Security & Trust Meeting 2010-05-13
Jump to navigation
Jump to search
Comment from Vassil
· Ask ourselves “why are we reinventing the wheel?”
· How is that different?
· Beat odds with existing HIEs – agreement for how to share data with their group
· Allow the NHIN exchange
· Create alternative path for exchanging data and will get fragmented system
· Real HISPs in the real world do all kinds of things that are legal, appropriate and required and a notion of a pure routing only organization is a myth
· Faithfully surface back the point of view of the NHIN Direct technology folks to see that that gets communicated
Comment from David McCallie
· David McCallie and Arien will speak with Dixie about Technology/Policy conversations together
· Sean’s model requires that the HISP do the encryption – allow the simplicity of the TLS model
· Similarly complex
· Are we going to be in the stupid/stupid case?
· Tough to participate in complexity – mistaken and feels like a false argument
· Express this as a value added network
o Even if they aren’t converting, they’d be a fully authorized participant in those conversations
o Circled around back to not having anything new to do
o Cases outside a BAA
· Question that Arien has to come back to – is there one policy that everyone has to come to?
· Pulled in the NHIN Dursa as our base policy language
· Why would we forbid two doctors with NHIN from exchanging information?
· Two doctors have equipment that is capable of exchanging information
· How does one person have one endpoint that allows for them to have international conversations?
o Provider to have trust relationships one on one with multiple endpoints
· Put the trust decisions back into the hands of the individual users
Comment from Fred Trotter
· Disconcert between what we’re talking about on the calls vs. forums
· On forums – not one top down models
· Different interpretation of what the trust assertion means
· Fred Trotter will provide links for the voting section of the basic trust model on the WG page
· WG should read/comment on Sean Nolan’s post on the challenges of multiple simultaneous trust circles and using TLS: [2]
· Arien key action: frame and elevate policy tradeoff for consumption by policy people
· David will set up a time to speak with Dixie Baker about Technology/Policy
· Arien will answer Fred Trotter’s questions:
o Which HITSP documents are we talking about?
o Where is policy coming down from?
o What is the correct language: node or HISP?
To Discuss next time
· The VA asked if their comments on the wiki were read. In case some readers missed them or do not have "Notify Me" enabled, these should be discussed:
· [3]
· Review of Basic Trust Model - Keys for Consensus
Notes from NHIN Direct Security & Trust Meeting
Date: May 13, 2010
Time: 12pm-1pm
Attendees: Arien Malec, Honora Burnett, Nick Radov, Fred Trotter, David McCallie, Vassil Peytchev
John Moehrke, Sean Nolan, Erik Horstkotte, Ron Cordell, Pete Palmer, Paul Mincini for Gail Belles, Peter Clark & Brett Peterson
Actions from this week
| # |
Date |
Action |
Status |
Owner |
Due Date |
| 13 |
5/13/10 |
Fred Trotter will provide links for the voting section of the basic trust model on the WG page |
Open |
Fred Trotter |
5/20/10 |
| 14 |
5/13/10 |
WG should read/comment on Sean Nolan’s post on the challenges of multiple simultaneous trust circles and using TLS: [1] |
Open |
WG |
5/20/10 |
| 15 |
5/13/10 |
Arien will frame and elevate policy tradeoff for consumption by policy people |
Open |
Arien |
5/20/10 |
| 16 |
5/13/10 |
David McCallie will set up a time to speak with Dixie Baker about Technology/Policy |
Open |
David McCallie |
5/20/10 |
| 17 |
5/13/10 |
Arien will answer Fred Trotter’s questions:
|
Open |
Arien |
5/20/10 |
Actions from last week
| # |
Date |
Action |
Status |
Owner |
Due Date |
| 12 |
4/29/10 |
Group will read and comment on Basic Trust Model: http://nhindirect.org/Basic+Trust+Model |
Closed |
All |
5/6/10 |
Notes
Recap of Face-To-Face meeting on May 6th
- Ensuring that there is cohesion with what we are doing and what the policy community is doing
- Certain communities may want to use this within their own spheres
- What the scope of the initial deployment of NHIN Direct would look like
- Concern that we’re not definition the policy – be sure that is something we are working with as we move forward
- Conversation of global vs. many
- We’re pushing fast & concrete and in parallel we are working more closely with the policy folks
Comment from Brett Peterson
- Boils down to: where do we encrypt the message
- Not the first group to look at this type of stuff
Comment from John Moehrke
- Creating a problem that is an academic problem rather than making simple decisions on point to point, and not forbidding message level security
- Increase complexity makes it outside the bounds of our original
- Keep it simple, but not stupid & not cut off message security
Comment from Arien Malec
- Policy guidance that is going to come down – which will get us back in discussion mode
- Agree with David McCallie
- We need to surface technology/policy choices and emphasize that this isn’t new material
Review of policy guidance
- Heightened awareness of what is going on at NHIN Direct
- Policy folks have thought of this as being push messages that fall under permitted purposes
- New thing that policy folks (HIT Policy Committee)
- What level of access to HISPs have to PHI
- Routing Metadata should be lean/spare:
- Concern over the amount of PHI that is expressed in routing metadata (to route a message the PHI exposure should be minimal)
- Data rights/data exposure at the HISP level
- Don’t’ require access to the package:
- Level of policy concern: must not be required that in order to route the HISP must not have access to the
- Background: not clear from a policy perspective
- Cross mapping function:
- Enabling XDR bridging to XDR will be problematic?
