This wiki has undergone a migration to Confluence found Here

Difference between revisions of "HL7 FHIR Security 2018-12-11"

From HL7Wiki
Jump to navigation Jump to search
Line 78: Line 78:
  
 
==Minutes==
 
==Minutes==
 +
* John chaired
 +
* Agenda reviewed and approved: Kathleen/Beth: unanimous
 +
* Approve 3 minutes: Suzanne/Kathleen: unanimous
 +
* announcements
 +
** FHIR R4 is in Grahame's hands and expected released by the end of the year.
 +
* Isaac reviewed FHIR cast
 +
** Prime site for reviewing the specification
 +
*** http://fhircast.org
 +
** Uses W3C web-sub
 +
*** a spec that is used for web content distribution
 +
*** a standards based rest-hook
 +
*** https://www.w3.org/TR/websub/
 +
**** See Websub security considerations https://www.w3.org/TR/websub/#security-considerations
 +
** the hub has last say on context switches, and is usually provided by the dominant software. Often the EHR.
 +
** Recommendation
 +
*** Should have a Security Considerations section in FHIRcast document that addresses each Security Consideration from web-sub
 +
**** Elevating to SHALL the use of HTTPS, BCP195, and SHA-256
 +
*** Address Audit Logging
 +
**** May be a responsibility of the hub to record approved context changes
 +
**** May be addressed through a subscribing app that does nothing but record context changes
 +
** Two issues that have been discussed on the FHIR cast github were discussed
 +
*** https://github.com/fhircast/docs/labels/security

Revision as of 20:16, 11 December 2018

Call Logistics

Weekly: Tuesday at 02:00 pm EST

Web conference desktop and VOIP https://www.freeconferencecall.com/join/security36 
Online Meeting ID: security36
Phone: +1 515-604-9567, Participant Code: 880898
 Please be aware that teleconference meetings are recorded to assist with creating the meeting minutes 

Back to HL7 FHIR security topics

Attendees

Member Name Member Name Member Name
x John Moehrke Security Co-Chair . Kathleen Connor Security Co-Chair . Alexander Mense Security Co-chair
x Suzanne Gonzales-Webb CBCC Co-Chair . Johnathan Coleman CBCC co-chair . Chris Shawn Security co-chair
. Jim Kretz . Kenneth Salyards . Nathan Botts Mobile co-chair
x Diana Proud-Madruga x Joe Lamy AEGIS . Beth Pumo
. Irina Connelly . Matt Blackman Sequoia . Mark Underwood NIST
. Peter Bachman . Grahame Greve FHIR Program Director . Kevin Shekleton (Cerner, CDS Hooks)
. Luis Maas . Julie Maas . Francisco Jauregui
. Gary Dickinson . Dave Silver x Mike Davis
x Peter van Liesdonk . No One x No One

Agenda


ACTIONS

references

Minutes

  • John chaired
  • Agenda reviewed and approved: Kathleen/Beth: unanimous
  • Approve 3 minutes: Suzanne/Kathleen: unanimous
  • announcements
    • FHIR R4 is in Grahame's hands and expected released by the end of the year.
  • Isaac reviewed FHIR cast
    • Prime site for reviewing the specification
    • Uses W3C web-sub
    • the hub has last say on context switches, and is usually provided by the dominant software. Often the EHR.
    • Recommendation
      • Should have a Security Considerations section in FHIRcast document that addresses each Security Consideration from web-sub
        • Elevating to SHALL the use of HTTPS, BCP195, and SHA-256
      • Address Audit Logging
        • May be a responsibility of the hub to record approved context changes
        • May be addressed through a subscribing app that does nothing but record context changes
    • Two issues that have been discussed on the FHIR cast github were discussed