This wiki has undergone a migration to Confluence found Here
March 22, 2016 Security Conference Call
Back to Security Work Group Main Page
Attendees
| x | Member Name | x | Member Name | x | Member Name | |||
|---|---|---|---|---|---|---|---|---|
| x | Kathleen ConnorSecurity Co-chair | . | Duane DeCouteau | . | Chris Clark | |||
| x | John MoehrkeSecurity Co-chair | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Alexander Mense Security Co-chair | . | Ken Salyards | . | Christopher D Brown TX | |||
| . | Trish WilliamsSecurity Co-chair | . | Gary Dickinson | x | Dave Silver | |||
| Mike Davis | . | Ioana Singureanu | . | Mohammed Jafari | ||||
| x | Suzanne Gonzales-Webb | . | Rob Horn | . | Galen Mulrooney | |||
| x | Diana Proud-Madruga | . | Ken Rubin | . | William Kinsley | |||
| x | Rick Grow | . | Paul Knapp | x | Mayada Abdulmannan | |||
| x | Glen Marshall, SRS | . | Bill Kleinebecker | . | Christopher Shawn | |||
| . | Oliver Lawless | . | [mailto | . | Serafina Versaggi | |||
| x | Beth Pumo | . | Russell McDonell | . | Paul Petronelli , Mobile Health | |||
| . | Christopher Doss | . | Kamalini Vaidya | . | [mailto: TBD ] |
Agenda DRAFT
- ( 5 min) Roll Call, Agenda Approval
- ( 5 min) Approve Security WG March 15 Minutes
- (10 min) Review updated P&SbD PSS Rick
- Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
- ( 5 min) PASS Access Control Services Conceptual Model - Diana
- ( 5 min) Joint Vocabulary Alignment Update - Diana
- ( 5 min) PASS Audit Conceptual Model – Diana
- ( 5 min) FHIR Security report out - John
- Any changes expecting to be tested at the next FHIR Connectathon need to be submitted into the build by March 27th.
Note that there will be a FHIR Security call at 2pm PT/5pm ET See agenda at FHIR Security Agenda
Minutes
- Agenda and Minutes -Chaired by John
- Rick discussed updated P&SbD PSS, Risk Section, FHIR test scripts based on TestScript Resource
- Approved Security WG March 15 Minutes
- Review updated P&SbD PSS, Rick
- Discussion:
- Reviewed the scope statement
- Added bullet to show impact on FHIR
- Area's that were changed have been highlighted
- FMG has been added as interested party
- Test Scripts were added
- Project Risk and Issues:
- (John & Kathleen) FHIR test scripts not sufficient, need more detail to Privacy and Security
- what requirements are we exercising the test scripts that are approved by FHIR Management Group
- Possible issue of validating test scripts
- Recourse availability
- Subject Matter Expert availability
- Policy must be declared for test scripts
- The threat Environment is extremely dynamic, may need to pick unrealistic set of threats as example
- Note: HL7 risk is internal (Rick)
- Note: Test scripts are not being balloted, they are being exercised (Kathleen)
- comments/Question:
- John needed more clarity on the last portion of Presentation, why test scripts are attached to PSS?
- Answer:
- Kathleen approached the Standards Governance Board (SGB) they did not want a Guide
- SGB requested the Guide to be exercised by creating FHIR test Scripts.
- CBCC and Security would start creating test script profiles in order to be available for connectathon use
- Next Step: Obtain Standards Governance Board feedback and CBCC and interest parties
- Motion approved (Kathleen, John, Suzanne)3/0/0 :
- Motion to approve if there any substantive changes Security WKG would be able to weigh in on decision
- Joint project meetings (ARB, CBCC, Security) held Wednesdays at 4 p.m. Eastern. Meeting information and invite
- PASS Access Control Services Conceptual Model - Diana
- NTR
- Waiting to hear back from Alex
- Joint Vocabulary Alignment Update - Diana
- NTR
- Vocab Alignment meeting was cancelled
- PASS Audit Conceptual Model – Diana
- NTR
- FHIR Security report out - John
- Continued work on signature and harmonization
- No issues to report
