PASS as a SAEAF Alpha Project

1. PASS as a SAEAF Alpha Project Preliminary discussion and exploration Thursday, April 23rd, 2009

2. HL7 SAEAF—PASS Alpha Project • What is HL7 SAEAF? • What are HL7 SAEAF Alpha Projects? • What is a HL7 SAEAF—PASS Alpha Project?

3. History of Services in HL7 (8)ArB Position on HSSP Following discussions with HSSP representatives, the ArB affirms that the HSSP framework is in conceptual alignment with the HL7 SAEAF with respect to both processes and artifacts. In particular, the MDA-based process, i.e., the HSSP Service Specification Framework, produces a Service Functional Model, a Platform-Independent Model, and a Platform-Specific model that are, in principle, in alignment with the HL7 SAEAF. However, it needs to be made clear that this alignment is between the overarching HSSP process/artifacts -- which by definition include at least two participating organizations (e.g., HL7 and OMG) -- and HL7 as the sole producer of SAEAF-compliant processes/artifacts. This is an important distinction because it will almost certainly be the case that the SAEAF framework will result in processes/artifacts produced completely within HL7 which are not necessarily defined in the HSSP, thereby resulting in some degree of non-alignment. As the SAEAF artifacts and processes mature, it remains an open question as to how (or if) any variations between the SAEAF and the HSSP will be addressed.

4. RM-ODP Multi-Dimensional Specification Pattern from the 5 Viewpoints Why? What? How? Where? True? ISO Standard (RM – ODP, ISO/IEC IS 10746 | ITU-T X.900 )

5. The ECCF Specification Stack (1) Technology VP tests Conformance Statements collected in cells

6. HL7 SAEAF—PASS Alpha Project • What is HL7 SAEAF? • What are HL7 SAEAF Alpha Projects? • What is a HL7 SAEAF—PASS Alpha Project?

7. What are HL7 SAEAF Alpha Projects? Initiative by SAEAF to run a few HL7 projects through the SAEAF paradigm to understand the process better, recognize the pitfalls and tighten the framework before imposing it on the rest of HL7 Alpha projects will help develop process and determine what artefacts, tools and templates are needed. Alpha projects will work closely with ArB and TSC Selection criteria and engagement principles for Alpha Projects remain to be devised and agreed, so this is an opportunity for PASS to step forward and ensure that PASS deliverables are valued across a broad sweep of the organization. The HL7 EA IP will be accountable as the primary coordination point between “Alpha Projects” and HL7 - primarily addressing issue management. January 2009 HL7 Enterprise Architecture Implementation Project - Initiation / Planning Phase 7

8. HL7 SAEAF—PASS Alpha Project • What is HL7 SAEAF? • What are HL7 SAEAF Alpha Projects? • What is a HL7 SAEAF—PASS Alpha Project?

9. HL7 SAEAF—PASS Alpha Project • What does it mean to the PASS SFM projects to be a SAEAF Alpha project? • All PASS work to date will be leveraged and become a cornerstone SAEAF • Parallel and aligned development of vocabulary/terminology and related artifacts that are consumed by PASS-Access and PASS-Audit implementations • May bring additional resources to get current PASS work moving faster • Provide an Architectural Framework to help align HL7, HITSP, NHIN and international security/privacy initiatives • Alignment of artifacts up and down the “specification stack” • Flexibility with standards artifacts – PASS can help define what the artifacts will be. • Value proposition for Security WG – opportunity to have one source for security knowledge to impact other HL7 initiatives • Advantage of SAEAF to Access Control: Captures dynamic aspects, facilitating policy-driven paradigms

10. HL7 SAEAF—PASS Alpha Project • Issues / Caveats • “PASS Alpha” charter needs to get written up • Alpha templates (eg: Charter) still in development • Uncertain scope – potential for scope creep • Anticipates joint efforts across several HL7 WGs • Resource support required • Aggressive time frames implied • *need* administrative and support staff, not just volunteers and staff need to not increase the workload for volunteers but actually help manage and reduce it? • Volunteers can NOT be asked to put in even more hours • Is there going to be a connectathon at the end of this? (how do we align with the current ones?)

11. So what do we do next? • Fill out charter? Who wants to review? • Keep gathering questions, updating group as more information comes in. • What else?

12. CBCC Proposal to create Consent and Privacy Policy SFMs under PASS

13. CBCC Minutes Snippet • 1. Propose that Composite Privacy Consent Directive (CPCD) become a pilot SAEAF-conformant project - demonstrating how we design service-aware standards. Pending approval from the Enterprise Application Implementation Planning EA IP project. Contact Marc Koehn - project lead for EAIP - and propose our standard. EAIP is looking for candidate service-aware pilot projects. Since the SAEAF is not completed, there is some uncertainty regarding the timeline. How does a project sign up to be a SAEAF pilot, what are the criteria? If a project is approved as a SAEAF pilot, what the is earliest we could publish our specification as a DSTU? • 2. Work with SOA WG and add to the existing PASS Audit and PASS Access Control two new service functional specifications: PASS Privacy Policy Mgmt/Lookup, PASS Consent Directive Mgmt/Lookup. In addition to the service functional specifications we could also issue an OMG RFC (request for comment) for our technical service specification (including XSDs, etc.). Ask Gila Pyke, Ken Rubin, and Galen Mulrooney how we could ballot a service functional spec in HL7 in July and in OMG. • Update:During the ArB meeting, PASS project proposed a comprehensive privacy/security standard as a Pilot SAEAF-conformant alpha standard. A service functional model satisfies only a subset of the artifact stack proposed by SAEAF. This project would include the information model and the detail service/interfaces/operations for privacy policy and consent directive management. One requirement would be for us to map out how the current analysis and design and map them to the SAEAF artifacts.

14. CBCC Minutes Snippet • 1. Propose that Composite Privacy Consent Directive (CPCD) become a pilot SAEAF-conformant project - demonstrating how we design service-aware standards. Pending approval from the Enterprise Application Implementation Planning EA IP project. Contact Marc Koehn - project lead for EAIP - and propose our standard. EAIP is looking for candidate service-aware pilot projects. Since the SAEAF is not completed, there is some uncertainty regarding the timeline. How does a project sign up to be a SAEAF pilot, what are the criteria? If a project is approved as a SAEAF pilot, what the is earliest we could publish our specification as a DSTU? • 2. Work with SOA WG and add to the existing PASS Audit and PASS Access Control two new service functional specifications: PASS Privacy Policy Mgmt/Lookup, PASS Consent Directive Mgmt/Lookup. In addition to the service functional specifications we could also issue an OMG RFC (request for comment) for our technical service specification (including XSDs, etc.). Ask Gila Pyke, Ken Rubin, and Galen Mulrooney how we could ballot a service functional spec in HL7 in July and in OMG. • Update: During the ArB meeting, PASS project proposed a comprehensive privacy/security standard as a Pilot SAEAF-conformant alpha standard. A service functional model satisfies only a subset of the artifact stack proposed by SAEAF. This project would include the information model and the detail service/interfaces/operations for privacy policy and consent directive management. One requirement would be for us to map out how the current analysis and design and map them to the SAEAF artifacts.