This wiki has undergone a migration to Confluence found Here
Difference between revisions of "June 24, 2014 Security WG Conference Call"
Jump to navigation
Jump to search
| (6 intermediate revisions by the same user not shown) | |||
| Line 17: | Line 17: | ||
|| .|| [mailto:Chris.R.Clark@wv.gov Chris Clark] | || .|| [mailto:Chris.R.Clark@wv.gov Chris Clark] | ||
||||.|| [mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||||.|| [mailto:jc@securityrs.com Johnathan Coleman]CBCC Co-Chair | ||
| − | |||| | + | ||||x|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] |
| − | |||| | + | ||||o|| [mailto:duane.decouteau@gmail.com Duane DeCouteau] |
|- | |- | ||
| Line 24: | Line 24: | ||
||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]CBCC Co-chair | ||||x|| [mailto:Suzanne.Webb@engilitycorp.com Suzanne Gonzales-Webb]CBCC Co-chair | ||
||||.|| [mailto:rgrow@technatomy.com Rick Grow] | ||||.|| [mailto:rgrow@technatomy.com Rick Grow] | ||
| − | |||| | + | ||||.|| [mailto:dhenkel@technatomy.com David Henkel] |
|- | |- | ||
| Line 59: | Line 59: | ||
==Agenda== | ==Agenda== | ||
# ''(05 min)'' Roll Call, Approval of Meeting Minutes | # ''(05 min)'' Roll Call, Approval of Meeting Minutes | ||
| − | # ''( | + | # ''(05 min)'' '''PSS Patient Friendly Security and Privacy''' |
| − | # ''(10 min)'' ''' | + | # ''(10 min)'' '''Update: Way with Verbs''' - Tony |
| − | # ''(10 min'' ''' | + | # ''(10 min'' '''FHIR - Security Labeling Discussions''' ''issues'' |
| − | # ''( | + | # ''(05 min)'' '''Other business, action items, and adjournment''' |
'''Minutes Summary''' | '''Minutes Summary''' | ||
| − | * Meeting Minutes from 6/ | + | * Meeting Minutes from 6/17 meeting were unanimously approved by attendees. (0-0-5) |
| + | |||
| + | |||
| + | '''FHIR - Security Labeling Discussions''' ''issues'' | ||
| + | How does Security WG weigh in on the conversation | ||
| + | * make sure that John brings the conversation from FHIR into the Security WG | ||
| + | * from there the Security WG can produce, define a some guidelines with respect to FHIR to preclude some of the issues (such as the http headers and that type of item) | ||
| + | * consider the risk with some alternatives | ||
| + | * looking at persistence, changing labels that have been signed before--new capabilities | ||
| + | |||
| + | * need to produce an ongoing catalog of these issues and discussion, guidance | ||
| + | * Security-FHIR page to document these items | ||
| + | ** our position is to no use the http headers because of the white noise in the headers | ||
| + | ** if you only have a single resource and don't have an ?atom feed, then you cant...(16:00) | ||
| + | |||
| + | '''Update: Way with Verbs''' | ||
| + | No feedback received | ||
| + | * during the last EHR Interoperability calls, discussion on state diagrams showing how EHR life-cycle events relate to each other | ||
| + | * Steve H has a notion of how to organize the hierarchy with CRUDEA at the top level. Second level: Third level will include EHR verbs and ... verbs. | ||
| + | |||
| + | Harmonization meeting | ||
| + | * in order to make the July 6 submission we need to approve today or by next Tuesday July 1 | ||
| + | * Trust Policy | ||
| + | * No patient Refrain Policy | ||
| + | |||
| + | Motion to approve for final submission (Kathleen/Diana) | ||
| + | Objections to unanimous approval for these Harmonization proposals (final) be approved | ||
| + | No objections received, motion passes 0-0-4 | ||
| + | |||
| + | ISO is standing up a new TC that will go into effect on Jan 1, 2015 which will roll the societal security for counter measure control and ....(32:00) into one. | ||
| + | * also in the TC215 WG1 there may be some overlap with the HCS and SLS, a new work proposals for standard classification. | ||
