This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "November 2, 2010 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(16 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
==Attendees== (expected)
+
==Attendees==  
 
 
* [mailto:talbertson@inpriva.com Tabitha Albertson]
 
* [mailto:bernd.blobel@ehealth-cc.de Bernd Blobel] Security Co-chair, absent
 
* [mailto:bbraithwaite@anakam.com  Bill Braithwaite, MD]
 
* [mailto:sconnolly@apelon.com Steven Connolly]
 
* [mailto:Kathleen.Connor@microsoft.com Kathleen Connor]
 
 
* [mailto:coynee@saic.com Ed Coyne]
 
* [mailto:coynee@saic.com Ed Coyne]
 
* [mailto:thomas.davidson@ssa.gov Tom Davidson]
 
 
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair
 
* [mailto:mike.davis@va.gov Mike Davis] Security Co-chair
* [mailto:farmer@apelon.com Jon Farmer]
 
 
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
 
* [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair
* [mailto:rhamm@gmail.com Russ Hamm]
 
 
* [mailto:robert.horn@agfa.com Rob Horn]
 
 
* [mailto:michelle.johnston2@va.gov Michelle Johnston]
 
* [mailto:michelle.johnston2@va.gov Michelle Johnston]
* [mailto:djorgenson@inpriva.com Don Jorgenson]
 
* [mailto:glen.f.marshall@siemans.com Glen Marshall]
 
* [mailto:rmcclure@apelon.com Rob McClure]
 
 
 
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair
 
* [mailto:john.moehrke@med.ge.com John Moehrke] Security Co-chair
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
 
* [mailto:milan.petkovic@phillips.com Milan Petkovic]
* [mailto:ppyette@perimind.com Pat Pyette]
+
* [mailto: Ken Salyards]
* [mailto:scott.m.robertson@kp.org Scott Robertson]
+
* [mailto:david.staggs@va.gov David Staggs]
* [mailto:dsperzel@apelon.com David Sperzel]
+
* [mailto: Walter Suarez]
 
 
 
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair
 
* [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] CBCC Co-chair
* [mailto:ioana@eversolve.com Ioana Singureanu]
 
* [mailto:david.staggs@va.gov David Staggs]
 
* [mailto:serafina@eversolve.com Serafina Versaggi]
 
 
* [mailto:weida@apelon.com Tony Weida]
 
* [mailto:weida@apelon.com Tony Weida]
 
* [mailto:craig.winter@va.gov Craig Winter]
 
* [mailto:craig.winter@va.gov Craig Winter]
Line 40: Line 20:
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]
  
 +
==Agenda==
 +
#''(05 min)'' Roll Call, Approve [http://wiki.hl7.org/index.php?title=October_26%2C_2010_Security_Conference_Call Minutes] & Accept Agenda
 +
#''(15 min)'' [http://www.cred.ca/skmt/ Standards Knowledgement Tool ('''SKMT'''] Discussion - Mike Davis [http://www.skmtglossary.org/Default.aspx?AspxAutoDetectCookieSupport=1 SKMT Glossary?]
 +
#''(15 min)'' Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis
 +
 +
Additional Agenda Items will be requested at the beginning of the meeting
 +
 +
==Minutes==
 +
# Roll Call, Approve [http://wiki.hl7.org/index.php?title=October_26%2C_2010_Security_Conference_Call Minutes] & Accept Agenda
 +
## Meeting Minutes Approval:  (Note: No meeting held last week)
 +
 +
'''AGENDA Item: SKMT Discussion'''  [http://www.cred.ca/skmt/ Standards Knowledgement Tool ('''SKMT'''] Discussion - Mike Davis [http://www.skmtglossary.org/Default.aspx?AspxAutoDetectCookieSupport=1 SKMT Glossary?]
  
