This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR Security 2018-04-10"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "==Call Logistics== Weekly: '''Tuesday at 02:00 EST''' Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 Pho...")
 
 
(One intermediate revision by the same user not shown)
Line 16: Line 16:
 
||  x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
 
||  x||[mailto:john.moehrke@ge.med.com John Moehrke] Security Co-Chair
 
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
 
||||x||[mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-Chair
||||.||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+
||||x||[mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
|-
 
|-
||  x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
+
||  .||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
||||.||[mailto:jc@securityrs.com Johnathan Coleman] CBCC co-chair
+
||||x||[mailto:jc@securityrs.com Johnathan Coleman] CBCC co-chair
||||x||[mailto:christopher.shawn2@va.gov Chris Shawn] Security co-chair
+
||||.||[mailto:christopher.shawn2@va.gov Chris Shawn] Security co-chair
 
|-
 
|-
||  x||[mailto:ali.massihi@hhs.gov Ali Massihi]
+
||  .||[mailto:ali.massihi@hhs.gov Ali Massihi]
 
||||.||[mailto:Mike.Davis@va.gov Mike Davis]
 
||||.||[mailto:Mike.Davis@va.gov Mike Davis]
 
||||x||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair
 
||||x||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair
Line 34: Line 34:
 
||||.||[mailto:mark.underwood@kryptonbrothers.com Mark Underwood] NIST
 
||||.||[mailto:mark.underwood@kryptonbrothers.com Mark Underwood] NIST
 
|-
 
|-
||  x||[mailto:pbspamfilteracct@gmail.com Peter Bachman]
+
||  .||[mailto:pbspamfilteracct@gmail.com Peter Bachman]
 
||||.||[mailto:grahame@hl7.org Grahame Greve] FHIR Program Director
 
||||.||[mailto:grahame@hl7.org Grahame Greve] FHIR Program Director
 
||||x||Kevin Shekleton (Cerner, CDS Hooks)
 
||||x||Kevin Shekleton (Cerner, CDS Hooks)
 
|-
 
|-
 
||  x||Luis Maas EMR Direct
 
||  x||Luis Maas EMR Direct
||||x||[mailto:dave.silver@electrosoft-inc.com Dave Silver]
+
||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver]
 
||||x||Francisco Jauregui
 
||||x||Francisco Jauregui
 
|-
 
|-
Line 47: Line 47:
 
*Roll;  
 
*Roll;  
 
* approval of agenda  
 
* approval of agenda  
* approval of [[HL7 FHIR Security 2018-03-20]] and [[HL7 FHIR Security 2018-03-27]] Minutes
+
* approval of [[HL7 FHIR Security 2018-04-03]] Minutes
 
* Anouncements
 
* Anouncements
** Note new time at 2:00 Eastern Time every Tuesday (just prior to full Security WG meeting)
 
** Created new stream for Security and Privacy discussions. Specification development, and Implementation.
 
*** https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy
 
** Grahame created a new stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
 
*** https://chat.fhir.org/#narrow/stream/patient.20empowerment
 
** Proposed FHIR Connectathon track for Cologne -- GDPR
 
*** Alex has agreed to be a SME. John to support.
 
*** Rene has agreed to help out.
 
*** http://wiki.hl7.org/index.php?title=201805_GDPR
 
** Blockchain FHIR Connectathon
 
*** Grahame is trying to find a community wanting to 'play' with blockchain. He is willing to standup the infrastructure.
 
*** See blockchain zulip stream https://chat.fhir.org/#narrow/stream/blockchain
 
 
* Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance  
 
* Johnathan specific guidance given a paper from ONC that might guide improvements to the security guidance  
 
** Johnathan confirms he can attend
 
** Johnathan confirms he can attend
Line 88: Line 76:
 
** Action: Matt will provide references used in Sequoia
 
** Action: Matt will provide references used in Sequoia
 
** Tracker [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=15907 15907]
 
** Tracker [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=15907 15907]
 +
 +
=== references ===
 +
* stream for Security and Privacy discussions. Specification development, and Implementation.
 +
** https://chat.fhir.org/#narrow/stream/Security.20and.20Privacy
 +
* stream for Patient Empowerment. Discussions about empowering patients. Focus on deployment and advocacy.
 +
** https://chat.fhir.org/#narrow/stream/patient.20empowerment
 +
* Proposed FHIR Connectathon track for Cologne -- GDPR
 +
** http://wiki.hl7.org/index.php?title=201805_GDPR
 +
* Blockchain FHIR Connectathon
 +
** Grahame is trying to find a community wanting to 'play' with blockchain. He is willing to standup the infrastructure.
 +
** See blockchain zulip stream https://chat.fhir.org/#narrow/stream/blockchain
  
 
==Minutes==
 
==Minutes==
 
* John Chaired
 
* John Chaired
 +
* agenda approved
 +
* approved [[HL7 FHIR Security 2018-04-03]] Minutes
 +
* Discussed Input Validation
 +
** created and approved [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=15909 CR#15909]
 +
** There was significant discussion around if we should include the second sentence on testing recommendations. The concern that any move into testing might be seen as overly prescriptive or specifically limited. Second concern is that this might lead to a precedent that we include a testing recommendation for every security line item.
 +
* Likely need overall guidance to use a security framework...

Latest revision as of 19:16, 10 April 2018

Call Logistics

Weekly: Tuesday at 02:00 EST 

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair x Kathleen Connor Security Co-Chair x Alexander Mense Security Co-chair
. Suzanne Gonzales-Webb CBCC Co-Chair x Johnathan Coleman CBCC co-chair . Chris Shawn Security co-chair
. Ali Massihi . Mike Davis x Nathan Botts Mobile co-chair
x Diana Proud-Madruga x Joe Lamy AEGIS x Beth Pumo
. Irina Connelly x Matt Blackman Sequoia . Mark Underwood NIST
. Peter Bachman . Grahame Greve FHIR Program Director x Kevin Shekleton (Cerner, CDS Hooks)
x Luis Maas EMR Direct . Dave Silver x Francisco Jauregui

Agenda

ACTIONS

  • Motion: JC/KC - Where secure http communications are needed, include TLS 1.2 or higher as best-practice in the specification, and consider it as a candidate for being a requirement.
    • Modify first sentence of second paragraph: "TLS 1.2 or higher SHOULD be used for all production data exchange, and disable support for lower versions of TLS."
    • post-paragraph add : "When using TLS use with strong cipher suites (e.g, AES)."
    • References: SMART-on-FHIR, NIST SP 800-52, IETF RFC xxxx on HTTP ......
    • Action: Matt will provide references used in Sequoia
    • Tracker 15907

references

Minutes

  • John Chaired
  • agenda approved
  • approved HL7 FHIR Security 2018-04-03 Minutes
  • Discussed Input Validation
    • created and approved CR#15909
    • There was significant discussion around if we should include the second sentence on testing recommendations. The concern that any move into testing might be seen as overly prescriptive or specifically limited. Second concern is that this might lead to a precedent that we include a testing recommendation for every security line item.
  • Likely need overall guidance to use a security framework...
Retrieved from "https://wiki.hl7.org/w/index.php?title=HL7_FHIR_Security_2018-04-10&oldid=155775"