November 2, 2010 Security Conference Call
Security Working Group Meeting
- Ed Coyne
- Mike Davis Security Co-chair
- Suzanne Gonzales-Webb CBCC Co-chair
- Michelle Johnston
- John Moehrke Security Co-chair
- Milan Petkovic
- [mailto: Ken Salyards]
- David Staggs
- [mailto: Walter Suarez]
- Richard Thoreson CBCC Co-chair
- Tony Weida
- Craig Winter
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) Standards Knowledgement Tool (SKMT Discussion - Mike Davis SKMT Glossary?
- (15 min) Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis
Additional Agenda Items will be requested at the beginning of the meeting
- Roll Call, Approve Minutes & Accept Agenda
- Meeting Minutes Approval: (Note: No meeting held last week)
(Mike) SKMT has various vocabularies that it makes available to outside folks for sharing purposes. (see Link) We’d like to see what kind of vocabularies are in the glossary in hopes that there are items that we could potentially use.
Note: GE/VA and possibly others on VPNs may not be able to access link. The SKMT glossary does not seem to have the same problem.
TASK: Mike will contact folks (Canadians) to see what this is and its authority is as well as ISO WG-4 . And ask about the SKMT (Mike) has been talking with Deepak Kalra who says this is an ISO-HL7 joint effort. At an EHR meeting they gave a presentation and mentioned that the RBAC Permission catalog is apparently in the SKMT. We see the SKMT at this point as a potential soure of vocabulary for us, particualry if they’ve mapped it to some standards. Mike actually got involved in this because of the Purpose of Use (POU) specification – they were changing the names and definitions of access control because they (Canadians) did not like it… you cannot change the POU standards such as 10181-3 or another POU spec definition because you don’ like it—it could be done by clarifying vocabulary rather than change something in the security world It would be disasterous to change the meaning of access control—especially when the current definition is already out there and implemented; in order to make it fit privacy or whatever. So we have an interest in getting ginvoled in the SKMT—at least the vocabulary side information model to make sure they do not break anything.
- It’s in the form of a Project Scope Statement, see LINK: International SDO Glossary at TSC Tracker # 1679, Project Insight ID# 495
We need to follow up on this---it may be relevant to one our tasks to populate the Security-Privacy harmonization model with ISO standards that represent the attributes so this might be a good place to start. Some of the vocabulary in here, we might want to get into and look at the Security items in there—as far as I know there haven’t’ been any Security people that have been involved with it—it seems as if they’ve just taking stuff and putting it in.
Agenda Item: Security and Privacy DAM - Harmonization to US-Realm Standards - Mike Davis We are continuing with work that Steve Connolly had begun in May 2010. We have this to work with Harmonized DAM Vocabulary spreadsheet. We are reviewing the DAM and identify standards that support the classes. This originally was a US-Realm model, but OASIS is also asking this, they are producing some healthcare profiles for international publication in ITU, but OASIS shouldn’t be developing these terminology attributes and domains, but instead they should be using the stuff that HL7 provides. This is one motivations for this---publication.
One of the things we need to do (and we're looking for volunteers) is to go through DAM and identify classes that are necessary and explicitly for a requestor providing to a Provider – The Information Model a has lots of clasees that have nothing to do with the request from the provider. (i.e. I have these roles, I have these things) We can use some assistance in identifying .
- Volunteers should mark them down the kinds of things that should/should not be in that kind of request. Please take a look at the harmonized DAM [add GForge link Security-Privacy Harmonized Domain Analysis Model]
- Please comment on any international standard that could provide vocabulary, that would possible provide vocabulary in this manner. Provide to John Moehrke, Suzanne Gonzales-Webb or Mike Davis in any format---it would save us a lot of time that could give us assistance.
Agenda Item (added): Security and Privacy Ontology Update (Tony Weida) Currently focusing on: adding description and source annotation to many of the classes in the Security-Privacy OWL portion of the ontology. Tony has been taking definitions verbatim in most cases--not sure if they are satisfactory in the perspective of the ontology. Tony would like to send out the latest version as is in next few days and is accepting proposals for improvement.
- members will be notified when latest version is posted. Please provide comments and suggests back to Tony Weida (email@example.com)
At the top of the hour (1400 EST), attendees plesse read:SHIPS Document prior to start of CBCC meeting
Meeting adjourned at 10:34 PST [JMoehrke- motion to adjourn; Suzanne: Second. Meeting reconvened at the top of the hour (1400 EST with CBCC agenda)
- (MDavis) Contact folks (Canadians) to gather information on SKMT and its authority is as well as ISO WG-4 members.
- (group) Security-Privacy DAM, vocabulary harmonization spreadsheet (in progress)
- (Tony) Prepare, post latest version of Security-Privacy Ontology to GForge. Notify members of new posting so that they may provide comment.