitter, the sage of GDPR is playing out
    • at a point where we are not taking more input and write up what we have

Baltimore WGM Agenda

  • not all engaged in FHIR Security; Mike would like JohnM to report out on the details/overview of FHIR-Security and Privacy - time to cover in detail at another Q
    • Monday Q3/Q4 - small segment, high level what is security privacy in the context of FHIR (not deep)
    • since Dave Pyke will not be available, the Tuesday Q3 will cover a deeper discussion of Security and Privacy FHIR capabilities, with Q&A, move forward plan in the upcoming 6-months or so; changes since STU3
    • may record (no indicated technical constraints for the Baltimore meeting)
    • John may be able to locate some FHIR Security (background) videos if anyone is interested

Additional Agenda items? none added for WGM or Teleconference

  • topics: Kathleen will outreach to Trish, Alex for topics

Motion to adjourn (Kathleen) Meeting adjourned at --Suzannegw (talk) 15:39, 21 August 2018 (EDT) Arizona Time

Retrieved from "https://wiki.hl7.org/w/index.php?title=August_21,_2018_Security_Conference_Call&oldid=161048"