Minutes of the August 7, 2009 XSPA Conference Call

["Staggs, David (SAIC)" <David.Staggs@va.gov>]

Minutes of the August 7, 2009 XSPA Conference Call

1. Roll Call & Agenda Review

Voting Members:

Anil Saldhana, Red Hat

John Moehrke, GE Healthcare

Tony Mallia, Edmond Scientific Company

Richard Franck, IBM

Mike Davis, Veterans Health Administration

Duane DeCouteau, Veterans Health Administration

David Staggs, Veterans Health Administration

 Members:

 Brian McClung, Jericho Systems Corp.

Quorum attained.

2. Minutes of July10, 2009 are approved unanimously.

3. Policy scope.  John Moehrke elaborated on the problem of knowing when all the appropriate policies for an access control decision have been gathered.  Mike raised the example of policies that might depend on the type of organization involved (e.g. Federal, HIPAA covered entity, etc.) making the request and where the request originated (e.g. local privacy laws).  David recalled John Tolbert had proposed an approach for determining if export restrictions prevented release of an item to a target jurisdiction.  David will ask John for details. John Moehrke was encouraged to discuss the issue with the XACML experts.

4: Consent policy.  Steven Meyer discussed the fundamental components of a consent policy and whether we can define a set of cardinal policies for consumer preferences.  Richard pointed out the impact of jurisdiction, NHIN, the use of BPPC and defining what is the relevant scope.  All agree the ONC policy requires the individual must make a separate policy selection in each organization receiving the data.  Consensus is a lot of work needs to be done here but would be an interesting work item.  TC charter may require amendment if the work is approved.

5. Follow-on Discussion on comments from the Privacy Sub-team of the NHIN Specifications Factory.  (Covered in discussion above)

6.  Monthly meetings were approved through the remainder of the summer.

7.  Several work items have been suggested during the TC calls.  We had discussed a US Realm and International XSPA profiles.  We have heard that the passing policies between organizations would be important.  We have to publish a schema referenced by the XACML and SAML profiles. This would be a time for suggestions and champions to take up new work items.

Duane will be working on the schema for the XACML and SAML profiles.

Mike is interested in continuing work on the WS-Trust profile.

8.  Additional Discussion

 

9. Action Items

David to contact John Tolbert and XACML on Policy Scope Issue.

Regards,

David

David Staggs, JD, CISSP (SAIC)
Veterans Health Administration
Chief Health Informatics Office
Emerging Health Technologies
Office: 858 433 1473