This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2017-07-11"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "==Call Logistics== Weekly: '''Tuesday at 05:00 EST''' (2 PM PST) Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: secur...")
 
 
(6 intermediate revisions by the same user not shown)
Line 16: Line 16:
 
||  x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
 
||  x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
 
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
 
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+
||||x||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
|-
 
|-
 
||  .||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
 
||  .||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
Line 24: Line 24:
 
||  .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
 
||  .||[mailto:rgelzer@provider-resources.com Reed Gelzer] RM-ES Lead
 
||||.||[mailto:gfm@securityrs.com Glen Marshal]
 
||||.||[mailto:gfm@securityrs.com Glen Marshal]
||||x||[mailto:joe.lamy@aegis.net Joe Lamy]
+
||||.||[mailto:joe.lamy@aegis.net Joe Lamy]
 
|-
 
|-
 
||  .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
 
||  .||[mailto:Diana.Proud-Madruga@engilitycorp.com Diana Proud-Madruga]
||||.||[mailto:robert.horn@agfa.com Rob Horn]  
+
||||x||[mailto:robert.horn@agfa.com Rob Horn]  
 
||||.||[mailto:Beth.Pumo@kp.org Beth Pumo]
 
||||.||[mailto:Beth.Pumo@kp.org Beth Pumo]
 
|-
 
|-
Line 36: Line 36:
 
* approval of agenda  
 
* approval of agenda  
 
* approval of the [[HL7 FHIR Security 2017-03-28]] Minutes
 
* approval of the [[HL7 FHIR Security 2017-03-28]] Minutes
 +
* approval of the [[HL7 FHIR Security 2017-06-13]] Minutes
 +
* approval of the [[HL7 FHIR Security 2017-06-27]] Minutes
 
* All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
 
* All security open http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4967
* Prepare Block vote  
+
* Discussion on Block vote  
 +
* Approve Block Vote
 +
* Discuss Mike's new Break-Glass proposal
 
* Plan resolution of CR (see below)  
 
* Plan resolution of CR (see below)  
 
* SMART engagement
 
* SMART engagement
** https://github.com/smart-on-fhir/smart-on-fhir.github.io/tree/into-hl7
+
** reminder that we plan to ballot the SMART on FHIR App Launch Protocol in the upcoming cycle (voting in August, with reconciliation to begin at the September WGm). The content we intend to ballot has been prepared (and is being refined) at https://github.com/smart-on-fhir/smart-on-fhir.github.io/tree/into-hl7 and our list of open issues during this refinement period is at https://github.com/smart-on-fhir/smart-on-fhir.github.io/issues (Josh).
 
* Setting up Test Plans for Security / Privacy topic
 
* Setting up Test Plans for Security / Privacy topic
 +
** Connectathon scenario -- Pattern that shows how Provenance, AuditEvent, Consent, security-labels, and other can be overlaid on <any> other connectathon scenario
 +
** TestScript resource based tests
 +
*** AuditEvent tests for well understood audit log
 +
*** Provenance tests for well understood provenance use
 +
** Test bench?
 +
*** some automated environment that people can use to test their: ( a ) client,  ( b ) server, or other? Can this be done?
 
* New business?
 
* New business?
  
 
===Open Issues===
 
===Open Issues===
The following are currently in Deferred state. Now to be worked on for STU4 (release 4):
+
Now to be worked on for STU4 (release 4):
  
 
====Block 1====
 
====Block 1====
Line 90: Line 100:
  
 
=Minutes=
 
=Minutes=
 +
* John chaired
 +
* Approval of three minutes
 +
* approval of the [[HL7 FHIR Security 2017-03-28]], [[HL7 FHIR Security 2017-06-13]], [[HL7 FHIR Security 2017-06-27]] : Kathleen Connor / Rob Horn: 3-0-0
 +
* Removed from Block 1: 13570 and 13571 due to concern around Reference.Identifier definition and use. Need FHIR-I resolution first.
 +
* Removed from Block 1: 13504 needing further discussion to determine if it should be core, or a core-extension. Kathleen prefers core; John and Rob indicate it is not 80% so should be core-extension.
 +
* Motion to approve Block 1: Rob Horn / Kathleen Connor: 3-0-0
 +
* adjourn due to timeframe constraints of some participants
 +
* No meeting next week

