This wiki has undergone a migration to Confluence found Here
Difference between revisions of "July 08, 2014 Security WG Conference Call"
Jump to navigation
Jump to search
(→Agenda) |
|||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 67: | Line 67: | ||
'''Minutes Summary''' | '''Minutes Summary''' | ||
| − | * | + | * The meeting minutes for [http://wiki.hl7.org/index.php?title=June_24,_2014_Security_WG_Conference_Call June 24, 2014]were unanimously approved |
| + | |||
| + | * The project scope statement for Patient Friendly Natural Language Steering Division eVote ended on July 9, 2014. There were 3 affirmatives, 3 negatives, and 3 abstentions. Suzanne has answered two of the "negatives," but will defer the one question on FHIR to John Moehrke. She has asked the "negatives" to change their vote. | ||
'''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion | '''[http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemBrowse&tracker_id=677&tracker_query_id=4968 FHIR disposition]''' - review/discussion | ||
| Line 73: | Line 75: | ||
* ID 3298; Summary Binary resources can be subverted for cross-site scripting | * ID 3298; Summary Binary resources can be subverted for cross-site scripting | ||
** assigned to Duane to provide thoughts on the implication | ** assigned to Duane to provide thoughts on the implication | ||
| + | ** assigned to Alex | ||
Security labels in the http header that may be exposed (submitted by Kathleen) is missing | Security labels in the http header that may be exposed (submitted by Kathleen) is missing | ||
| Line 78: | Line 81: | ||
ID 3350; Summary: Request change to Tag | ID 3350; Summary: Request change to Tag | ||
| − | * assigned to Kathleen; | + | * assigned to Kathleen; misspelling present, item should be closed. |
| + | |||
| + | ID 3312; Summary: Security Event for Tag modification | ||
| + | * from Richard Schneider | ||
| + | * Mike does not like the idea of modifying the information at will. There should be some provenance information, including who has modified it and when, etc. | ||
| + | * Kathleen - this is an issue: how they can create operations and change TAGs | ||
| + | ** security group needs to decide on how to do updates on TAGs. | ||
| + | ** Mike - this could be a major role for Provenance | ||
| + | * assigned to Kathleen; with help | ||
| + | |||
| + | ID 3318 | ||
| + | * assigned to Mike and others | ||
| + | |||
| + | ID 3310 Add additional notes to the RESTful API about security | ||
| + | * assigned to Alex Mense | ||
| + | |||
| + | '''Mike recommends that these items are to be monitored on a weekly basis''' | ||
| + | |||
| + | '''Update: Way with Verbs''' - Tony | ||
| + | * There are concerns with the project scope statement as well as with the governance. | ||
| + | * The WwV team will meet to discuss how to move forward given the lack of communication from Steve Hufnagel of the HL7 EHR Interoperability team. | ||
| + | * Tony Weida is going to take his proposed methodology and put it into a Word document. | ||
| + | * Diana Proud-Madruga will work on presenting some examples using Tony's methodology while still incorporating the work that Steve is doing. | ||
| + | |||
| + | '''Action Items''' | ||
| + | |||
| + | None | ||
| + | |||
| + | |||
| + | Meeting Adjourned: 1450 PDT | ||
| + | --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 21:49, 8 July 2014 (UTC) | ||
| + | |||
| + | Additional minutes provided by --[[User:Rgrow|Rgrow]] ([[User talk:Rgrow|talk]]) 19:51, 11 July 2014 (UTC) | ||
Latest revision as of 19:52, 11 July 2014
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | . | John MoehrkeSecurity Co-chair | . | Trish WilliamsSecurity Co-chair | . | Bernd BlobelSecurity Co-chair | ||||
| . | Chris Clark | . | Johnathan ColemanCBCC Co-Chair | x | Kathleen Connor | x | Duane DeCouteau | ||||
| . | Reed Gelzer | x | Suzanne Gonzales-WebbCBCC Co-chair | x | Rick Grow | x | David Henkel | ||||
| . | Mohammed Jafari | . | Don Jorgenson | x | Alexander Mense | . | Amanda Nash | ||||
| . | Paul PetronelliMobile Health Security Co-chair | x | Diana Proud-Madruga | . | Harry Rhodes | , | Aaron Seib | ||||
| . | Ioana Singureanu | . | Walter Suarez | x | Tony Weida | . | Paul PetronellimHealth Co-chair | ||||
| . | . | . | . | . | . | . | . |
Agenda
- (05 min) Roll Call, Approval of Meeting Minutes
- (10 min) Update: Way with Verbs - Tony
- (10 min FHIR disposition - review/discussion
- (05 min) PSS Patient Friendly Security and Privacy
- (05 min) Other business, action items, and adjournment
Minutes Summary
- The meeting minutes for June 24, 2014were unanimously approved
- The project scope statement for Patient Friendly Natural Language Steering Division eVote ended on July 9, 2014. There were 3 affirmatives, 3 negatives, and 3 abstentions. Suzanne has answered two of the "negatives," but will defer the one question on FHIR to John Moehrke. She has asked the "negatives" to change their vote.
FHIR disposition - review/discussion
- ID 3298; Summary Binary resources can be subverted for cross-site scripting
- assigned to Duane to provide thoughts on the implication
- assigned to Alex
Security labels in the http header that may be exposed (submitted by Kathleen) is missing
- if you put the security labels in the body of the FHIR payload, it may not necessarily be in the clear
ID 3350; Summary: Request change to Tag
- assigned to Kathleen; misspelling present, item should be closed.
ID 3312; Summary: Security Event for Tag modification
- from Richard Schneider
- Mike does not like the idea of modifying the information at will. There should be some provenance information, including who has modified it and when, etc.
- Kathleen - this is an issue: how they can create operations and change TAGs
- security group needs to decide on how to do updates on TAGs.
- Mike - this could be a major role for Provenance
- assigned to Kathleen; with help
ID 3318
- assigned to Mike and others
ID 3310 Add additional notes to the RESTful API about security
- assigned to Alex Mense
Mike recommends that these items are to be monitored on a weekly basis
Update: Way with Verbs - Tony
- There are concerns with the project scope statement as well as with the governance.
- The WwV team will meet to discuss how to move forward given the lack of communication from Steve Hufnagel of the HL7 EHR Interoperability team.
- Tony Weida is going to take his proposed methodology and put it into a Word document.
- Diana Proud-Madruga will work on presenting some examples using Tony's methodology while still incorporating the work that Steve is doing.
Action Items
None
Meeting Adjourned: 1450 PDT
--Suzannegw (talk) 21:49, 8 July 2014 (UTC)
Additional minutes provided by --Rgrow (talk) 19:51, 11 July 2014 (UTC)
