This wiki has undergone a migration to Confluence found Here
Difference between revisions of "HL7 FHIR Security 2016-3-8"
Jump to navigation
Jump to search
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) (→Agenda) |
||
Line 49: | Line 49: | ||
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 Security CP 9563Add onBehalfOf to Signature datatype] - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer. | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 Security CP 9563Add onBehalfOf to Signature datatype] - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer. | ||
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security PC 9407 Align AuditEvent and Provenance action/activity element definition] Continue work on activity definitions. | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 Security PC 9407 Align AuditEvent and Provenance action/activity element definition] Continue work on activity definitions. | ||
+ | * Next set of discussion | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9417 9417] Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7568 7568] 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 9407] Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9150 9150] Provenance TODO section cleanup (John Moehrke) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9151 9151] AuditEvent has TODO section to be removed (John Moehrke) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9166 9166] Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9167 9167] AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 9176] Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype (Kathleen Connor) None | ||
+ | **[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None | ||
==Minutes== | ==Minutes== |
Revision as of 21:56, 8 March 2016
Contents
Call Logistics
Weekly: Tuesday at 05:00 EST (2 PM PST)
Conference Audio: 770-657-9270,' Access: 845692
Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV
If you are having difficulty joining, please try:
https://global.gotomeeting.com/join/520841173
Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes
Back to HL7 FHIR security topics
Attendees
Member Name | Member Name | Member Name | ||||||
---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-Chair | x | Kathleen Connor Security Co-Chair | . | Suzanne Gonzales-Webb CBCC Co-Chair | |||
. | Gary Dickinson EHR Co-Chair | . | Johnathan ColemanCBCC Co-Chair | . | Mike Davis | |||
. | Reed Gelzer RM-ES Lead | x | Glen Marshal | . | Galen Mulrooney | |||
. | Dave Silver | x | Rob Horn | x | Judy Fincher | |||
x | Diana Proud-Madruga | . | Beth Pumo | x | Oliver Lawles |
Agenda
- Roll; approval of agenda and March 1, 2016 minutes
- Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
- CPs for Review
- Security CP 9563Add onBehalfOf to Signature datatype - FM voted to recommend that Security adopt this approach to capturing delegation relationship between a signer party that delegates actual signing to another entity, especially where there is more than one signer.
- Security PC 9407 Align AuditEvent and Provenance action/activity element definition Continue work on activity definitions.
- Next set of discussion
- 9417 Add a new Provenance.entity.lifecycle element to align with Audit.entity.lifecycle. Align definitions. (Kathleen Connor) Persuasive with Mod
- 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
- 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.activity". (Kathleen Connor) None
- 9150 Provenance TODO section cleanup (John Moehrke) None
- 9151 AuditEvent has TODO section to be removed (John Moehrke) None
- 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
- 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
- 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
- 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
- 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
Minutes
- Chair
- Review/approval of agenda and minutes
- RE: Security CP 9563Add onBehalfOf to Signature datatype
- “onBehalfOf" definition of " = Agent who delegated signing or did not have the legal standing to sign for themselves (such as a child) e.g., a party to a contract, consent directive, witness, attester, etc.
- Add "onBehalfOfReference" definition: The delegator for which the “who” Reference, e.g., a Device, signed on behalf of. The delegator can only be a Referenced Resource type in the context in which the signature is used. E.g., in a contract, where a signing party must have legal standing, by limiting Referenced resources to Organizational or Person like Resources, may be enough of a constraint to prevent a device being the delegator to another device and thereby a signer which must have legal standing.
- NOTE that W3C PROV Namespace has a description for "actedOnBehalfOf" = "Delegation is the assignment of authority and responsibility to an agent (by itself or by another agent) to carry out a specific activity as a delegate or representative, while the agent it acts on behalf of retains some responsibility for the outcome of the delegated work.
- RE:Security CP 9407 - aligned AuditEvent.activity and Provenance.activity.