This wiki has undergone a migration to Confluence found Here

<meta name="googlebot" content="noindex">

Difference between revisions of "November 15, 2016 Security Conference Call"

From HL7Wiki

Jump to navigation Jump to search

Revision as of 19:54, 13 December 2016

Back to Security Work Group Main Page

Attendees

x	Member Name		x	Member Name		x	Member Name		x	Member Name
x	John MoehrkeSecurity Co-chair		x	Kathleen ConnorSecurity Co-chair		x	Alexander Mense Security Co-chair		.	Trish WilliamsSecurity Co-chair
x	Mike Davis		x	Suzanne Gonzales-Webb		x	David Staggs		.	Mohammed Jafari
x	Glen Marshall, SRS		x	Beth Pumo		.	Ioana Singureanu		.	Rob Horn
x	Diana Proud-Madruga		.	Serafina Versaggi		.	Joe Lamy		.	Galen Mulrooney
.	Duane DeCouteau		.	Chris Clark		.	Johnathan Coleman		.	Aaron Seib
.	Ken Salyards		.	Christopher D Brown TX		.	Gary Dickinson		.	Dave Silver
.	Rick Grow		.	William Kinsley		.	Paul Knapp		.	Mayada Abdulmannan
.	Kamalini Vaidya		.	Bill Kleinebecker		.	Christopher Shawn		.	Grahame Grieve
.	Oliver Lawless		.	Ken Rubin		.	Paul Petronelli , Mobile Health		.	Russell McDonell

Back to Security Main Page

Agenda DRAFT

(2 min) Roll Call, Agenda Approval
(3 min) Approve November 8, 2016 Security Conference Call
(15 min) PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
(3 min) PASS Audit Conceptual Model – Diana
(2 min) FHIR AuditEvent and Provenance ballot comments & FHIR Security Call

Minutes

Chaired by Kathleen
Agenda Approved
Approved November 8, 2016 Security Conference Call (Suzanne, Mike Davis)
PSAF/TF4TA Mike and Dave Silver to discuss any updates to the ballot material.
- Overarching Model for Trust framework for Federated Authorization model showing three services
- Content of Domain A and Domain B of Initiator and Resource were changed to the following:
- Federation Users, federation Data, and Federation Policy to reflect the A and B Domains
- The services and value sets were updated and presented in Ovals rather than squares
- The Georgia Tech Trust Mark Model was simplified, and trust marks were assigned and simplified for clarity
- The Policy info model feeds the Federation model
- Purpose of use focused on initiator purpose. The initiator must have info such as their ID, and info on the initiator's purpose of the query, and information on the policy of the request of context
- The policy would then take the access control attributes and it makes a decision if it permits or denies the purpose of use
- The policy information and handling instructions are included in the policies where the recipient is expected to honor
- The use of access control information and Policy information are to be distinct
- Kathleen shared John Grahm's use case to show a second requester initiates a query
- Multiple requests would be can occur
- Next Step: (Kathleen) Security WKG to review and return following thanksgiving holiday to approve to Ballot

- PASS Audit Conceptual Model – Diana
  - Has been submitted for peer review, available through SLA HL7 website
  - Ballot period is December 9th
- This weeks meeting was cancelled due to holiday
- Comment (Kathleen): The discussion with Mike Davis and Mohammad Jafari on accounting of disclosure and audit event suggest that provenance should be used when info is disclosed to multiple parties to follow the data being shared.
- Comment (Glen): I would never use Audit with Accounting of disclosure as it remains to be an issue, Mike is in agreement
- Comment (Mike): The Accounting of Disclosure that is in Audit is kept within the organization, the provenance is sent to the requesting organization
- Comment (Diana): We included disclosure scenarios and ask for everyone to review the document to ensure if the concerns are met and make comments

FHIR AuditEvent and Provenance ballot comments & FHIR Security Call (Kathleen)
- Glen and Kathleen are working on the life cycle work

Retrieved from "https://wiki.hl7.org/w/index.php?title=November_15,_2016_Security_Conference_Call&oldid=130029"