This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2016-6-07"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "==Call Logistics== Weekly: '''Tuesday at 05:00 EST''' (2 PM PST) Conference Audio: '''770-657-9270,''' Access: '''845692'' '''Join online meeting: https://meet.RTC.VA.GOV/...")
 
Line 48: Line 48:
 
==Agenda==
 
==Agenda==
 
*Roll;  
 
*Roll;  
* approval of agenda and the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-5-31 May 31, 2016 minutes]
+
* approval of agenda  
* FMM evaluation vs desire --- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
+
* approval of the [http://wiki.hl7.org/index.php?title=HL7_FHIR_Security_2016-5-31 May 31, 2016 minutes]
 +
* FMM evaluation vs desire - We picked 4 last week -- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?  (Gary will join)
 
* Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet?  (Gary will join)
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6303 6303] Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6303 6303] Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
 
* Discussion around _confidentiality code vocabulary.
 
* Discussion around _confidentiality code vocabulary.
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 9176] Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9176 9176] Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
* Ready for vote or agreement to put into a block vote for next week:
+
* Rob update on purposeOfEvent vs PurposeOfUse
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9840 9840] Provenance.entity.provenance (Kathleen Connor) None
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9812 9812] Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9919 9919] Add parameters to AuditEvent (John Moehrke) None
+
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10046 10046] AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
 
 
* Ready for discussion to resolve to a vote (vote this week, or block vote next week)
 
* Ready for discussion to resolve to a vote (vote this week, or block vote next week)
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9812 9812] Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
 
*** Rob took assignment.
 
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 9407] Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
 
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9407 9407] Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
 
***Likely ready for vote. Just need to be clear we are not loosing meaning by so tightly aligning element names.
 
***Likely ready for vote. Just need to be clear we are not loosing meaning by so tightly aligning element names.
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=3318 3318] Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
+
** TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
***Need someone to write a paragraph outlining generally how RBAC and ABAC would be used with FHIR. Not a design, but just contrast and explain how they are enabled by FHIR
+
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9150 9150] Provenance TODO section cleanup (John Moehrke) None
 +
** TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
 +
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9151 9151] AuditEvent has TODO section to be removed (John Moehrke) None
 +
** Discussion on signature 'type' that is 'onBehalfOf'
 +
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype (Kathleen Connor) None
 +
** Need feedback from the community on how important the other DICOM elements are to FHIR. The DICOM named items we can make as named extensions quite easily. THe ability that DICOM allows for infinite expansion should be left to normal HL7 FHIR extension.
 +
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
 +
** Need discussion. On the one hand, I don't see how this is a critical problem. The use-case given can be addressed with multiple Provenace instances pointing at the same target version, one for each agent. There is notes that Paul and/or Josh have solved the problem elsewhere. I haven't seen any of those details, and still confused on why an easy solution isn't better.
 +
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7568 7568] 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
  
 +
* Need assignment
 +
**Need someone to write a paragraph outlining generally how RBAC and ABAC would be used with FHIR. Not a design, but just contrast and explain how they are enabled by FHIR
 +
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=3318 3318] Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
 
** update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
 
** update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9042 9042] Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9042 9042] Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9043 9043] Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9043 9043] Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9052 9052] Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9052 9052] Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
 
** TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9150 9150] Provenance TODO section cleanup (John Moehrke) None
 
** TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9151 9151] AuditEvent has TODO section to be removed (John Moehrke) None
 
 
** Need editor to write paragraph or break-glass. Likely just an sentence or two in second half of AuditEvent resource page explaining the break-glass example. Also need to add that text to the break-glass example.
 
** Need editor to write paragraph or break-glass. Likely just an sentence or two in second half of AuditEvent resource page explaining the break-glass example. Also need to add that text to the break-glass example.
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9166 9166] Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9166 9166] Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
Line 81: Line 85:
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9996 9996] Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9996 9996] Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
  
** Discussion on signature 'type' that is 'onBehalfOf'
+
* Prepare for a block vote for next week --
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9563 9563] Add onBehalfOf to Signature datatype (Kathleen Connor) None
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9840 9840] Provenance.entity.provenance (Kathleen Connor) None
** Need feedback from the community on how important the other DICOM elements are to FHIR. The DICOM named items we can make as named extensions quite easily. THe ability that DICOM allows for infinite expansion should be left to normal HL7 FHIR extension.
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9919 9919] Add parameters to AuditEvent (John Moehrke) None
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=9564 9564] Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
+
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=10046 10046] AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None
** Need discussion. On the one hand, I don't see how this is a critical problem. The use-case given can be addressed with multiple Provenace instances pointing at the same target version, one for each agent. There is notes that Paul and/or Josh have solved the problem elsewhere. I haven't seen any of those details, and still confused on why an easy solution isn't better.
 
***[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7568 7568] 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
 
  
* New items - nothing new
 
* Prepare for a block vote for next week --
 
*
 
*
 
  
 
===All Security Open===
 
===All Security Open===
  
 
all items have been put into the agenda.
 
all items have been put into the agenda.
 
