Difference between revisions of "Retrieve Form for Data Capture - Discussions"
m |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
===Topics=== | ===Topics=== | ||
* RFD Security Mitigations | * RFD Security Mitigations | ||
| + | '''Attendance''' George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Rob Horn, John Moehrke, Bill Majurski | ||
| + | |||
| + | discussing mitigations column of RFD Risk Analysis 2007-04-30.xls | ||
| + | |||
| + | M1. TLS for content integrity (Currently available) | ||
| + | M2. ATNA audit (Somewhat available) | ||
| + | |||
| + | T's are handed off to other people - maybe list these in another column | ||
| + | there is some cookbook that tells about M's, T's, I's | ||
| + | might be targeted to a different audience than the readers of the profile | ||
| + | needed - a how to read a risk assessment | ||
| + | |||
| + | G becomes Mitigations within the profile; H becomes not mitigated | ||
| + | |||
| + | I's will not be published with trial implementation | ||
| + | |||
| + | c,d,e,f,g all need to line up | ||
| + | |||
| + | |||
| + | |||
| + | list per actor of what to do... | ||
| + | |||
| + | e.g., M3 - XForms validation needs more words to explain... | ||
| + | |||
| + | list threats, and then mitigations that are handled by XForms, by external to the profile | ||
| + | |||
| + | bill - most of column c are not interoperability threats...they are data content | ||
| + | |||
| + | break the columns... | ||
| + | |||
| + | George to edit and update the spreadsheet and prepare text for the profile document | ||
==Tcon May 8, 2007 == | ==Tcon May 8, 2007 == | ||
| Line 8: | Line 39: | ||
* HTTP Get vs Post for Retrieve Form transaction | * HTTP Get vs Post for Retrieve Form transaction | ||
| + | '''Attendance''' George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Steve Speicher, Rob Horn | ||
| + | |||
| + | how to submit the data payload with a get request ? | ||
| + | |||
| + | |||
| + | two ways to use retrieveform: ...http get and soap | ||
| + | |||
| + | Steve will be adding some text and updating the profile document | ||
| + | |||
| + | wsdl - missing more on the request type for the additional payload and this will be updated | ||
| + | |||
| + | 3 return options to RetrieveForm: | ||
| + | * form in the response | ||
| + | * base64 encoding | ||
| + | * url | ||
| + | |||
| + | if the form manager creates a prefilled form and holds it, then there is security issue | ||
| + | |||
| + | ? should form filler request which type to return ? | ||
| + | |||
| + | we had a discussion on the use of xmlbase and whether or not a picec of middle-tier could resolve partial references in the text of a retrieved XForm | ||
== Tcon May 1, 2007 == | == Tcon May 1, 2007 == | ||
===Topics=== | ===Topics=== | ||
| Line 22: | Line 74: | ||
? is polling a security issue ? | ? is polling a security issue ? | ||
| − | ? is the profile pushing the use of XForms too far ? | + | ? is the profile pushing the use of XForms too far ? no, probably not |
? will this move away from human intervention and rely on machine txns ? no, probably not...needing human review | ? will this move away from human intervention and rely on machine txns ? no, probably not...needing human review | ||
Latest revision as of 20:13, 13 May 2007
Tcon May 11, 2007
Topics
- RFD Security Mitigations
Attendance George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Rob Horn, John Moehrke, Bill Majurski
discussing mitigations column of RFD Risk Analysis 2007-04-30.xls
M1. TLS for content integrity (Currently available) M2. ATNA audit (Somewhat available)
T's are handed off to other people - maybe list these in another column there is some cookbook that tells about M's, T's, I's might be targeted to a different audience than the readers of the profile needed - a how to read a risk assessment
G becomes Mitigations within the profile; H becomes not mitigated
I's will not be published with trial implementation
c,d,e,f,g all need to line up
list per actor of what to do...
e.g., M3 - XForms validation needs more words to explain...
list threats, and then mitigations that are handled by XForms, by external to the profile
bill - most of column c are not interoperability threats...they are data content
break the columns...
George to edit and update the spreadsheet and prepare text for the profile document
Tcon May 8, 2007
Topics
- Transactions review
- HTTP Get vs Post for Retrieve Form transaction
Attendance George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Steve Speicher, Rob Horn
how to submit the data payload with a get request ?
two ways to use retrieveform: ...http get and soap
Steve will be adding some text and updating the profile document
wsdl - missing more on the request type for the additional payload and this will be updated
3 return options to RetrieveForm:
- form in the response
- base64 encoding
- url
if the form manager creates a prefilled form and holds it, then there is security issue
? should form filler request which type to return ?
we had a discussion on the use of xmlbase and whether or not a picec of middle-tier could resolve partial references in the text of a retrieved XForm
Tcon May 1, 2007
Topics
- Data Clarification
Attendance George Cole, Dave Iberson-Hurst, Lynn Felhofer, Karen Witting, Bill Majurski, Steve Speicher, Maryann Hondo
Minutes
reviewing Clarification.doc .... after submit of data there is analysis, typically done in batches, looking across patients and data
url encompases site and study ? issue on use of what should be an opaque value
? is polling a security issue ?
