This wiki has undergone a migration to Confluence found Here
Difference between revisions of "July 08, 2014 Security WG Conference Call"
Jump to navigation
Jump to search
Line 67: | Line 67: | ||
'''Minutes Summary''' | '''Minutes Summary''' | ||
− | * Meeting Minutes Approval for [http://wiki.hl7.org/index.php?title=June_24,_2014_Security_WG_Conference_Call June 24, 2014] | + | * Meeting Minutes Approval for [http://wiki.hl7.org/index.php?title=June_24,_2014_Security_WG_Conference_Call June 24, 2014]; approved |
+ | |||
'''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion | '''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion | ||
Line 73: | Line 74: | ||
* ID 3298; Summary Binary resources can be subverted for cross-site scripting | * ID 3298; Summary Binary resources can be subverted for cross-site scripting | ||
** assigned to Duane to provide thoughts on the implication | ** assigned to Duane to provide thoughts on the implication | ||
+ | ** assigned to Alex | ||
Security labels in the http header that may be exposed (submitted by Kathleen) is missing | Security labels in the http header that may be exposed (submitted by Kathleen) is missing | ||
Line 79: | Line 81: | ||
ID 3350; Summary: Request change to Tag | ID 3350; Summary: Request change to Tag | ||
* assigned to Kathleen; misspell, item should be closed. | * assigned to Kathleen; misspell, item should be closed. | ||
+ | |||
+ | ID 3312; Summary: Security Event for Tag modification | ||
+ | * from Richard Schneider | ||
+ | * Mike does not like the idea of modifying the information at will. There should be some provenance information--who has modified it, when, etc. | ||
+ | * Kathleen - this is an issue; how they can create operations and change TAGs | ||
+ | ** security group needs to decide on how to do updates on TAGs. | ||
+ | ** Mike - this could be a major role for Provenance | ||
+ | * assigned to Kathleen; with help | ||
+ | |||
+ | 3318 | ||
+ | * assigned to Mike and others | ||
+ | |||
+ | 3310 Add additional notes to the RESTful API about security | ||
+ | ** assigned to Alex Mense | ||
+ | |||
+ | RECOMMENDATION: Monitor week-to-week | ||
+ | * assign |
Revision as of 21:32, 8 July 2014
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | ||||
---|---|---|---|---|---|---|---|---|---|---|---|
x | Mike DavisSecurity Co-chair | . | John MoehrkeSecurity Co-chair | . | Trish WilliamsSecurity Co-chair | . | Bernd BlobelSecurity Co-chair | ||||
. | Chris Clark | . | Johnathan ColemanCBCC Co-Chair | x | Kathleen Connor | x | Duane DeCouteau | ||||
. | Reed Gelzer | x | Suzanne Gonzales-WebbCBCC Co-chair | x | Rick Grow | x | David Henkel | ||||
. | Mohammed Jafari | . | Don Jorgenson | x | Alexander Mense | . | Amanda Nash | ||||
. | Paul PetronelliMobile Health Security Co-chair | x | Diana Proud-Madruga | . | Harry Rhodes | , | Aaron Seib | ||||
. | Ioana Singureanu | . | Walter Suarez | x | Tony Weida | . | Paul PetronellimHealth Co-chair | ||||
. | . | . | . | . | . | . | . |
Agenda
- (05 min) Roll Call, Approval of Meeting Minutes
- (10 min) Update: Way with Verbs - Tony
- (10 min FHIR disposition - review/discussion
- (05 min) PSS Patient Friendly Security and Privacy
- (05 min) Other business, action items, and adjournment
Minutes Summary
- Meeting Minutes Approval for June 24, 2014; approved
FHIR disposition - review/discussion
- ID 3298; Summary Binary resources can be subverted for cross-site scripting
- assigned to Duane to provide thoughts on the implication
- assigned to Alex
Security labels in the http header that may be exposed (submitted by Kathleen) is missing
- if you put the security labels in the body of the FHIR payload, it may not necessarily be in the clear
ID 3350; Summary: Request change to Tag
- assigned to Kathleen; misspell, item should be closed.
ID 3312; Summary: Security Event for Tag modification
- from Richard Schneider
- Mike does not like the idea of modifying the information at will. There should be some provenance information--who has modified it, when, etc.
- Kathleen - this is an issue; how they can create operations and change TAGs
- security group needs to decide on how to do updates on TAGs.
- Mike - this could be a major role for Provenance
- assigned to Kathleen; with help
3318
- assigned to Mike and others
3310 Add additional notes to the RESTful API about security
- assigned to Alex Mense
RECOMMENDATION: Monitor week-to-week
- assign