| + | * unsure if this is a true conflict. | ||
| + | * we normally work with WG4 (and not WG1); | ||
| + | ** WG1 is primarily involved with ''cards'' ''ID cards'' | ||
| + | ** it may be that we have an overlapping conflict in security | ||
| + | ** we should monitor--there may be something we might want to use | ||
| + | |||
| + | |||
| + | '''PSS | ||
| + | |||
| + | |||
| + | |||
| + | Meeting adjourned at --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 21:40, 24 June 2014 (UTC) | ||
Latest revision as of 22:16, 24 June 2014
Attendees
| x | Member Name | x | Member Name | x | Member Name | x | Member Name | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| x | Mike DavisSecurity Co-chair | . | John MoehrkeSecurity Co-chair | . | Trish WilliamsSecurity Co-chair | . | Bernd BlobelSecurity Co-chair | ||||
| . | Chris Clark | . | Johnathan ColemanCBCC Co-Chair | x | Kathleen Connor | o | Duane DeCouteau | ||||
| . | Reed Gelzer | x | Suzanne Gonzales-WebbCBCC Co-chair | . | Rick Grow | . | David Henkel | ||||
| . | Mohammed Jafari | . | Don Jorgenson | . | Alexander Mense | . | Amanda Nash | ||||
| . | Paul PetronelliMobile Health Security Co-chair | x | Diana Proud-Madruga | . | Harry Rhodes | , | Aaron Seib | ||||
| . | Ioana Singureanu | . | Walter Suarez | x | Tony Weida | . | Paul PetronellimHealth Co-chair | ||||
| . | . | . | . | . | . | . | . |
Agenda
- (05 min) Roll Call, Approval of Meeting Minutes
- (05 min) PSS Patient Friendly Security and Privacy
- (10 min) Update: Way with Verbs - Tony
- (10 min FHIR - Security Labeling Discussions issues
- (05 min) Other business, action items, and adjournment
Minutes Summary
- Meeting Minutes from 6/17 meeting were unanimously approved by attendees. (0-0-5)
FHIR - Security Labeling Discussions issues
How does Security WG weigh in on the conversation
- make sure that John brings the conversation from FHIR into the Security WG
- from there the Security WG can produce, define a some guidelines with respect to FHIR to preclude some of the issues (such as the http headers and that type of item)
- consider the risk with some alternatives
- looking at persistence, changing labels that have been signed before--new capabilities
- need to produce an ongoing catalog of these issues and discussion, guidance
- Security-FHIR page to document these items
- our position is to no use the http headers because of the white noise in the headers
- if you only have a single resource and don't have an ?atom feed, then you cant...(16:00)
Update: Way with Verbs No feedback received
- during the last EHR Interoperability calls, discussion on state diagrams showing how EHR life-cycle events relate to each other
- Steve H has a notion of how to organize the hierarchy with CRUDEA at the top level. Second level: Third level will include EHR verbs and ... verbs.
Harmonization meeting
- in order to make the July 6 submission we need to approve today or by next Tuesday July 1
- Trust Policy
- No patient Refrain Policy
Motion to approve for final submission (Kathleen/Diana) Objections to unanimous approval for these Harmonization proposals (final) be approved No objections received, motion passes 0-0-4
ISO is standing up a new TC that will go into effect on Jan 1, 2015 which will roll the societal security for counter measure control and ....(32:00) into one.
- also in the TC215 WG1 there may be some overlap with the HCS and SLS, a new work proposals for standard classification.
- unsure if this is a true conflict.
- we normally work with WG4 (and not WG1);
- WG1 is primarily involved with cards ID cards
- it may be that we have an overlapping conflict in security
- we should monitor--there may be something we might want to use
PSS
Meeting adjourned at --Suzannegw (talk) 21:40, 24 June 2014 (UTC)
