Difference between revisions of "Minutes - Security WG 2021-05-21"
From Health Level 7 Belgium Wiki
KarlienErauw (talk | contribs) (Created page with "* Minutes * Hannes presents "Access control in FHIR" that was also ::* care provider has to go through id & auth and there has to be a control to assess if he has access to t...") |
KarlienErauw (talk | contribs) |
||
Line 1: | Line 1: | ||
− | * Minutes | + | ===== Attendees ===== |
+ | * Bruno Casneuf | ||
+ | * Erwin Bellon | ||
+ | * Hannes De Clercq | ||
+ | * Jean-Michel Polfliet | ||
+ | * Karlien Erauw | ||
+ | * Nick Hermans | ||
+ | * Pablo d'Alcantara | ||
+ | * Raphaël, RSW | ||
+ | * Robin Bosman | ||
+ | |||
+ | ===== Excused/Not present ===== | ||
+ | * Didier Temans | ||
+ | * José Costa Teixeira | ||
+ | |||
+ | ===== Agenda ===== | ||
+ | * Presentation by Hannes | ||
+ | * Plan to go forward | ||
+ | |||
+ | ===== Previous Minutes ===== | ||
+ | * Background: request raised in eHealth Platform WG Architecture from April 30 | ||
+ | * RSW cannot join on Tuesday afternoons so we must look for a different timeslot. Proposed weekly meeting slot as from May 21: Fridays from noon to 1PM | ||
+ | ::* remark: Hannes should be available as key person | ||
+ | * What exactly is the request: | ||
+ | ::* see presentation WG Architecture here: Access control in FHIR, https://drive.google.com/file/d/1v-Lg204eKYKEOdCUJtv7gT0G4vd0XIpP/view?usp=sharing | ||
+ | ::* do we need middleware when using a FHIR server to have access to patient consent and therapeutic relationship | ||
+ | ::* what are the encountered issues and how can we mitigate these ? | ||
+ | * Plan to go forward: | ||
+ | ::* benefits of using middleware | ||
+ | ::* encountered issues when using middleware | ||
+ | * Question: how to interrogate multiple FHIR servers | ||
+ | ===== Minutes ===== | ||
+ | |||
* Hannes presents "Access control in FHIR" that was also | * Hannes presents "Access control in FHIR" that was also | ||
::* care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers | ::* care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers | ||
Line 6: | Line 38: | ||
::::* solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access | ::::* solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access | ||
::::* solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip) | ::::* solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip) | ||
+ | ::* RSW has its own authentic source for therap relationships that has to be taken into account in their SMART on FHIR solution |
Revision as of 10:20, 21 May 2021
Attendees
- Bruno Casneuf
- Erwin Bellon
- Hannes De Clercq
- Jean-Michel Polfliet
- Karlien Erauw
- Nick Hermans
- Pablo d'Alcantara
- Raphaël, RSW
- Robin Bosman
Excused/Not present
- Didier Temans
- José Costa Teixeira
Agenda
- Presentation by Hannes
- Plan to go forward
Previous Minutes
- Background: request raised in eHealth Platform WG Architecture from April 30
- RSW cannot join on Tuesday afternoons so we must look for a different timeslot. Proposed weekly meeting slot as from May 21: Fridays from noon to 1PM
- remark: Hannes should be available as key person
- What exactly is the request:
- see presentation WG Architecture here: Access control in FHIR, https://drive.google.com/file/d/1v-Lg204eKYKEOdCUJtv7gT0G4vd0XIpP/view?usp=sharing
- do we need middleware when using a FHIR server to have access to patient consent and therapeutic relationship
- what are the encountered issues and how can we mitigate these ?
- Plan to go forward:
- benefits of using middleware
- encountered issues when using middleware
- Question: how to interrogate multiple FHIR servers
Minutes
- Hannes presents "Access control in FHIR" that was also
- care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers
- id: solutions FAS or eID, itsme, TOTOP
- access management: need for standardised manner to manage interactions
- solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access
- solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip)
- RSW has its own authentic source for therap relationships that has to be taken into account in their SMART on FHIR solution