Rich
Please adjust the wording in your notes on the statement:
"will put on set top box; hook system to box, which will plug in."
to
"One cleaver suggestion that surfaced was to package the SAML/XACML
functionality into a 'set top box' to simplify the complexities that
might keep small medical practices from using the XSPA profile to plug
into the NHIN."
Stating that we have plans to roll out the XSPA profile in hardware at
this point would probably have me in boiling water :-0
Also change "NTI" to "NPI" (National Provider Identifier) [the NPI is a
unique 10-digit identifier issued by HHS/CMS as mandated by the HIPAA
legislation.]
Also, near the bottom please change NHIE to NHIN (Nationwide Health
Information Network).
Thanks,
David
David Staggs, JD, CISSP (SAIC)
Veterans Health Administration
Chief Health Informatics Office
Emerging Health Technologies
Original Message-----
From: Rich.Levinson [mailto:rich.levinson@oracle.com]
Sent: Thursday, April 16, 2009 5:40 PM
To: xacml
Subject: [xacml] Minutes 16 April 2009 TC Meeting
Date: Thu, 16-Apr-09
Time: 10:00 am EDT
Tel: 512-225-3050 Access Code: 65998
Minutes for 16 April 2009 TC Meeting
Proposed Agenda:
10:00 - 10:05 Roll Call & Approve Minutes
Erik Rissanen Axiomatics AB Group Member
Bill Parducci* Individual Group Member
Rich Levinson Oracle Corporation Group Member
Hal Lockhart Oracle Corporation Group Member
Anil Saldhana Red Hat Group Member
Seth Proctor Sun Microsystems Group Member
John Tolbert The Boeing Company* Group Member
David Staggs Veterans Health Administration Group Member
Have quorum at start: 7/10
- Minutes to approve: 9 April 2009 TC Meeting
http://lists.oasis-open.org/archives/xacml/200904/msg00018.html
Approved, no objection
10:05 - 10:10 Administrivia
- XACML v3.0 Specification Status
http://lists.oasis-open.org/archives/xacml/200904/msg00020.html
http://www.oasis-open.org/committees/document.php?document_id=32060&wg_a
bbrev=xacml
The following specifications are targeted for Committee Draft status
at the next meeting as well as to be marked for Public Review. This
meeting will be held in one week (April 16) at the same time and
number.
* Core Specfication
* Hierarchical Resource Profile
* SAML Profile
* Administration and Delegation Profile
* Digital Signature Profile
* Multiple Resource Profile
* Privacy Policy Profile
* Core and hierarchical role based access control (RBAC) Profile
Have final core and 7 profile specifications
Motion to move docs to CD:
Bill moves
Erik seconds
Any objections to CD: none
Vote carries
Motion to public review:
Erik moves
John seconds
Any objections to public review: none
Vote carries
Need doc, html, pdf
(if editable form not html, then need all 3 (incl editable)
Need list of individual links to docs:
Don't know until in repos what the link is.
-> Hal: will get clarification from Mary
Hal: Norm Walsh confirmed our use of xml:id
Hal: we will send docs to Mary for formal formatting check.
Hal: public review will auto-go to security in OASIS,
plus IETF, W3C, WS/I, ITUT, maybe NIST, OGC (geo-spatial),
maybe HL7 (healthcare), Concordia, TSCP (John will provide
email).
Hal: new profile draft on export control
10:10 - 11:00 Issues
- XACML Export Control -US profile draft
http://lists.oasis-open.org/archives/xacml/200904/msg00019.html
John: worked on w Paul Tyson, Bell Helicopter, export controls,
need to define std attrs for international: nationality,
control numbers from DOC, USML (munitions list, ITAR)
std attrs for making export control decisions.
- Public comments submitted for the XSPA profile of XACML
http://lists.oasis-open.org/archives/xacml/200904/msg00021.html
Finished public review
Comments received above link
David: RSA was important to getting public input
Review xspa issues:
1 Are gateways included? ACS is gateway.
2 Diagnostic integers model: info holder does not relinquish
control of any info - issue w pre-fetch - diagnostic images
are too large
Hal: responsibility to respond to people who made request,
but possibly clarify doc to help people understand if the
comment indicated party did not understand doc.
3 Request context: how requests are mapped:
Hal: this one borrowed mechanism from SAML, may not need
to adjust doc but direct to underlying spec.
4 Demo'd at HIMSS; do SAML, XACML, then they jump into how
to do policies - here is how to identify patients; attr
is provided, but up to individuals to identify mechanism
5 Issue w text extracted from saml/xacml profile: basically
said we don't return req in rsp.
Hal: optional to return; David will incl note
6 RSA 2008: defining attrs used for Dr Bob, created dissenting-
subject-id - name of person being blocked. Would better
describe dissenting-subject-id
Erik: says he did original suggestion for dissenting
David: masking plus additional info; can be better explained
Hal: be careful; if user-id is different format, then may
miss that person is supposed to be blocked.
David: issue of NTI: should be number assoc w everyone
6 Default normal confidentiality code: normal is default; could
add text to make clearer.
7 Mary working late - file name overwrites saml - will fix
8 Links: incl Hal's response; if doc external provide link
David will check.
9 John M: comments in saml will affect xacml: Duane agreed, need
to
do some harmonization: Duane will provide email w details.
10 John M: made broad stmt; David: this is interop profile w
defined
attrs; expect those attrs give scope required for this work.
Hal: how did HIMSS conf interop go:
David: we were in future directions portion: demo'd infrastructure of
a hospital. NHIE will be infrastructure for attrs shipping around
and
have opt-out model; they were very interested in xacml manner of
doing
this; they want the more detailed decision model; Will be taking
code
from HIMSS, make publ avail; will have tool to hook into nationwide
health info exchange network. NHIN used between health info xchg's;
will put on set top box; hook system to box, which will plug in.
Hal: will mention at RSA next week: David will send slide w relevant
info.
Hal: this will be part of new things happening w saml.
- Meeting schedule:
Hal: we've had an intense period, go back to every other week.
skip Apr 23 meeting
next meeting: May 7, then 2 week schedule
Meeting adjourned: 10:53 AM EDT
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php