  
 
==Minutes==
 
==Minutes==

Revision as of 18:09, 6 June 2016

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Conference Audio: 770-657-9270,' Access: 845692

Join online meeting: https://meet.RTC.VA.GOV/suzanne.gonzales-webb/67LLFDYV

If you are having difficulty joining, please try:

https://global.gotomeeting.com/join/520841173

Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Suzanne Gonzales-Webb CBCC Co-Chair
. Gary Dickinson EHR Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead x Glen Marshal . Galen Mulrooney
. Dave Silver . Rob Horn . Judy Fincher
x Diana Proud-Madruga . Beth Pumo x Oliver Lawless
. Bob Dieterle . [mailto:] [mailto:]

Agenda

  • Roll;
  • approval of agenda
  • approval of the May 31, 2016 minutes
  • FMM evaluation vs desire - We picked 4 last week -- We might want to re-evaluate to level 3. As level 4 means we would need to work hard to get "complete" testing tools and procedures at 100% of functionality. I think we should only target getting some testing ready.
  • Discussion around Record Lifecycle events (6303)? Are we going to support this? Are the vocabulary done yet? (Gary will join)
    • 6303 Add Record Lifecycle Events to AuditEventObjectLifecycle Set (Gary Dickinson) None
  • Discussion around _confidentiality code vocabulary.
    • 9176 Security-Labels page for _confidentialiy points at all "Confidentiality" codes, not just _confidentiality. (John Moehrke) None
  • Rob update on purposeOfEvent vs PurposeOfUse
    • 9812 Add a note to AuditEvent explaining PurposeOfEvent and PurposeOfUse (Robert Horn) None
  • Ready for discussion to resolve to a vote (vote this week, or block vote next week)
    • 9407 Align AuditEvent and Provenance action/activity element. Recommend "Provenance.entity.activity". (Kathleen Connor) None
      • Likely ready for vote. Just need to be clear we are not loosing meaning by so tightly aligning element names.
    • TODO on Provenance - Are we done yet? do we at least have CPs for each thing yet to do?
      • 9150 Provenance TODO section cleanup (John Moehrke) None
    • TODO on AuditEvent - Are we done yet? do we at least have CPs for each thing yet to do?
      • 9151 AuditEvent has TODO section to be removed (John Moehrke) None
    • Discussion on signature 'type' that is 'onBehalfOf'
      • 9563 Add onBehalfOf to Signature datatype (Kathleen Connor) None
    • Need feedback from the community on how important the other DICOM elements are to FHIR. The DICOM named items we can make as named extensions quite easily. THe ability that DICOM allows for infinite expansion should be left to normal HL7 FHIR extension.
      • 9564 Should FHIR AuditEvent resource include DICOM extension of ATNA Audit log message ? (Madhusudana B Shivalinge Gowda) None
    • Need discussion. On the one hand, I don't see how this is a critical problem. The use-case given can be addressed with multiple Provenace instances pointing at the same target version, one for each agent. There is notes that Paul and/or Josh have solved the problem elsewhere. I haven't seen any of those details, and still confused on why an easy solution isn't better.
      • 7568 2015May core #859 - How are agent and activity linked? (Kathleen Connor) None
  • Need assignment
    • Need someone to write a paragraph outlining generally how RBAC and ABAC would be used with FHIR. Not a design, but just contrast and explain how they are enabled by FHIR
      • 3318 Clarify how to use RBAC and ABAC using FHIR (John Moehrke) None
    • update to Actor Roles (Action Kathleen) to do minor cleanup and provide to john for commit
      • 9042 Add RBAC as value set for AuditEvent.participant.role (Kathleen Connor) None
      • 9043 Add ABAC as alternative value set for AuditEvent.participant.role (Kathleen Connor) None
      • 9052 Add SNOMED Stuctural Roles as value set for AuditEvent.participant.role (Kathleen Connor) None
    • Need editor to write paragraph or break-glass. Likely just an sentence or two in second half of AuditEvent resource page explaining the break-glass example. Also need to add that text to the break-glass example.
      • 9166 Break-Glass method defined doesn't include AuditEvent effect. (John Moehrke) None
      • 9167 AuditEvent needs to make more obvious how to record a break-glass event (John Moehrke) None
    • Need editor to write text and example. Derived from Rene's --- John?
      • 9996 Using Provenance resource to annotate content derived from non-FHIR sources (Simone Heckmann) None
  • Prepare for a block vote for next week --
    • 9840 Provenance.entity.provenance (Kathleen Connor) None
    • 9919 Add parameters to AuditEvent (John Moehrke) None
    • 10046 AuditEvent example for Login needs to include the login software as an agent (John Moehrke) None


All Security Open

all items have been put into the agenda.

Minutes

Retrieved from "https://wiki.hl7.org/w/index.php?title=HL7_FHIR_Security_2016-6-07&oldid=121169"