Security Working Group Meeting

• Meeting Information

==Attendees== (expected)

• Bernd Blobel Security Co-chair, absent
• Steven Connolley
• Mike Davis Security Co-chair
• Suzanne Gonzales-Webb CBCC Co-chair
• Milan Petkovik
• Glen Marshall Security Co-chair
• Rob McClure
• John Moehrke
• Richard Thoreson CBCC Co-chair
• Ioana Singureanu
• Tony Weida
• Craig Winter

Agenda

(05 min) Roll Call, Approve Minutes & Accept Agenda (50 min) Continuation of Operations Vocabulary discussion - [Updated Operations Spreadsheet post meeting discussion]

Glen: re: Reproduce and Derive they are essentially a ‘’create’’ act. I’d like to move it under create

Rob: If we have this hierarchy, what is it that we want the hierarchy to do? Acknowledge the concepts for their implementation that they do what they want them to do in the context of the patient saying, I don’t want….’’something’’ in the context of the RBAC system. What do we want to accomplish by the hierarchy. Glen: I would hope to be help drive certain access control Rob: the most important thing is the RBAC security requirements; we need to take these concerns to heart if you are confidently reflecting that.

Glen: The reproduce, copy and backup are in essence ‘creation’ elements (as is restore). Print however is a ‘read’ element. Because essentially in addition to reading , youre creating an exported copy which is exported from any sort of access control, that’s what makes it special. For print you are not crating something that can be reproduced or forwarded that is subject to access control. Once its printed, it is no longer subject to access control (this is the same as export as write to a CD) anything that removes a copy of the data is semantically the same especially in the RBAC standpoint.

Tony: multiple perspectives are coming into play here. Primary intent of printing is to have the resultant print artifact.

Mike: counter examples: print is like some other functions, it operates under higher permissions that the user has. suggests print might be under execute. In some situations the user may read the document and print, equally valid that a user selects objects from a list and says ‘print this’

In some situations the user may read the doc and print it, but it’s equally valid for a user to select a bunch of documents and print them without viewing them.

Glen Suggests: Derive, make another Print might be under execute….it is an operation that is to be done that is execute. You are invoking a process, implies an application function of some sort. Composite functions from security view is outside the conical set, we did build in the concept of execute although we did not populate it. The high level is ‘’execute’’ and many of the other items on the spreadsheet follow under it and is a reasonable scheme.

Heading back to CRUDE – access control outside of healthcare tend to go to the CRUDE based immediately. Because of the extremely fuzzy border (in healthcare) if we impose a different access control regime we are drawing a line that is reflected in real world usage. It’s possible to qualify stuff in a healthcare system… to stay with CRUDE then we create a compatible system.

(glen) conceptualized

• Create is an act to ‘create an entire instant of an object
• Delete removes the instance of the object
• Read accesses the attributes of the object
• Update modifies the attributes of that object
• Execute goes to any other method that is associated with that object

(5 min) Other Business - None introduced

Action Items

Back to Meetings