2020-03-17 Meeting notes

Date

Attendees

Agenda

  • Agenda consists of:

    1) Sal summarizing the meeting he had with the Kantara Educational Foundation  Board last Friday (If you have not, please read his informative 

    report that was shared over the week end)

    2) Jeff to discuss NiST 800.53

    3) Tom will provide insight as to the revision of 

     https://wiki.idesg.org/wiki/index.php/Healthcare_OpenID#Problems  as it relates to an up coming con-call with UMA and questions he raised  and wants input on 

    about the two data structures in the High Assurance document  1)the federation entity statement and 2) the identifier token document.

    Meeting convened 12:45 EDT, delay communicated via email.

Discussion items

TimeItemWhoNotes



Kantara Educational Foundation  Board

  • Sal summarized update to education board meeting
  • Positive feedback, wiki is Helpful, timing is very good
  • Have a month to craft to propose to the Keefe board ($12,000 in bank account.) suggested deadline for draft proposal March 31.
  • Informal FIRE WG call next week
  • Jim suggests starting with a portion of the 12K and get a match from another org. Mary agrees
  • Sal will present proposal at next board meeting

Strategy per Mary

  • Current grant proposal draft: https://docs.google.com/document/d/1G7TQLLCOAF6agfBRZbmhSIeuT_qBKXWWT8Iw7OoeZVw/edit
  • Our request is $15000. Could start with $5K plus matching, with limited scope, tighten focus to coronavirus response.
  • Crash could be a problem as foundations likely lost a lot in market this week.
  • Actions: Mary will send document to team with comments Wed, agreement by Thursday. Sal will work on it with her. Then Sal can present to board.



NIST 800.53

Look through at document Jeff essential to email group regarding privacy framework.p in section 3.7




Healthcare OpenID

High assurance ID Token

  • https://wiki.idesg.org/wiki/index.php/Healthcare_OpenID#Problems
  • Coordinate with HEART working group at OpenID Foundation, so we don’t compete.
  • Two focus activities/solutions
    • In particular look at the information that is created in a High Assurance ID Token that would address the needs of both the TEFCA requirement for high-assurance as well as the needs for self-sovereign identifiers.
    • In particular focus on how the patient can know that any given web site can be trusted with their protected health information (PHI). A good approach might be to enable the Entity Statement of the OpenID federation specification.
    • From the user perspective dynamic registration of HIPAA compliant web sites should not be allowed as a web site either has a current certificate or it does not,
    • Adopt a paradigm shift to documents that are problem oriented rather than solution oriented. For example the FAPI specifications of the OpenID foundation is oriented to solutions for financial payments from users.
    • Focus only on new specifications that feature the goals of the Cares Act, such as giving the Patient Choice in how their information is accessed,
  • Third task is more housekeeping
    • Bring up a GitHub repository and deprecate the bitbucket repository.
  • Proposes a liaison between the two committees.
    • Vote to allow Tom to serve as liaison to HEART. Unanimously passed.
    • Their next meeting is March 23. Jim will attend as well.
    • Tom will share our working document.
    • Tom suggests also bringing up the grant proposal.
  • https://github.com/KantaraInitiative/DistributedAssurance/issues



Other Business

Information Sharing Interoperability (ISI WG) (Mark)

  • Taxonomy for medical research information
    • Patient information
    • Clinical information, filter EHR with patient permission.
    • European, US, Canadian

Liaison to board (KenDagg)

Action items