==Agenda==
+
(Mike) SKMT has various vocabularies that it makes available to outside folks for sharing purposes.  (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.
#''(05 min)'' Roll Call, Approve Minutes & Accept Agenda
+
 
#''(15 min)'' '''Item1'''
+
Note: GE/VA and possibly others on VPNs may not be able to access link.
#''(15 min)'' [http://www.cred.ca/skmt/ '''SKMT''' or Standards Knowledgement Tool] Mike Davis
+
The''' ''SKMT'' '''glossary does not seem to have the same problem.
#''(15 min)'' '''Item3'''  
+
 
#''(5 min)'' '''Other Business'''
+
 
 +
'''TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 .    And ask about the SKMT'''
 +
(Mike) has been talking with Deepak Kalra who says this is an ISO-HL7 joint effort. At an EHR meeting they gave a presentation and mentioned that the RBAC Permission catalog is apparently ''in'' the SKMT.  We see the SKMT at this point as a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards.  Mike actually got involved in this because of the Purpose of Use (POU) specification – they were changing the names and definitions of access control because they (Canadians) did not like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous  to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever.  So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything. 
 +
*It’s in the form of a Project Scope Statement, see LINK:  [http://gforge.hl7.org/gf/download/trackeritem/1679/7665/ProjectScopeStatement_Vocab_SKMT_Glossary_May2010_R2_clean.doc. International SDO Glossary at TSC Tracker # 1679, Project Insight ID# 495]
 +
 
 +
We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start.  Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in.
 +
 
 +
'''Agenda Item: Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis'''
 +
We are continuing with work that Steve Connolly had begun in May 2010.  We have this to work with [http://gforge.hl7.org/gf/download/docmanfileversion/5921/7656/HarmonizedDAMXSPA20100507.xlsx Harmonized DAM Vocabulary spreadsheet]
 +
We are reviewing the DAM and identify standards that support the classes.  This originally was a US-Realm model, but OASIS is also asking this, they are producing some healthcare profiles for international publication in ITU, but OASIS shouldn’t be developing these terminology attributes and domains, but instead they should be using the stuff that HL7 provides.  This is one motivations for this---publication. 
 +
 
 +
One of the things we need to do (and we're looking for volunteers) is to go through DAM and identify classes that are necessary and explicitly for a requestor ''providing to a Provider'' – The Information Model a has lots of clasees that have nothing to do with the request from the provider.  (i.e. I have these roles, I have these things) We can use some assistance in identifying .
 +
 
 +
* Volunteers should mark them down the kinds of things that should/should not be in that kind of request.  Please take a look at the harmonized DAM [add GForge link Security-Privacy Harmonized Domain Analysis Model]
 +
* Please comment on any international standard that could provide vocabulary, that would possible provide vocabulary in this manner. Provide to John Moehrke, Suzanne Gonzales-Webb or Mike Davis in any format---it would save us a lot of time that could give us assistance.
 +
 
 +
 
 +
'''Agenda Item (added): Security and Privacy Ontology Update (Tony Weida)'''
 +
Currently focusing on: adding description and source annotation to many of the classes in the Security-Privacy OWL portion of the ontology. Tony has been taking definitions verbatim in most cases--not sure if they are satisfactory in the perspective of the ontology.  Tony would like to send out the latest version as is in next few days and is accepting proposals for improvement.
 +
* members will be notified when latest version is posted.  Please provide comments and suggests back to [mailto:weida@apelon.com Tony Weida (weida@apelon.com)]
 +
 
 +
 
 +
At the top of the hour (1400 EST), attendees plesse read:[http://gforge.hl7.org/gf/download/docmanfileversion/5950/7714/11-1_SHIPS SHIPS Document] prior to start of CBCC meeting
 +
 
 +
Meeting adjourned at 10:34 PST [JMoehrke-  motion to adjourn; Suzanne: Second.
 +
Meeting reconvened at the top of the hour (1400 EST with CBCC agenda)
  
 
==Action Items==
 
==Action Items==
 +
# (MDavis) Contact folks (Canadians) to gather information on SKMT and its authority is as well as ISO WG-4 members.
 +
# (group) Security-Privacy DAM, vocabulary harmonization spreadsheet (in progress)
 +
# (Tony) Prepare, post latest version of Security-Privacy Ontology to GForge.  Notify members of new posting so that they may provide comment.
 +
  
 
[[Security|Back to Security Main Page]]
 
[[Security|Back to Security Main Page]]

Latest revision as of 16:08, 9 November 2010

Security Working Group Meeting

Back to Security Main Page

Attendees

Back to Security Main Page

Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) Standards Knowledgement Tool (SKMT Discussion - Mike Davis SKMT Glossary?
  3. (15 min) Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis

Additional Agenda Items will be requested at the beginning of the meeting

Minutes

  1. Roll Call, Approve Minutes & Accept Agenda
    1. Meeting Minutes Approval: (Note: No meeting held last week)

AGENDA Item: SKMT Discussion Standards Knowledgement Tool (SKMT Discussion - Mike Davis SKMT Glossary?

(Mike) SKMT has various vocabularies that it makes available to outside folks for sharing purposes. (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.

Note: GE/VA and possibly others on VPNs may not be able to access link.
The SKMT glossary does not seem to have the same problem. 


TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 . And ask about the SKMT (Mike) has been talking with Deepak Kalra who says this is an ISO-HL7 joint effort. At an EHR meeting they gave a presentation and mentioned that the RBAC Permission catalog is apparently in the SKMT. We see the SKMT at this point as a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards. Mike actually got involved in this because of the Purpose of Use (POU) specification – they were changing the names and definitions of access control because they (Canadians) did not like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever. So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything.

We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start. Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in.

Agenda Item: Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis We are continuing with work that Steve Connolly had begun in May 2010. We have this to work with Harmonized DAM Vocabulary spreadsheet. We are reviewing the DAM and identify standards that support the classes. This originally was a US-Realm model, but OASIS is also asking this, they are producing some healthcare profiles for international publication in ITU, but OASIS shouldn’t be developing these terminology attributes and domains, but instead they should be using the stuff that HL7 provides. This is one motivations for this---publication.

One of the things we need to do (and we're looking for volunteers) is to go through DAM and identify classes that are necessary and explicitly for a requestor providing to a Provider – The Information Model a has lots of clasees that have nothing to do with the request from the provider. (i.e. I have these roles, I have these things) We can use some assistance in identifying .

  • Volunteers should mark them down the kinds of things that should/should not be in that kind of request. Please take a look at the harmonized DAM [add GForge link Security-Privacy Harmonized Domain Analysis Model]
  • Please comment on any international standard that could provide vocabulary, that would possible provide vocabulary in this manner. Provide to John Moehrke, Suzanne Gonzales-Webb or Mike Davis in any format---it would save us a lot of time that could give us assistance.


Agenda Item (added): Security and Privacy Ontology Update (Tony Weida) Currently focusing on: adding description and source annotation to many of the classes in the Security-Privacy OWL portion of the ontology. Tony has been taking definitions verbatim in most cases--not sure if they are satisfactory in the perspective of the ontology. Tony would like to send out the latest version as is in next few days and is accepting proposals for improvement.


At the top of the hour (1400 EST), attendees plesse read:SHIPS Document prior to start of CBCC meeting

Meeting adjourned at 10:34 PST [JMoehrke- motion to adjourn; Suzanne: Second. Meeting reconvened at the top of the hour (1400 EST with CBCC agenda)

Action Items

  1. (MDavis) Contact folks (Canadians) to gather information on SKMT and its authority is as well as ISO WG-4 members.
  2. (group) Security-Privacy DAM, vocabulary harmonization spreadsheet (in progress)
  3. (Tony) Prepare, post latest version of Security-Privacy Ontology to GForge. Notify members of new posting so that they may provide comment.


Back to Security Main Page