This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "December 19, 2017 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 44: Line 44:
 
|}
 
|}
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
 +
 +
==Agenda==
 +
#(2 min) Roll Call, Agenda Approval
 +
#(3 min) Review and Approval of December 12, 2017 minutes
 +
#(15 min) Security and Privacy DAM update review - Mike
 +
#(10 min) Update on progress of Consumer Centered Data Exchange Connectathon scenario with Cascading Authorized App acting "on behalf of" a patient. Jan 2018 FHIR Connectathon CCDE Privacy Preserving ROA Sequence Diagram and Walk-through - Mohammad and Kathleen
 +
#(5 min) PSAF call report out on HL7 Security and Privacy Domain Model - Mike Davis and Chris Shawn
 +
#(15 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
 +
#(5 min) FHIR Security update Call later? - John Moehrke
 +
  
 
==Minutes==
 
==Minutes==
Line 50: Line 60:
 
*Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
 
*Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
 
*RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
 
*RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
*RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram.  Mike and Mohammad discussed the applicability of enterprise as well as simple App clients.  Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
+
*RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new [https://gforge.hl7.org/gf/project/security/docman/CCDE%20Consumer%20Centered%20Data%20Exchange%20Connectathon/CCDE%202018/Privacy-Preserving-OAuth-2017-12-18.pptx Privacy Protecting Cascading OAuth presentation].  Mike and Mohammad discussed the applicability of enterprise as well as simple App clients.  Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
 
*RE: '''PSAF call report out''' - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM   
 
*RE: '''PSAF call report out''' - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM   
 
*RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates related to breach and court cases.
 
*RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates related to breach and court cases.
 
*Security WG calls cancelled until January 9, 2018
 
*Security WG calls cancelled until January 9, 2018
*RE: FHIR Security call report out - John.  John was not present, and no meeting was scheduled.
 
 
==Minutes==
 
*Alex Mense chaired.
 
*Agenda informally approved.
 
*Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
 
*RE: '''Security and Privacy DAM update review''' Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
 
*RE: '''Consumer Centered Data Exchange Connectathon scenario update''' - Mohammad walked through new Privacy Protecting Cascading OAuth Sequence Diagram.  Mike and Mohammad discussed the applicability of enterprise as well as simple App clients.  Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
 
*RE: '''PSAF call report out''' - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM 
 
*RE: Updates to '''[http://wiki.hl7.org/index.php?title=%22Is_Privacy_Obsolete%22_Study_Group_Page%22 Is Privacy Obsolete? Study Group wiki page'''] - Mike reported updates related to breach and court cases.
 
 
*RE: FHIR Security call report out - John.  John was not present, and no meeting was scheduled.
 
*RE: FHIR Security call report out - John.  John was not present, and no meeting was scheduled.
  

Revision as of 23:08, 19 December 2017

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John Moehrke Security Co-chair x Kathleen Connor Security Co-chair x Alexander Mense Security Co-chair . Trish Williams Security Co-chair
x Christopher Shawn Security Co-chair x Suzanne Gonzales-Webb x Mike Davis x David Staggs
x Mohammed Jafari x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Greg Linden
. Paul Knapp . Grahame Grieve . Johnathan Coleman . Aaron Seib
. Ken Salyards . Jim Kretz x [1] x Dave Silver
. Oliver Lawless . Lisa Nelson . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (3 min) Review and Approval of December 12, 2017 minutes
  3. (15 min) Security and Privacy DAM update review - Mike
  4. (10 min) Update on progress of Consumer Centered Data Exchange Connectathon scenario with Cascading Authorized App acting "on behalf of" a patient. Jan 2018 FHIR Connectathon CCDE Privacy Preserving ROA Sequence Diagram and Walk-through - Mohammad and Kathleen
  5. (5 min) PSAF call report out on HL7 Security and Privacy Domain Model - Mike Davis and Chris Shawn
  6. (15 min) Is Privacy Obsolete? Study Group wiki page has the "Is Privacy Obsolete?" Listserve link. Update on project - Mike Davis and Chris Shawn
  7. (5 min) FHIR Security update Call later? - John Moehrke


Minutes

  • Alex Mense chaired.
  • Agenda informally approved.
  • Minutes from December 12th reviewed. Minute Approval: Kathleen moved; Suzanne seconded. Approved: 9-0-0
  • RE: Security and Privacy DAM update review Mike walked through recent and anticipated updates to the DAM showing new classes for retained and resource policies, and need for authorization and delegation vocabulary.
  • RE: Consumer Centered Data Exchange Connectathon scenario update - Mohammad walked through new Privacy Protecting Cascading OAuth presentation. Mike and Mohammad discussed the applicability of enterprise as well as simple App clients. Mike noted the need for an emergency treatment purpose of use. Mohammad noted that an alternative being discussed is to put emergency treatment purpose in the HTTP header as an override to any purpose of use restrictions on the content.
  • RE: PSAF call report out - Kathleen reported that the remaining dispositions have to do with sensitivity policy being limited to one per domain, and permitted only with very restricted and restricted confidentiality. Mike stated that he wants to reopen the dispositions to Bernd Blobel's comments, which were approved in Madrid May 2017 WGM
  • RE: Updates to Is Privacy Obsolete? Study Group wiki page - Mike reported updates related to breach and court cases.
  • Security WG calls cancelled until January 9, 2018
  • RE: FHIR Security call report out - John. John was not present, and no meeting was scheduled.

Meeting Materials

Updates to Is Privacy Obsolete Study Group Wiki

Retrieved from "https://wiki.hl7.org/w/index.php?title=December_19,_2017_Security_Conference_Call&oldid=150303"