Chair: John Moehrke
Scribe: John Moehrke
Mondays at 12:00 pm Eastern Time
Meeting ID: 675 407 5337
Phone Number: +1 929-436-2866
Participant Passcode: 675 407 5337
|Joseph M. Lamy|
Minutes Approved as Presented 2020-09-14 FHIR-Security Meeting Agenda
This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."
Meeting Minutes from Discussion
|Decision Link(if not child)|
|Management||Minutes Approval||approved by general consent|
Notice what HAPI has done for security. Is there something we should learn for Permission or Consent? This seems to be defining a declarative language for FHIR specific rules.
See general HAPI security
See HAPI RuleBuilder()
likely not directly usable as this is a java implementation of a rule system.
Is there something useful already in RuleBuilder that can't yet be expressed in Consent or Permission?
updates from WGM
Kathleen Connor update?
Mohammad experience with access control decision service
Device vendors looking to leverage EHR
|Consult from PDex|
Use of Provenance in PDex
Robert Dieterle update?
will be adding the type extension of source within .entity
will look to recommend entity.what in next generation after the group matures
|FAST||purposeOfUse subset on the request as a promise to not use the data returned beyond the subset.|
argonaut has it as a token attribute and is adding this to fine grain access control
IHE- IUA has it as a token attribute and is adding this to IUA scope
http header web-category https://tools.ietf.org/html/draft-johnston-http-category-header-02
use of a Permission resource – not yet diagramed, but discussed that Permission could be used for more complex request context
http://build.fhir.org/permission is prototyped
FHIR Permission - for use-case submission and analysis
FHIR IG Proposal for gov work (confluence and build shown in github readme)
discussion of next generation of SMART
discussion document bit.ly/argo20-granular
|waiting on iso – some movement as ISO has not provided the document. BUT still not clear if licensing is clean.|
|waiting on M&M to give modeling guidance|
|FHIR Block||Block vote preparation|
|FMM||Defined plan to mature|
|Connectathon||Update on Security at FHIR connectathon|