PD+-+Sprint+Team+Meeting+Minutes+2011-06-24


 * Meeting Date**: 06/24/2011
 * Meeting Title:** PD Sprint Team Meeting Session 4

Agenda/Objectives:

 * **Topic** || **Time Allotted** ||
 * Query for Digital Certificate Use Case || 20 minutes ||
 * Standards Analysis for Digital Certificate Discovery || 60 minutes ||
 * Query for Electronic Address Use Case || 30 minutes ||
 * Sprint Team Logistics || 5 minutes ||
 * Next Steps and Questions || 5 minutes ||

Workgroup Attendees:
Van Nguyen, Bill Pankey, Steve Witter, Ernest Grove, Donna Jones, Seonho Kim, Nagesh Bashyam, Noam Arzt, Ken Pool, Debra Rouse, Michael Nelson, Sara Lambert, Derrick Evans, Heather Stevens, Thompson Boyd, Joy Styrcula, David Susanto, Chris Andreou, Diana Massey, Francis Chan, Will Rice, McLain Causey, kris cyr, Ryan Balsick, Eric Heflin, Aleena Dhar, Jonathan Tadese, Erik Pupo, Emily Mitchell, Sri Koka, Bob Yencha, Laurance Stuntz, Ron Sawdey, Teresa Strickland, melissa breen, Robert Dieterle, Bob Kaye, Elizabeth Cinqueonce, Paul Cartland, Scott Chapin, Roy Tharpe, Kelly Conlin, David Tao, Tynisha Carter, Peter Bachman, DaveMarotz, Marcus Clayton, Steve Tripp, Alex de Leon, Joni Booth, Ananya Gupta, lin wan, mary-sarajones, Mara Robertson, Dave Shevlin, John Moehrke, Ed Larsen, Lester Keepper

Panelist Attendees:
Virginia Riehl, Victoria Njoku, Erik Pupo

Action Items:

 * Date || Description || Status || Notes ||
 * 6/24/11 || Cast vote for Query for Digital Certificate Use Case on Wiki to achieve consensus || OPEN || Committed Members only ||
 * 6/24/11 || Review and provide comments on Query for Electronic Address Use Case || OPEN || Sprint Team Members ||
 * 6/24/11 || Complete Harmonization homework items for Digital Certificate Discovery work stream || OPEN || Sprint Team Members ||
 * 6/24/11 || Review posted Meeting Minutes for Sprint Team and SWG meetings || OPEN || Sprint Team Members ||

Key Discussion Points:

 * The question of whether a Certificate Directory needs to be able to constrain access to the digital certificate to members of a trust framework was raised as a concern. The issue was discussed at the face to face meeting and the consensus then was to include an assumption that access to the digital certificate would be constrained and that one had to be part of a trust framework to access the certificate.
 * The requirement for the existence of a trust framework and validating the certificate may exclude DNS as a solution. As a result, some implementations may be at risk if access is constrained
 * While discussing trust, it may be best to separate and specify what the actual trust entails, as one can validate the certificate with its content and Certificate Revocation List
 * The ability to have the restriction of who can request the certificate is supported by the concern that some abuse of the query may emerge leading to spam messages and that providers may not want to disclose some information to those outside their trust framework
 * If it is not a “trusted” certificate then it is discarded
 * The two parts to the issue is whether to allow public discovery of the digital certificate within the use case which supports a DNS solution or to allow discovery only as part of a trusted framework

Resolution(s):

 * The comment was not resolved and will be revisited during the 6/27 SWG meeting.

Harmonization/ Standards Analysis for Digital Certificate Discovery//://

 * Review of the Query for Digital Certificate Consensus and Strategy Wiki Page:
 * Keep this question in mind: Do we review some of the out of scope issues in the event that they will eventually become in scope?
 * We’re not trying to create new standards, we are trying to write an implementation guide to meet the requirements set forth in the use case
 * Two issues to be addressed by the group on the Discussion Page:
 * 1) Should we consider possible future use cases for harmonization or do we isolate the current use case?
 * 2) How do we craft assumptions based off of HITSC input?
 * Review of the Timeline for Harmonization
 * Discussion of Standards (Potential Standards Deferred vs. