Difference between revisions of "Minutes - Security WG 2021-05-21"
From Health Level 7 Belgium Wiki
KarlienErauw (talk | contribs) (Created page with "* Minutes * Hannes presents "Access control in FHIR" that was also ::* care provider has to go through id & auth and there has to be a control to assess if he has access to t...") |
KarlienErauw (talk | contribs) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | * Minutes | + | ===== Attendees ===== |
| + | * Bruno Casneuf | ||
| + | * Erwin Bellon | ||
| + | * Hannes De Clercq | ||
| + | * Jean-Michel Polfliet | ||
| + | * Karlien Erauw | ||
| + | * Nick Hermans | ||
| + | * Pablo d'Alcantara | ||
| + | * Raphaël Marbaix, RSW | ||
| + | * Robin Bosman | ||
| + | |||
| + | ===== Excused/Not present ===== | ||
| + | * Didier Temans | ||
| + | * José Costa Teixeira | ||
| + | |||
| + | ===== Agenda ===== | ||
| + | * Presentation by Hannes | ||
| + | * Plan to go forward | ||
| + | |||
| + | ===== Previous Minutes ===== | ||
| + | * Background: request raised in eHealth Platform WG Architecture from April 30 | ||
| + | * RSW cannot join on Tuesday afternoons so we must look for a different timeslot. Proposed weekly meeting slot as from May 21: Fridays from noon to 1PM | ||
| + | ::* remark: Hannes should be available as key person | ||
| + | * What exactly is the request: | ||
| + | ::* see presentation WG Architecture here: Access control in FHIR, https://drive.google.com/file/d/1v-Lg204eKYKEOdCUJtv7gT0G4vd0XIpP/view?usp=sharing | ||
| + | ::* do we need middleware when using a FHIR server to have access to patient consent and therapeutic relationship | ||
| + | ::* what are the encountered issues and how can we mitigate these ? | ||
| + | * Plan to go forward: | ||
| + | ::* benefits of using middleware | ||
| + | ::* encountered issues when using middleware | ||
| + | * Question: how to interrogate multiple FHIR servers | ||
| + | ===== Minutes ===== | ||
| + | |||
* Hannes presents "Access control in FHIR" that was also | * Hannes presents "Access control in FHIR" that was also | ||
::* care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers | ::* care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers | ||
| Line 6: | Line 38: | ||
::::* solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access | ::::* solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access | ||
::::* solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip) | ::::* solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip) | ||
| + | ::* RSW has its own authentic source for therap relationships that has to be taken into account in their SMART on FHIR solution | ||
| + | ::* anyone can do setup of its own but we have to be careful to add any additional "signatures" | ||
| + | * Pablo is referring to the vaults [https://drive.google.com/file/d/1A9mwfPtzqO2v6doNvYby3tm8krMN4cGj/view?usp=sharing FHIR cookbook] | ||
Latest revision as of 11:36, 4 June 2021
Attendees
- Bruno Casneuf
- Erwin Bellon
- Hannes De Clercq
- Jean-Michel Polfliet
- Karlien Erauw
- Nick Hermans
- Pablo d'Alcantara
- Raphaël Marbaix, RSW
- Robin Bosman
Excused/Not present
- Didier Temans
- José Costa Teixeira
Agenda
- Presentation by Hannes
- Plan to go forward
Previous Minutes
- Background: request raised in eHealth Platform WG Architecture from April 30
- RSW cannot join on Tuesday afternoons so we must look for a different timeslot. Proposed weekly meeting slot as from May 21: Fridays from noon to 1PM
- remark: Hannes should be available as key person
- What exactly is the request:
- see presentation WG Architecture here: Access control in FHIR, https://drive.google.com/file/d/1v-Lg204eKYKEOdCUJtv7gT0G4vd0XIpP/view?usp=sharing
- do we need middleware when using a FHIR server to have access to patient consent and therapeutic relationship
- what are the encountered issues and how can we mitigate these ?
- Plan to go forward:
- benefits of using middleware
- encountered issues when using middleware
- Question: how to interrogate multiple FHIR servers
Minutes
- Hannes presents "Access control in FHIR" that was also
- care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers
- id: solutions FAS or eID, itsme, TOTOP
- access management: need for standardised manner to manage interactions
- solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access
- solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip)
- RSW has its own authentic source for therap relationships that has to be taken into account in their SMART on FHIR solution
- anyone can do setup of its own but we have to be careful to add any additional "signatures"
- Pablo is referring to the vaults FHIR cookbook