- Routing Metadata should be lean/spare:
Comment from Brett Peterson
· How can certs be distributed?
Comment from Erik Horstkotte
· What routing information do we need?
· To/From/ Date/Message ID for traceability/audit
Comment from Sean Nolan
· Simple, stupid, stupid
· Normally issue with LDAP is issue of whether we are trying to limit the issue to IST
· Certs records
Comment from John Moehrke
· Unfortunate the way the wording has come down from policy committee
· Idea that a HISP is even router is something that might not be true – there is no use case for this
· Don’t authorize a HISP to touch your data to begin with
· Case for “free hop” transfer is to install the HER enabled by two exchanges
· Source/BA and Destination/BA
· Whole discussion about S&I is overly complex-ifying
- We’d discussed addresses have endpoint and domain part
- Why is an organization that is receiving needs to minimally support 7,00 endpoints with 7,000 TLS certificates
- Could start with a single endpoint recognized buy a single certificate and modify their addresses overtime
Comment from Vassil
· Ask ourselves “why are we reinventing the wheel?”
· How is that different?
· Beat odds with existing HIEs – agreement for how to share data with their group
· Allow the NHIN exchange
· Create alternative path for exchanging data and will get fragmented system
· Real HISPs in the real world do all kinds of things that are legal, appropriate and required and a notion of a pure routing only organization is a myth
· Faithfully surface back the point of view of the NHIN Direct technology folks to see that that gets communicated
Comment from David McCallie
· David McCallie and Arien will speak with Dixie about Technology/Policy conversations together
· Sean’s model requires that the HISP do the encryption – allow the simplicity of the TLS model
· Similarly complex
· Are we going to be in the stupid/stupid case?
· Tough to participate in complexity – mistaken and feels like a false argument
· Express this as a value added network
o Even if they aren’t converting, they’d be a fully authorized participant in those conversations
o Circled around back to not having anything new to do
o Cases outside a BAA
· Question that Arien has to come back to – is there one policy that everyone has to come to?
· Pulled in the NHIN Dursa as our base policy language
· Why would we forbid two doctors with NHIN from exchanging information?
· Two doctors have equipment that is capable of exchanging information
· How does one person have one endpoint that allows for them to have international conversations?
o Provider to have trust relationships one on one with multiple endpoints
· Put the trust decisions back into the hands of the individual users
Comment from Fred Trotter
· Disconcert between what we’re talking about on the calls vs. forums
· On forums – not one top down models
· Different interpretation of what the trust assertion means
· Fred Trotter will provide links for the voting section of the basic trust model on the WG page
· WG should read/comment on Sean Nolan’s post on the challenges of multiple simultaneous trust circles and using TLS: [2]
· Arien key action: frame and elevate policy tradeoff for consumption by policy people
· David will set up a time to speak with Dixie Baker about Technology/Policy
· Arien will answer Fred Trotter’s questions:
o Which HITSP documents are we talking about?
o Where is policy coming down from?
o What is the correct language: node or HISP?
To Discuss next time
· The VA asked if their comments on the wiki were read. In case some readers missed them or do not have "Notify Me" enabled, these should be discussed:
· [3]
· Review of Basic Trust Model - Keys for Consensus