This wiki has undergone a migration to Confluence found Here

Difference between revisions of "September 5, 2017 Security Conference Call"

From HL7Wiki
Jump to navigation Jump to search
Line 108: Line 108:
 
*[http://www.pewinternet.org/2017/05/22/the-internet-of-things-and-future-shock-too-much-change-too-fast/ PEW Report - The Internet of Things and Future Shock: Too Much Change Too Fast?]Lee Rainie, director of Internet, Science and Technology Research at the Pew Research Center, spoke on May 10, 2017 to the American Bar Association’s [http://www.americanbar.org/content/dam/aba/events/cle/2017/spring/ce1705iot_webbrochure.authcheckdam.pdf Section of Science and Technology Law] about the rise of the Internet of Things and its implications for privacy and cybersecurity. The velocity of change today is remarkable and increasingly challenging to navigate. Rainie discussed Pew Research Center’s reports about [http://www.pewinternet.org/2014/03/11/digital-life-in-2025/ “Digital Life in 2025”]and [http://www.pewinternet.org/2014/05/14/internet-of-things/ “The Internet of Things Will Thrive by 2025],” which present the views of hundreds of “technology builders and analysts” on the future of the internet.
 
*[http://www.pewinternet.org/2017/05/22/the-internet-of-things-and-future-shock-too-much-change-too-fast/ PEW Report - The Internet of Things and Future Shock: Too Much Change Too Fast?]Lee Rainie, director of Internet, Science and Technology Research at the Pew Research Center, spoke on May 10, 2017 to the American Bar Association’s [http://www.americanbar.org/content/dam/aba/events/cle/2017/spring/ce1705iot_webbrochure.authcheckdam.pdf Section of Science and Technology Law] about the rise of the Internet of Things and its implications for privacy and cybersecurity. The velocity of change today is remarkable and increasingly challenging to navigate. Rainie discussed Pew Research Center’s reports about [http://www.pewinternet.org/2014/03/11/digital-life-in-2025/ “Digital Life in 2025”]and [http://www.pewinternet.org/2014/05/14/internet-of-things/ “The Internet of Things Will Thrive by 2025],” which present the views of hundreds of “technology builders and analysts” on the future of the internet.
 
**[http://www.pewinternet.org/2017/05/22/the-public-and-cybersecurity-practices-and-knowledge PEW Report - The public and cybersecurity practices and knowledge] Lee Rainie, director of internet, science and technology research at Pew Research Center, presented the Center’s findings about public practices and knowledge related to cybersecurity to the advisory board of the National Cybersecurity Alliance on May 5, 2017. He discussed the wide variance in what the public knows about key cybersecurity issues and concepts and people’s habits when it comes to handling the passwords to their online accounts and their use of public Wi-Fi networks.
 
**[http://www.pewinternet.org/2017/05/22/the-public-and-cybersecurity-practices-and-knowledge PEW Report - The public and cybersecurity practices and knowledge] Lee Rainie, director of internet, science and technology research at Pew Research Center, presented the Center’s findings about public practices and knowledge related to cybersecurity to the advisory board of the National Cybersecurity Alliance on May 5, 2017. He discussed the wide variance in what the public knows about key cybersecurity issues and concepts and people’s habits when it comes to handling the passwords to their online accounts and their use of public Wi-Fi networks.
 +
 +
== Minutes ===

Revision as of 15:49, 12 September 2017

Back to Security Main Page

Attendees

x Member Name x Member Name x Member Name x Member Name
. John MoehrkeSecurity Co-chair x Kathleen ConnorSecurity Co-chair . Alexander Mense Security Co-chair . Trish WilliamsSecurity Co-chair
x Mike Davis x Suzanne Gonzales-Webb x David Staggs x Mohammed Jafari
x Glen Marshall, SRS x Beth Pumo . Ioana Singureanu . Rob Horn
x Diana Proud-Madruga . Serafina Versaggi x Joe Lamy . Galen Mulrooney
. Duane DeCouteau . Chris Clark . Johnathan Coleman . Aaron Seib
. Ken Salyards . Christopher D Brown TX . Gary Dickinson x Dave Silver
x Rick Grow . William Kinsley . Paul Knapp x Mayada Abdulmannan
. Kamalini Vaidya . Bill Kleinebecker x Christopher Shawn . Grahame Grieve
. Oliver Lawless . Ken Rubin . David Tao . Nathan Botts

Back to Security Main Page

Agenda

  1. (2 min) Roll Call, Agenda Approval
  2. (4 min) Review and Approval of Security WG Call Minutes August 29, 2017
  3. (15 min) San Diego Sept WGM Agenda - Kathleen
  4. (15 min) Security Labels for HL7v.2 See Links below for background - Kathleen
  5. (5 min) Security WG Interim Health Metrics - presiding cochair
  6. (5 min) ONC Trusted Exchange Common Agreement Framework Comments - Kathleen
  7. (5 min) FHIR Security call - cancelled.

News and Review Material

Understanding Digital

  • Identity proofing is the process used to verify a subject’s association with their real-world

identity, establishing that a subject is who they claim to be.

  • An authenticator is something the subject possesses and controls (typically, a cryptographic

module or password) that is used to authenticate the subject’s identity.

  • Digital authentication is the process of determining the validity of one or more authenticators

used to claim a digital identity. Authentication establishes that a subject attempting to access a digital service is in control of the technologies used to authenticate. Successful authentication provides reasonable risk-based assurances that the subject accessing the service today is the same that previously accessed the service.

  • Federation is when the relying party (RP) and identity provider (IdP) are not a single entity or

not under common administration. Federation enables an IdP to proof and authenticate an individual and provide identity assertions that RPs can accept and trust. How has SP 800-63-3 evolved? Since the last revision of this document in 2013, NIST SP 800-63-2, digital identity components have evolved substantially. To better align with market-driven business models and innovation, the new revision replaces levels of assurance (LOAs) with ordinals for individual parts of the digital identity flow, providing implementers with more flexibility in their design and operations:

    • Identity Assurance Level (IAL): the identity proofing process and the binding between one or

more authenticators and the records pertaining to a specific subscriber;

  • Authenticator Assurance Level (AAL): the authentication process, including how additional

factors and authentication mechanisms can impact risk mitigation; and

  • Federation Assurance Level (FAL): the assertion used in a federated environment to

communicate authentication and attribute information to a RP.

  • SP 800-63 is a suite of four documents: SP 800-63-3 (the parent document; your starting point for all things digital identity and risk) and three additional documents – SP 800-63A, 800-63B, and 800-63C –which cover the various components of a digital identity system. These documents are described below:
  • SP 800-63-3, Digital Identity Guidelines, provides an overview of general identity frameworks,

guidance regarding use of authenticators, credentials, and assertions together in a digital system, and a risk-based process of selecting assurance levels;

Minutes =