Difference between revisions of "Minutes - Security WG 2023-02-08"
From Health Level 7 Belgium Wiki
KarlienErauw (talk | contribs) |
KarlienErauw (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 37: | Line 37: | ||
::* it has to be compatible with the current access matrix | ::* it has to be compatible with the current access matrix | ||
::* challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation) | ::* challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation) | ||
| − | ::* start google doc with the current access matrix to start analysis what is possible in FHIR and how | + | ::* [https://docs.google.com/document/d/1QdbH-secQSw67krow2IrQIs3vofv2Sq9/edit?usp=share_link&ouid=105469359652835948544&rtpof=true&sd=true start google doc with the current access matrix to start analysis what is possible in FHIR and how] |
::::* reference: https://build.fhir.org/permission | ::::* reference: https://build.fhir.org/permission | ||
::::* ABAC: attribute based access control | ::::* ABAC: attribute based access control | ||
::::* some atrributes of the patient and user might have to be taken into account | ::::* some atrributes of the patient and user might have to be taken into account | ||
| − | ::* ask Brecht V.V | + | ::* ask Brecht V.V. to join the meting & explain |
* Literal references | * Literal references | ||
| Line 57: | Line 57: | ||
* FHIR readiness of hub/metahub system | * FHIR readiness of hub/metahub system | ||
| − | ::* [https://docs.google.com/presentation/d/1HTEvpuQOvF-cyY-42AatuKAtHPzObJDazRj2SVV_8jk/edit#slide=id.p some preparation work has been done, see here] | + | ::* [https://docs.google.com/presentation/d/1HTEvpuQOvF-cyY-42AatuKAtHPzObJDazRj2SVV_8jk/edit#slide=id.p some preparation work has been done, see here] and [https://drive.google.com/file/d/1c6l9FrW5Jwq3wyuA4nvf5kBiil7iz5xh/view?usp=share_link pdf here] |
| + | ::::* does a FHIR API fit in the hub/metahub system ? | ||
| + | ::::* equivalents of FHIR API exist for the metahub services | ||
| + | ::* the transition from a kmehr/soap API | ||
===== Action items ===== | ===== Action items ===== | ||
| − | * security controls: | + | * security controls: start document describing the current access matrix and the possible FHIR functionalities |
| − | + | * prepare feedback on FHIR readiness hub/metahub system | |
| − | * | ||
===== Next meeting ===== | ===== Next meeting ===== | ||
| − | * Wednesday 22 Feb at 9AM | + | * Wednesday 22 Feb at 9AM |
Latest revision as of 10:16, 8 February 2023
Attendees
- Anthony Maton
- Bart Decuypere
- Benny Verhamme
- Brian Thieren
- Elien De Koker
- Félix De Tavernier
- Jan Stinissen
- Jean-Michel Polfliet
- José Costa Teixeira (first part)
- Karlien Erauw
- Marco Busschots
- Philippe Baise
- Steven Van den Berghe
- Werner De Mulder (second part)
Excused/Not present
- Brecht Van Vooren
- Cyprien Janssens
- Didier Temans
- Erwin Bellon
- Isabelle Pollet
- Jan Lenie
- Nick Hermans
Agenda
- Context / needs
- Determine meeting schedule
- Security controls
- Literal references in FHIR resources: need for guidelines ? see issue from WG referral (linked to Vitalink/brecht VV)
- Position of HL7 Belgium on the FHIR R5 release (to cover the already upcoming questions from players and stakeholders in Belgium)
- FHIR readiness of Belgian metahub-hub system: see preparation work
Minutes
- Introduction of the group to the newcomers: everyone comes in as a professional dealing with FHIR, not linked to his organisation as this group is here to advice towards mature FHIR implementations
- Security controls: this group has to provide technical guidance supporting the funtional requirements
- it has to be compatible with the current access matrix
- challenges exist on fetching related resources, so there might be a need for a hierarchy of access (f.e. allowed to fetch a patient and afterwards to fetch an observation)
- start google doc with the current access matrix to start analysis what is possible in FHIR and how
- reference: https://build.fhir.org/permission
- ABAC: attribute based access control
- some atrributes of the patient and user might have to be taken into account
- ask Brecht V.V. to join the meting & explain
- Literal references
- there is some confusion if you refer to a system that does not exist today
- a literal reference is not always resolvable, is possible in the standard but is confusing to the users anyway
- logical references are also possible
- anyone willing to bring a common approach to the table ?
- our advise: if the reference URL is not accessible we advise to use a logical reference instead of a literal reference
- Phrase point of view on R4 & R5 release
- what are the current views ?
- there will be a mixed ecosystem as R5 will be adopted since it has more functionalities
- once we move to R5 clear guidelines will have to be setup
- in 2023 we don't plan to move to R5 in FHIR
- FHIR readiness of hub/metahub system
-
- does a FHIR API fit in the hub/metahub system ?
- equivalents of FHIR API exist for the metahub services
- the transition from a kmehr/soap API
-
Action items
- security controls: start document describing the current access matrix and the possible FHIR functionalities
- prepare feedback on FHIR readiness hub/metahub system
Next meeting
- Wednesday 22 Feb at 9AM