? is the profile pushing the use of XForms too far ? no, probably not
? will this move away from human intervention and rely on machine txns ? no, probably not...needing human review
change to proposed to have Retrieve Clarification txn between Form Filler and Form Manager, and to be an optional txn
Tcon April 24, 2007
Topics
- Review Security Matrix Spreadsheet
- Data Clarification Proposals
Attendance George Cole, Steve Speicher, Karen Witting, Kevin Kelly, Rob Horn, Bill Majurski
Minutes
- Discussion and walkthru of the Security Anaylsis matrix
- george to update and repost to ftp site.
- mitigations still need to be discussed
- Review of updated profile document - led by Steve
- WSDL added to appendix
- sample XForms 1.1 added to appendix
- proposed change to Retrieve Form transaction so Form Manager can handle prepopulation
- namespace conventions to be addressed by co-chairs
Tcon April 03, 2007
Attendance - George Cole, Lynn Felhofer, Steve Speicher, Mike Henderson, Landen Bain, Dave Iberson-Hurst, Karen Witting, Kevin Kelly, Bill Majurski, Rob Horn, John Moehrke
Topics
- Trial Implementation status review
- Review currently proposed areas for change
- Action items / Agenda for next tcon (4/24)
Details
- Trial Implementation status review
- Current status: do we need to CP everything ? No – produce new document, use Word to produce a differences document
- CP for transaction numbers in existing profile is complete …the transaction numbers are assigned and need to be put into new document
- Goal for 07-08: Trial Implementation with full Connectathon Testing
- Review currently proposed areas for change
- Date Clarification - How does a drug sponsor communicate needed clarification on submitted forms? Dave will take this; materials coming for the next meeting (which he will have to miss)
- Security - profile says ATNA...will that work ? Long discussion - see below
- Support for multiple submissions - one form, retrieved by any number of Form Fillers, each with different Form Archiver needs; likely handled by XForms 1.1
- Better support for Prepopulating Forms - Current mechanisms require problematic and insecure methods; This should continue to be outside of the profile; It could still be done as an experimental part of HIMSS Showcase, but Profile testing comes first.
- More robust form request/query support - Currently only request based on formID or URL. Steve and Kevin will take this; materials coming for next meeting.
- Addition of WDSL to support WS calls - Current profile says "WSDL to be added later"; Steve will take this.
- Support for XForms 1.1 - Specification is maturing in W3C. Usage of submission changes remove the need for Javascript for configurable submission sites. Steve – XForms 1.1 is in last call for comments for another week. Multiple submission targets without the need for javascript for configurable submissions. Steve will supply a sample.
- Actions / Agenda for next tcon (4/24)
Agenda items for next tcon: Review Data Clarification, Review Risks document, plan for 5/1 tcon.
Security Discussion
There was a gerenal discussion on RFD and Security.
A PowerPoint on the RFD Landscape was discussed.
Group discussion today about these ideas: Biosurveillance needs may be different;
Clinical trails have their own requirements. Security mechanisms need to take into account delivery to third party. Is this profiled or is this the responsibility of the Form Receiver and the EDC community ?
Device/equipment trials may be different than drug trials.
These other risks can be worked into risk assessment. Ok to have risks that have not been mitigated.
Form Archiver – need one with the Form Manager ? Forms belong to the investigator
Policy mechanism – how do you know something comes from an investigator ? Signature in the paper world
What are the things (assets) that might have their confidentiality compromised ?
- Form contents
- Privacy of subject
- Validity of submitted forms
- Authenticity of form contents
- Authenticity of form source
- Employee privacy
- Form filler identity
- Correct date/time
- Partially filled out forms
- Investigator time
- Auditor time
- Blank form
- Existence of a Study and Existence of possible Outbreak or Adverse Event
Threats:
- Rogue Investigators
- Rogue Managers
- the Press and other Investigators
- Corrupt platforms e.g. loggers, phishing,
Threat categories: : tech, strategic, commercial, organizational, human, political, financial/economic, environmental
George will produce an updated matrix for review, using input from this meeting and the matrix that exists in the profile.