Latest revision as of 21:41, 11 July 2017

Call Logistics

Weekly: Tuesday at 05:00 EST (2 PM PST)

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Alexander Mense Security Co-chair
. Suzanne Gonzales-Webb CBCC Co-Chair . Johnathan ColemanCBCC Co-Chair . Mike Davis
. Reed Gelzer RM-ES Lead . Glen Marshal . Joe Lamy
. Diana Proud-Madruga x Rob Horn . Beth Pumo

Agenda

Open Issues

Now to be worked on for STU4 (release 4):

Block 1

  • 12939 Security+Role+vocabulary+should+be+mentioned+on+the+security.html+page (John Moehrke) Persuasive
  • 13501 Add+to+Provenance.agent+the+resource+type+PractitionerRole+in+both+who+and+onbehalfof (John Moehrke) Persuasive
  • 13502 Add+ParactitionerRole+to+AuditEvent.agent.reference (John Moehrke) Persuasive
  • 13504 add+to+AuditEvent+a+place+to+record+OperationOutcome (John Moehrke) Persuasive
  • 13568 AuditEvent.event.details.value+need+a+String+variation+in+addition+to+base64binary (John Moehrke) Persuasive
  • 13569 AuditEvent+-+need+period (John Moehrke) Persuasive
  • 13570 Provenance+-+clarify+when+Provenance.entity.whatUri+and+whatIdentifier+are+to+be+used (John Moehrke) Persuasive
  • 13571 AuditEvent.entity.identifier+vs+resource+vs+URI+-+explain+why+each+should+be+used (John Moehrke) Persuasive
  • 12502 Provenance.agent.relatedAgentType+is+nonsensical (Grahame Grieve) Persuasive with Mod
  • 13012 Provenance.period+should+be+a+choice (Lloyd McKenzie) Persuasive with Mod
  • 13016 Provenance.agent.role+should+be+1..1 (Lloyd McKenzie) Persuasive with Mod
  • 13238 Add+guidance+on+JSON+signatures (John Moehrke) Persuasive with Mod

Discuss

  • 9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use
  • 10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
  • 10580 How+should+test+data+be+identified%3F (John Moehrke) Considered for Future Use
  • 10581 something+should+be+said+about+de-identification (John Moehrke) Considered for Future Use
  • 12462 Security%2FPrivacy+Module+page+should+explain+W5+realty+that+provenance+elements+in+other+resources+vs+use+of+Provenance+as+a+resource (John Moehrke) Considered for Future Use
  • 12463 explain+relationship+between+Provenance+and+AuditEvent.+ (John Moehrke) Considered for Future Use
  • 10579 New+Security+and+Privacy+%22Module%22+page+needs+content (John Moehrke) None
  • 11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor) None
  • 12660 HCS+use+clarification (John Moehrke) None
  • 12941 Security+Role+vocabulary+should+include+ISO+21298 (John Moehrke) None
  • 13011 The+value+set+for+security-role-type+is+broken+for+Provenance (Lloyd McKenzie) None
  • 13013 Valueset+for+Provenance.activity+is+broken (Lloyd McKenzie) None
  • 13014 Provenance.agent.relatedAgentType+doesn%27t+make+sense (Lloyd McKenzie) None

Assigned to John

Assigned to Kathleen

  • 10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
    • need to work with some organization (e.g. HL7) to create three new vocabulary values. These vocabulary values need to be defined as OID values, because they are used in external standards that have a data-type of OID (i.e. XML-Signature). So they can't be text vocabulary, and they need to be fully OID.


Narrative improvements

http://build.fhir.org/secpriv-module.html

Minutes

  • John chaired
  • Approval of three minutes
  • approval of the HL7 FHIR Security 2017-03-28, HL7 FHIR Security 2017-06-13, HL7 FHIR Security 2017-06-27 : Kathleen Connor / Rob Horn: 3-0-0
  • Removed from Block 1: 13570 and 13571 due to concern around Reference.Identifier definition and use. Need FHIR-I resolution first.
  • Removed from Block 1: 13504 needing further discussion to determine if it should be core, or a core-extension. Kathleen prefers core; John and Rob indicate it is not 80% so should be core-extension.
  • Motion to approve Block 1: Rob Horn / Kathleen Connor: 3-0-0
  • adjourn due to timeframe constraints of some participants
  • No meeting next week