This wiki has undergone a migration to Confluence found Here
Difference between revisions of "December 19, 2017 Security Conference Call"
Jump to navigation
Jump to search
| Line 57: | Line 57: | ||
*Alex Mense chaired. | *Alex Mense chaired. | ||
*Agenda informally approved. | *Agenda informally approved. | ||
| − | *Minutes from December 12th reviewed. Minute Approval: | + | *Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0 |
| − | *RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM | + | *RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary. |
| − | *RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram. | + | *RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content. |
| − | *RE: '''PSAF call report out''' - | + | *RE: '''PSAF call report out''' - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM |
| − | *RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates | + | *RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates related to breach and court cases. |
| − | *RE: FHIR Security call report out - John | + | *RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled. |
==Meeting Materials== | ==Meeting Materials== | ||
Revision as of 23:02, 19 December 2017
Contents
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | x | David Staggs | |||
| x | Mohammed Jafari | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | . | Serafina Versaggi | x | Joe Lamy | . | Greg Linden | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | x | [1] | x | Dave Silver | |||
| . | Oliver Lawless | . | Lisa Nelson | . | David Tao | . | Nathan Botts |
Agenda
- (2 min) Roll Call, Agenda Approval
- (3 min) Review and Approval of December 12, 2017 minutes
- (15 min) Security and Privacy DAM update review - Mike
- (10 min) Update on progress of Consumer Centered Data Exchange Connectathon scenario with Cascading Authorized App acting "on behalf of" a patient. Privacy Preserving OAuth and Jan 2018 FHIR Connectathon CCDE Privacy Preserving ROA Sequence Diagram and Walk-through - Mohammad and Kathleen
- (5 min) PSAF call report out on HL7 Security and Privacy Domain Model - Mike Davis and Chris Shawn
- (15 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
- (5 min) No FHIR Security update Call later - John Moehrke
Minutes
- Alex Mense chaired.
- Agenda informally approved.
- Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
- RE: Security and Privacy DAM update review Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
- RE: Consumer Centered Data Exchange Connectathon scenario update - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
- RE: PSAF call report out - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM
- RE: Updates to Is Privacy Obsolete? Study Group wiki page - Mike reported updates related to breach and court cases.
- RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled.
