This wiki has undergone a migration to Confluence found Here
Difference between revisions of "December 19, 2017 Security Conference Call"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) (→Agenda) |
|||
| (6 intermediate revisions by one other user not shown) | |||
| Line 17: | Line 17: | ||
||||x|| [mailto:drs@securityrs.com David Staggs] | ||||x|| [mailto:drs@securityrs.com David Staggs] | ||
|- | |- | ||
| − | || | + | || x|| [mailto:mjafari@edmondsci.com Mohammed Jafari] |
| − | |||| | + | ||||x|| [mailto:Beth.Pumo@kp.org Beth Pumo] |
||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] | ||||.|| [mailto:ioana.singureanu@gmail.com Ioana Singureanu] | ||
||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||||.|| [mailto:robert.horn@agfa.com Rob Horn] | ||
| Line 25: | Line 25: | ||
||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||||.|| [mailto:serafina.versaggi@gmail.com Serafina Versaggi ] | ||
||||x|| [mailto:joe.lamy@aegis.net Joe Lamy] | ||||x|| [mailto:joe.lamy@aegis.net Joe Lamy] | ||
| − | |||| | + | ||||.|| [mailto:glinden@lindentechadvisiors.com Greg Linden] |
|- | |- | ||
|| .|| [mailto:pknapp@pknapp.com Paul Knapp] | || .|| [mailto:pknapp@pknapp.com Paul Knapp] | ||
| Line 34: | Line 34: | ||
|| .|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | || .|| [mailto:ken.salyards@samhsa.hhs.gov Ken Salyards] | ||
||||.|| [mailto:jim.kretz@samhsa.gov Jim Kretz] | ||||.|| [mailto:jim.kretz@samhsa.gov Jim Kretz] | ||
| − | |||| | + | ||||x|| [mailto:franciso.jauregui@electrosoft-inc.com] |
||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||||x|| [mailto:dsilver@electrosoft-inc.com Dave Silver] | ||
|- | |- | ||
| Line 45: | Line 45: | ||
[[Security|Back to Security Main Page]] | [[Security|Back to Security Main Page]] | ||
| − | == | + | ==Agenda== |
| − | # | + | #(2 min) Roll Call, Agenda Approval |
| − | # | + | #(3 min) Review and Approval of December 12, 2017 minutes |
| − | # | + | #(15 min) Security and Privacy DAM update review - Mike |
| − | # | + | #(10 min) Update on progress of Consumer Centered Data Exchange Connectathon scenario with Cascading Authorized App acting "on behalf of" a patient. Jan 2018 FHIR Connectathon CCDE Privacy Preserving ROA Sequence Diagram and Walk-through - Mohammad and Kathleen |
| − | # | + | #(5 min) PSAF call report out on HL7 Security and Privacy Domain Model - Mike Davis and Chris Shawn |
| − | # | + | #(15 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn |
| − | # | + | #(5 min) FHIR Security update Call later? - John Moehrke |
| + | |||
| + | [[Security|Back to Security Main Page]] | ||
==Minutes== | ==Minutes== | ||
| − | * | + | *Alex Mense chaired. |
*Agenda informally approved. | *Agenda informally approved. | ||
| − | *Minutes from December 12th reviewed. Minute Approval: | + | *Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0 |
| − | *RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM | + | *RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary. |
| − | *RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new Privacy Protecting Cascading OAuth | + | *RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new [https://gforge.hl7.org/gf/project/security/docman/CCDE%20Consumer%20Centered%20Data%20Exchange%20Connectathon/CCDE%202018/Privacy-Preserving-OAuth-2017-12-18.pptx Privacy Protecting Cascading OAuth presentation]. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content. |
| − | *RE: '''PSAF call report out''' - | + | *RE: '''PSAF call report out''' - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM |
| − | *RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates | + | *RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates related to breach and court cases. |
| − | *RE: FHIR Security call report out - John | + | *Security WG calls cancelled until January 9, 2018 |
| + | *RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled. | ||
| + | |||
| + | [[Security|Back to Security Main Page]] | ||
==Meeting Materials== | ==Meeting Materials== | ||
| Line 69: | Line 74: | ||
*[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/References.docx Breaches References] | *[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/References.docx Breaches References] | ||
*[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/Breaches%20v2.xlsx Breaches Spreadsheet] | *[https://gforge.hl7.org/gf/project/security/docman/Security%20White%20Papers/Is%20Privacy%20Obsolete%20Study%20Group%20Library/Breaches%20v2.xlsx Breaches Spreadsheet] | ||
| + | |||
| + | [[Security|Back to Security Main Page]] | ||
| + | |||
| + | Meeting adjourned at 3:58 PM ET | ||
Latest revision as of 08:23, 20 December 2017
Contents
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| x | Mohammed Jafari | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | x | [1] | x | Dave Silver | |||
| . | Oliver Lawless | . | Lisa Nelson | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (3 min) Review and Approval of December 12, 2017 minutes
- (15 min) Security and Privacy DAM update review - Mike
- (10 min) Update on progress of Consumer Centered Data Exchange Connectathon scenario with Cascading Authorized App acting "on behalf of" a patient. Jan 2018 FHIR Connectathon CCDE Privacy Preserving ROA Sequence Diagram and Walk-through - Mohammad and Kathleen
- (5 min) PSAF call report out on HL7 Security and Privacy Domain Model - Mike Davis and Chris Shawn
- (15 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
- (5 min) FHIR Security update Call later? - John Moehrke
Minutes
- Alex Mense chaired.
- Agenda informally approved.
- Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
- RE: Security and Privacy DAM update review Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
- RE: Consumer Centered Data Exchange Connectathon scenario update - Mohammad walked through new Privacy Protecting Cascading OAuth presentation. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
- RE: PSAF call report out - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM
- RE: Updates to Is Privacy Obsolete? Study Group wiki page - Mike reported updates related to breach and court cases.
- Security WG calls cancelled until January 9, 2018
- RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled.
Meeting Materials
Updates to Is Privacy Obsolete Study Group Wiki
Meeting adjourned at 3:58 PM ET
