Note this is a PROPOSED agenda --- have not reviewed with Brian! So we may adjust in "real time" ....

  • (Brian) Review discussion of and any updates to "Minimum Threshold"
  • (Team reps for SMTP/REST/IHE) Quick updates, where do you expect to be on Thursday
  • (Sean) Introduce proposal for new NHIN-D Security & Trust Agent project (http://nhindirect.org/message/view/Concrete+Implementation+Workgroup/23658385) ... Discuss
  • (Sean + Roundtable) How do we want to use our 45 minutes live on Thursday?

Expected Outcomes:

  • Close on Minimum Threshold to present on Thursday
  • General idea of presentation
  • Assignments for specific presentation pieces

Notes from the Concrete Implementation Workgroup

Status of Notes: DRAFT
Date: May 4, 2010
Time: 12pm-1pm
Attendees Arien Malec, Honora Burnett, Sean Nolan, Rob Wilmot & David McCallie, Karen Witting, Mark Stine, Umesh Madan, Brett Peterson, Ravi Madduri , Vassil Peytchev , Lin Wan, Matt Potter &

Nageshwara Bashyam

Actions for this Week:
#
Date
Action
Status
Owner
Due Date
8
5/4/10
Sean will post a skeleton outline on the Wiki for the NHIN Direct Slides and ask people to contribute
Open
Sean
5/12/10
9
5/4/10
Group will track the notion of multiple addresses – take this to the User Story
Open
Group
5/12/10
10
5/4/10
Vassil will put some feedback on the challenges of SMIME on the Wiki
Open
Vassil
5/12/10
11
5/4/10
Brief the S&T WG on security and trust issues related to concrete implementation
Open
Arien
5/12/10
12
5/4/10
Dragon will get XMPP code into source code
Open
Dragon
5/12/10


Actions from Last Week:
#
Date
Action
Status
Owner
Due Date
5
4/27/10
Brian and Sean will report to implementation group later in day to call for champions and call for broader participation
Closed
Brian and Sean
5/4/10
6
4/27/10
Brian and Sean will publish timeline to wiki
Closed
Brian and Sean
5/4/10
7
4/27/10
Brian will start a thread to continue conversation about “minimum threshold” criteria on Wiki, all WG members are expected to continue
Closed
Brian & WG
5/4/10

Decisions from Last Week:
#
Date
Action
2
4/27/10
Will use working code and concrete pieces
3
4/27/10
Will have a single concrete implementation for the pilot (SMTP or another)
4
4/27/10
We will create three concrete implementation pages and do calls for sign-up and participation for each.

Agenda

  • (Brian) Review discussion of and any updates to "Minimum Threshold"
  • (Team reps for SMTP/REST/IHE) Quick updates, where do you expect to be on Thursday
  • (Sean) Introduce proposal for new NHIN-D Security & Trust Agent project (http://nhindirect.org/message/view/Concrete+Implementation+Workgroup/23658385) ... Discuss
  • (Sean + Roundtable) How do we want to use our 45 minutes live on Thursday?

  • Expected Outcomes:
    • Close on Minimum Threshold to present on Thursday
    • General idea of presentation
    • Assignments for specific presentation pieces
    • Action for face to face
Notes
  • Update from the three team – Progress? On the right tack?
    • SMTP
      • TLS based instance Amazon EZ2 running postfix
      • Finger prints, to create a white list
    • REST
      • Chris is the first person to contribute real working code
      • Java standpoint – simple
      • 150 lines of code
      • Learned that the REST spec itself needs some work
      • Implemented the GET
    • SOAP/IHE
      • Demo
      • Dragon gave update
      • Dragon will get XMPP code into source code
  • How do you ensure that two people are in the trust network?
    • Exchange agents
    • Doesn’t seem right that we are having this conversation about transport
    • How can we manage signatures/descriptions
    • Assumption: consensus around payload being a MIME based payload
    • SMIME sits on top of this, and manages trust, signatures and encryption
    • Build something between these
    • Context from Brett Peterson
      • As we start managing health domain names
      • SNI
      • If we could get to TLS with Mutual Authorization, then we have a mutual model for trust assurance
      • HTTP – Arien has another proposal for a REST spec, but not a SOAP spec
      • Receiver and sender have mutual assurance
        • Concerns with SMIME – how does it get mutual trust
        • There is a mutual assurance in the code
Comment from David McCallie
  • Appreciates the orthogonal layer
  • Keep beating drum of simplicity – false assumption is simplest assumption
  • SMTP-SMTP – mutual trust
  • Certs issued by designated group of agencies
  • Null hypothesis: mutual TLS expressing trust assertions at the HISP level

Comment from Brett Peterson
  • How do we route from addresses that won’t be HISPs but will be individual oriented
  • Is a HISP a cert? Does this give you the trust you need?
  • HISP would be taking a lot of responsibility for this
  • If we can’t “white list” other HISPs
  • Brief the S&T WG on security and trust issues related to concrete implementation

Comment from Vassil Peytchev
  • Concerns about SMIME
  • Security & Trust WG need to resolve encryption of payload
  • Arien agrees, the process here should be concrete implementation tries to run down a path, hits issues and then kicks to S&T
  • What level of trust do we want to inject into the system
  • Within our charter: where and how to encrypt payloads

Comment from Lin Wan
  • Payload is signed / encrypted?
  • How does it interact with SOAP?

  • Have requirement for S&T and then map to security
  • REST/SOAP but not XDR Layer
  • Vassil will put some feedback on the challenges of SMIME on the Wiki
  • Layer between
  • Outbound: message sent from client would be packaged and set encrypted
  • Inbound: message arrived and needs to be decrypted
  • Asymmetric key
    • Before I send I verify the two addresses such that a recipient can’t even route without knowing their private key
    • As a recipient, can’t see/verify senders private key
  • SASL allows TLS as one of its layers – and can do mutual, but maybe at one cert/I{ address

Comment from David McCallie
  • Group will track the notion of multiple addresses – take this to the User Story
    • Happens with nursing homes
    • Sean will post a skeleton outline on the Wiki for the NHIN Direct Slides and ask people to contribute
    • Sean will have a template up on the Wiki for everyone to comment on