Stream: Security and Privacy
Topic: Block vote for Sept 13
John Moehrke (Sep 01 2021 at 20:08):
We have been working on many issues found with Provenance and AuditEvent. Each of these resolutions have been reviewed in a t-con, and in-person requests have been satisfied. The following block of CR are out for final review. Please let me know if you desire any item to be pulled from the block. All items remaining in the block will be voted on as a block on September 13, on the FHIR-Security call.
Key Related Artifact(s) Reporter Summary Resolution
FHIR-33014 Lloyd McKenzie Add reference to SCIM to security page Persuasive with Modification
FHIR-32475 AuditEvent Lloyd McKenzie Why only string and binary for value? Persuasive with Modification
FHIR-33077 Provenance Hans Buitendijk Add "sender" as a Provenance.agent.role or .type Persuasive
FHIR-32474 AuditEvent Lloyd McKenzie What is the scope for detail.type? Persuasive with Modification
FHIR-32439 AuditEvent Lloyd McKenzie AuditEvent.type shouldn't be extensible Persuasive
FHIR-32441 AuditEvent Lloyd McKenzie AuditEvent.subType shouldn't be extensible Persuasive with Modification
FHIR-32440 AuditEvent Lloyd McKenzie AuditEvent.subType should merge into type. Not Persuasive with Modification
FHIR-32443 AuditEvent Lloyd McKenzie Why is event.type required and event.code optional? Persuasive with Modification
FHIR-32470 AuditEvent Lloyd McKenzie lifecycle codes aren't appropriate for extensible binding Persuasive with Modification
FHIR-32456 AuditEvent Lloyd McKenzie Email and URI aren't a type of media Persuasive with Modification
FHIR-32450 AuditEvent Lloyd McKenzie location, policy, media and network don't seem agent-specific Persuasive with Modification
FHIR-32459 AuditEvent Lloyd McKenzie Should network type draw on ContactPoint.system codes? Not Persuasive with Modification
FHIR-30580 Provenance Jean Duteau Need a code in ProvenanceEntityRole for transformation of data from a set of entities into a target Persuasive
FHIR-32516 Provenance Lloyd McKenzie Provenance needs 'instantiates' Persuasive with Modification
FHIR-33228 Provenance John Moehrke Provenance.entity.agent has a bad definition Persuasive
FHIR-32449 AuditEvent Lloyd McKenzie It seems there should be some expectation that 'who' is specified somehow Persuasive
FHIR-32453 AuditEvent<BR/>Provenance Lloyd McKenzie agent.type vs. role is unclear Persuasive with Modification
FHIR-32466 AuditEvent Lloyd McKenzie entity.type is not appropriate for extensible Persuasive
FHIR-32447 AuditEvent Lloyd McKenzie Why is outcome 'extensible' Persuasive with Modification
FHIR-32454 AuditEvent<BR/>Provenance Lloyd McKenzie who should include subject and probably CareTeam and HealthCareService Persuasive with Modification
FHIR-32518 Provenance Lloyd McKenzie What's the use-case for "onBehalfOf Device"? Persuasive
FHIR-32522 Provenance Lloyd McKenzie Mark signature and maybe entity as STU Persuasive with Modification
FHIR-32464 AuditEvent Lloyd McKenzie source.site is unclear Persuasive with Modification
FHIR-32455 AuditEvent Lloyd McKenzie Why is altId called altId? Persuasive with Modification
FHIR-32289 AuditEvent<BR/>Provenance Reinhard Egelkraut AuditEvent & Provenance, add Task to basedOn references Persuasive
FHIR-32022 Provenance Lloyd McKenzie Provenance.recorded should not be mandatory Persuasive
FHIR-32520 AuditEvent<BR/>Provenance Lloyd McKenzie agent.role whould not be extensible Persuasive with Modification
FHIR-32515 AuditEvent Lloyd McKenzie PurposeOfUse should not be extensible Persuasive with Modification
FHIR-28407 ValueSet Ranvijay Kumar Ability to provide security tags at the element level Persuasive with Modification
FHIR-32383 Provenance Floyd Eisenberg Provenance Boundaries and Relationships - Examples Persuasive
FHIR-26938 AuditEvent John Moehrke explain how a FHIR search using POST is recorded in AuditEvent Persuasive
FHIR-33020 AuditEvent<BR/>Provenance John Moehrke Provenance.activity should be subset of AuditEvent.subtype vocabulary Persuasive with Modification
FHIR-32465 AuditEvent Lloyd McKenzie How can observer be a person? Not Persuasive with Modification
FHIR-32451 AuditEvent Lloyd McKenzie agent.type should not be extensible Persuasive
FHIR-32473 AuditEvent Lloyd McKenzie Why prohibitation against name and query and not other things? Persuasive with Modification
FHIR-32472 AuditEvent Lloyd McKenzie What are expectations for scope/uniqueness of name Persuasive with Modification
FHIR-32462 AuditEvent Lloyd McKenzie source.type can't be extensible with other code Persuasive
FHIR-32988 AuditEvent Quentin Ligier Incorrect system for AuditEvent example Persuasive
FHIR-32461 AuditEvent Lloyd McKenzie Could observer be HealthCareService or CareTeam? Persuasive
FHIR-32467 AuditEvent Lloyd McKenzie Why identify resource types when you already have reference? Persuasive
FHIR-32458 AuditEvent Lloyd McKenzie Why is network.address optional? Persuasive
FHIR-32444 AuditEvent Lloyd McKenzie Period should be a choice of period and dateTime Persuasive
FHIR-32460 AuditEvent Lloyd McKenzie What are rules for Coding vs. CodeableConcept? Persuasive
FHIR-32448 AuditEvent Lloyd McKenzie Why is requestor 1..1 when no other information is? Persuasive
FHIR-12660 BaseResource John Moehrke HCS use clarification Persuasive with Modification
FHIR-32463 AuditEvent Lloyd McKenzie source.type definitions need work Persuasive with Modification
FHIR-32469 AuditEvent Lloyd McKenzie Loosening 'extensible' doesn't eliminate need for clean-up. Considered - No action required
John Moehrke (Sep 09 2021 at 13:10):
Reminder to review this block vote in FHIR-Security
Last updated: Apr 12 2022 at 19:14 UTC
