This wiki has undergone a migration to Confluence found Here

Difference between revisions of "HL7 FHIR Security 2018-06-26"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "==Call Logistics== Weekly: '''Tuesday at 02:00 pm EST''' Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 Online Meeting ID: security36 ...")
 
Line 19: Line 19:
 
|-
 
|-
 
||  x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
 
||  x||[mailto:suzanne.webb@engilitycorp.com Suzanne Gonzales-Webb] CBCC Co-Chair   
||||.||[mailto:jc@securityrs.com Johnathan Coleman] CBCC co-chair
+
||||x||[mailto:jc@securityrs.com Johnathan Coleman] CBCC co-chair
 
||||.||[mailto:christopher.shawn2@va.gov Chris Shawn] Security co-chair
 
||||.||[mailto:christopher.shawn2@va.gov Chris Shawn] Security co-chair
 
|-
 
|-
||  x||[mailto:jim.kretz@samhsa.hhs.gov Jim Kretz]
+
||  .||[mailto:jim.kretz@samhsa.hhs.gov Jim Kretz]
 
||||.||[mailto:kenneth.salyards@samhsa.hhs.gov Kenneth Salyards]
 
||||.||[mailto:kenneth.salyards@samhsa.hhs.gov Kenneth Salyards]
 
||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair
 
||||.||[mailto:nathanbotts@westat.com Nathan Botts] Mobile co-chair
Line 38: Line 38:
 
||||.||Kevin Shekleton (Cerner, CDS Hooks)
 
||||.||Kevin Shekleton (Cerner, CDS Hooks)
 
|-
 
|-
||  .||[mailto:lcmaas@emrdirect.com Luis Maas EMR Direct]
+
||  .||[mailto:lcmaas@emrdirect.com Luis Maas]
||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver]
+
||||x||[mailto:julie@emrdirect.com Julie Mass]
 
||||.||[mailto:fjauregui@electrosoft-inc.com Francisco Jauregui]
 
||||.||[mailto:fjauregui@electrosoft-inc.com Francisco Jauregui]
 
|-
 
|-
 
||  .||[mailto:gary.dickinson@edhr-standards.com Gary Dickinson]
 
||  .||[mailto:gary.dickinson@edhr-standards.com Gary Dickinson]
||||.||[mailto:blah@example.com Foo Bar]
+
||||.||[mailto:dave.silver@electrosoft-inc.com Dave Silver]
 
||||.||[mailto:blah@example.com Foo Bar]
 
||||.||[mailto:blah@example.com Foo Bar]
 
|-
 
|-
Line 112: Line 112:
 
==Minutes==
 
==Minutes==
 
* John Chaired
 
* John Chaired
 +
* Minutes were not reviewed
 +
* approved [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=16527 16527] Access+Controls+-+Identity+Proofing
 +
* approved [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=16530 16530] Access+Controls+-+Protect+authenticators
 +
* approved [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=16532 16532] Access+Control+-+Authentication
 +
* approved [http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=16534 16534] Access+Controls+-+Authorization
 +
* approved [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=17242 17242] Recommending BCP195
 +
* Johnathan requested that we set a floor of TLS 1.2
 +
** created [https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=17422 17422] Manditory floor of TLS 1.2
 +
** Action John -- start zulip discussion on the impact of this.

Revision as of 13:28, 27 June 2018

Call Logistics

Weekly: Tuesday at 02:00 pm EST

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair . Kathleen Connor Security Co-Chair . Alexander Mense Security Co-chair
x Suzanne Gonzales-Webb CBCC Co-Chair x Johnathan Coleman CBCC co-chair . Chris Shawn Security co-chair
. Jim Kretz . Kenneth Salyards . Nathan Botts Mobile co-chair
. Diana Proud-Madruga x Joe Lamy AEGIS . Beth Pumo
. Irina Connelly . Matt Blackman Sequoia . Mark Underwood NIST
. Peter Bachman . Grahame Greve FHIR Program Director . Kevin Shekleton (Cerner, CDS Hooks)
. Luis Maas x Julie Mass . Francisco Jauregui
. Gary Dickinson . Dave Silver . Foo Bar

Agenda

ACTIONS

references

Current Open issues in gForge

  • 9167 AuditEvent+needs+to+make+more+obvious+how+to+record+a+break-glass+event (John Moehrke) Considered for Future Use
  • 10343 Three+additional+Signature.type+codes (Kathleen Connor) Considered for Future Use
  • 11071 Improve+security+label+guidance+-+2016-09+core+%2390 (Kathleen Connor) None
  • 12660 HCS+use+clarification (John Moehrke) None
  • 14678 Implementation+guide+for+signatures+-+2018-Jan+Core+%231 (Brian Pech) None
  • 15659 Provenance+still+has+both+identifier+and+reference+elements (Simone Heckmann) None
  • 16171 Observation.category+needs+test%2Fdemo%2Fcalibration+codes+to+distinguish+%27fake%27+data (Brian Reinhold) None
  • 16345 Link+to+obsoleted+version+of+HTTP+specification (Luis Maas) None
  • 16527 Access+Controls+-+Identity+Proofing (John Moehrke) None
  • 16530 Access+Controls+-+Protect+authenticators (John Moehrke) None
  • 16532 Access+Control+-+Authentication (John Moehrke) None
  • 16534 Access+Controls+-+Authorization (John Moehrke) None
  • 17192 Verification+of+given+resource+without+changing+the+content (Thomas Johansen) None
  • 17242 Recommend+that+IETF+BCP+195+be+used+when+TLS+is+used (John Moehrke) None
  • 17299 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke) None
  • 17300 Break-Glass+description+needs+clarifications (John Moehrke) None
  • 14027 enhance+current+disclosure+AuditEvent+so+that+it+explains+what+is+being+recorded+and+why (John Moehrke) Not Related

Minutes

  • John Chaired
  • Minutes were not reviewed
  • approved 16527 Access+Controls+-+Identity+Proofing
  • approved 16530 Access+Controls+-+Protect+authenticators
  • approved 16532 Access+Control+-+Authentication
  • approved 16534 Access+Controls+-+Authorization
  • approved 17242 Recommending BCP195
  • Johnathan requested that we set a floor of TLS 1.2
    • created 17422 Manditory floor of TLS 1.2
    • Action John -- start zulip discussion on the impact of this.