This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "HL7 FHIR security topics"

From HL7Wiki
Jump to navigation Jump to search
Line 12: Line 12:
  
 
list from November 3rd, 2015
 
list from November 3rd, 2015
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=3318 3318] Clarify how to use RBAC and ABAC using FHIR ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=5525 5525] Consent Directive does not appear to be aligned with the 80% ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6303 6303] Add Record Lifecycle Events to AuditEventObjectLifecycle Set ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7563 7563] 2015May core #854 - Expand on how to use Provenance ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7567 7567] 2015May core #858 - Provenance isn't sufficiently aligned with w3c spec ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7568 7568] 2015May core #859 - How are agent and activity linked? ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7569 7569] 2015May core #860 - Clarify relationship agents and entities used in activity ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7570 7570] 2015May core #861 - Clarify relationship agents and entities used in activity ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7597 7597] 2015May core #888 - This resource is missing any reference to the "action" performed on the entity. Is there a default "create" action or is it an omission? ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=7598 7598] 2015May core #889 - Can Provenance apply to a resource or just a data element ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8638 8638] how does Provenance work when deleting records ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8731 8731] Canonicalization for signatures ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8738 8738] Unapplied QA changes around security and services ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8790 8790] Give guidance on AuditEvent that codes don't need DisplayName populated ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8803 8803] Provenance for a subset of a resource ()
 
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8827 8827] Signature datatype does not include counter-signature type ()
 
  
 
=Provenance=
 
=Provenance=
Line 34: Line 18:
 
=AuditEvent=
 
=AuditEvent=
 
[[HL7 FHIR AuditEvent Resource|HL7 FHIR AuditEvent Resource Project Work]]
 
[[HL7 FHIR AuditEvent Resource|HL7 FHIR AuditEvent Resource Project Work]]
 +
  
 
=Security Pages=
 
=Security Pages=
Line 40: Line 25:
 
** [http://hl7-fhir.github.io/security-labels.html Security Labels] Page
 
** [http://hl7-fhir.github.io/security-labels.html Security Labels] Page
 
*** including meta tag use for security labels
 
*** including meta tag use for security labels
 +
* from GForge
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=3318 3318] Clarify how to use RBAC and ABAC using FHIR ()
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8738 8738] Unapplied QA changes around security and services ()
  
 
=Signatures Datatype=
 
=Signatures Datatype=
 
* [http://hl7-fhir.github.io/datatypes.html#signature Signature] Data Type
 
* [http://hl7-fhir.github.io/datatypes.html#signature Signature] Data Type
 +
* from GForge
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8827 8827] Signature datatype does not include counter-signature type ()
 +
**[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8731 8731] Canonicalization for signatures ()
 +
 +
=Not Security WG, but are listed as interested party=
 +
*[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=5525 5525] Consent Directive does not appear to be aligned with the 80% ()
  
  

Revision as of 19:54, 10 November 2015

Back to Security Main Page


Scope: Develop and Maintain FHIR Security Resources

Project ID 1209 This project will identify and define resources, terminology, profiles, extensions as well as security label metadata necessary to support Healthcare Security and Privacy requirements. These requirements include those identified by international domains as articulated in legislation, policy, related standards, and those documented in HL7 Privacy and Security related domain analysis, architectural frameworks, services, and functional models, and various v2, v3, CDA, and FHIR interchange specifications. Specifically, this includes the AuditEvent resource, Provenance resource, Signature datatype, assigned to Security by the FMG as well as profiles and implementation guides created against these resources. The development and maintenance of these artifacts will be conducted in collaboration with other relevant domain work groups as outlined in the Security WG mission and charter. The Security WG will develop guidance regarding use of HL7 Security Standards (e.g. Role and Attribute-based access controls and vocabularies. In addition, the Security WG will work with appropriate external standards organizations to develop appropriate guidance on the use of general purpose security technologies, such as user authentication and authorization, that would aid with the secure and privacy protecting use of FHIR; and guide the FHIR community on the appropriate use of these solutions through the security pages of the FHIR specification, assigned to Security WG by the FMG.


Export from Gforge Security Open

FHIR disposition link on gForge for review/discussion (ongoing weekly agenda item)

list from November 3rd, 2015

Provenance

HL7 FHIR Provenance Resource Project Work

AuditEvent

HL7 FHIR AuditEvent Resource Project Work


Security Pages

  • Security pages
    • Including guidance on Authentication and Authorization
    • Security Labels Page
      • including meta tag use for security labels
  • from GForge
    • 3318 Clarify how to use RBAC and ABAC using FHIR ()
    • 8738 Unapplied QA changes around security and services ()

Signatures Datatype

  • Signature Data Type
  • from GForge
    • 8827 Signature datatype does not include counter-signature type ()
    • 8731 Canonicalization for signatures ()

Not Security WG, but are listed as interested party

  • 5525 Consent Directive does not appear to be aligned with the 80% ()


Relation of Provenance and Audit Event, and Security Labels

    • Who records Provenance vs AuditEvent; what are the various architectures. The important point is to assure that the architecture chosen doesn't miss information.
  • and various other things concerning Security -- Risks to Confidentiality, Integrity, and Availability.
  • also interested in
Retrieved from "https://wiki.hl7.org/w/index.php?title=HL7_FHIR_security_topics&oldid=107230"