Minutes - Security WG 2021-05-21

From Health Level 7 Belgium Wiki
Attendees
  • Bruno Casneuf
  • Erwin Bellon
  • Hannes De Clercq
  • Jean-Michel Polfliet
  • Karlien Erauw
  • Nick Hermans
  • Pablo d'Alcantara
  • Raphaël Marbaix, RSW
  • Robin Bosman
Excused/Not present
  • Didier Temans
  • José Costa Teixeira
Agenda
  • Presentation by Hannes
  • Plan to go forward
Previous Minutes
  • Background: request raised in eHealth Platform WG Architecture from April 30
  • RSW cannot join on Tuesday afternoons so we must look for a different timeslot. Proposed weekly meeting slot as from May 21: Fridays from noon to 1PM
  • remark: Hannes should be available as key person
  • What exactly is the request:
  • Plan to go forward:
  • benefits of using middleware
  • encountered issues when using middleware
  • Question: how to interrogate multiple FHIR servers
Minutes
  • Hannes presents "Access control in FHIR" that was also
  • care provider has to go through id & auth and there has to be a control to assess if he has access to the resource (access management): check patient consent, exlusions, therapeutic relationship and access matrix for care providers
  • id: solutions FAS or eID, itsme, TOTOP
  • access management: need for standardised manner to manage interactions
  • solution 1: generic : IAM connect, client communicates through middleware/component to assess access to resource before entering in the FHIR server - adaptions outside of FHIR server - more difficult for client to know why he doesn't have access
  • solution 2: more specific - using SMART on FHIR - client can talk directly to FHIR server- controls happen in step 4 - suggestion for setp 4B to connect with metahub (pip)
  • RSW has its own authentic source for therap relationships that has to be taken into account in their SMART on FHIR solution
  • anyone can do setup of its own but we have to be careful to add any additional "signatures"