Security & Trust Meeting 2010-04-22
Status of Notes: DRAFT
Date: April 22, 2010
Time: 2pm-3pm
Attendees: Arien Malec, Rich Kernan , Laurie Tull, Fred Trotter, Justin Stauffer , John Moehrke, Joel Ryba, Eric Heflin, Erik Horstkotte, Ron Cordell, Pete Palmer, Richard Floyd. Brett Peterson, Sean Nolan & Andrew Reickhard & Honora Burnett
Actions for this Week
| # |
Date |
Action |
Status |
Owner |
Due Date |
| 11 |
4/15/10 |
Create a definitive statement on trust enablement for NHIN Direct for Workgroup consensus and Implementation Group consensus by the 5/6 meeting. Statement should cover the level of trust, the handling of different roles, etc… |
Open |
Fred Trotter & Sean Nolan |
4/22/10 |
Actions from Last Week
| # |
Date |
Action |
Status |
Owner |
Due Date |
| 8 |
4/15/10 |
John Davis will investigate our use of government ASTM Use Cases ($44 for standard) look at how this can be used for the WG |
Closed |
John Davis |
4/22/10 |
| 9 |
4/15/10 |
Pete Palmer will provide information about the Kantara initiative on the Wiki |
Closed |
Pete Palmer |
4/22/10 |
| 10 |
4/15/10 |
Umesh and Sean are going to write this idea of “chain of trust” on the Wiki. They will explore re-cert an existing address and frame up as key issue to discuss for next time |
Closed |
Microsoft Team |
4/22/10 |
Notes
· Business problem: explored a trust model that allows us to say that because I know this other organization and because I know this organization, and I have an out of band trust organization
· We have a mechanism to say “I know who this organization” and there is a reasonable assumption that if I receive a message from another provider, I can open the message to check it out
· Individual challenges:
o Individual assurance out to the patient level
o End point dealing with as a provider – enough existing trust
o Patients – not enough existing trust
§ Or might not want to do inbound messages from patients
§ Provider and accepts inbound messages, but not from that patient
Comment from John Moehrke
· Is there a way for security and trust to enable this filtering to happen?
· Authorship of the document is obvious
· Ways HISPs can help scale
Comment from Fred Trotter
· Thinking about this in terms of spam even though it isn’t
· How do you blacklist or white list effectively?
Arien framing issue a different way
· Applications, not HISPs, are responsible for black listing or white listing
· How do we assume the application or the organization needs to white list certs or do we need to let the sender/HISP know that there is role information that needs to be in the package or header to do the further processing
· Proxy off of a white list, the level of assurance that happens in the physicians office
Comment from Sean Nolan
· Application level decisions
· The HISP can do a great deal to help
o Be custodians of the actual certificates, and the technology that needs to be assigned to messages to assign them
Comment from Arien Malec
· The behavior of an application or HISP can and will be exactly the same
· An application that wants to do filtering within the application has to maintain the trust store
· If the application or the physician wants to delegate to the HISP
· Can we move on without this? Can we come up with a principal that allows us to stay out of this problem?
· Assuming that an application is going to know that if the email looks kosher from a trust perspective, then it will know that it is safe and has some way of sorting that out (Sean proposal) Sean will write this up and post on the Wiki
Comment from John Moehrke
- So much of what we are discussing is workflow and it isn’t really a trust issue
- Concern: paint ourselves into a broader space
Discussion about Sean’s proposal (Patients can do it the easy way -- email the provider the same way I do today, or make it hard – write own code, certificates)
- Comment from John Moehrke
- Concern: if we were to say that all endpoint addresses needed to be unique certificates -- allow for scaling up for
- Since I can trust roots or leaves, I can determine which level I’d like to trust
- Flexibility to trust either way
- Organizational trust is easier than individual trust
- By May 6th, we want this workgroup to have consensus on the approach
- Comment from Joel Ryba
- Are we on for Root Certificate Authority? Yes, and …
- Comment from Brett Peterson
- In a web application -- where is the private key stored?
- Creation of individual address cert isn’t required – it is a potential model
- Feature of the HISP – choice of its customers
- Group to figure out how to come up with a consensus statement weaving together threads that we have informal agreement on
- Write up a consensus statement and by May 6th we need to have S&T WG say “here is what we’ve intended to do and here is how it is going to work”
- Fred Trotter and also Sean Nolan will do this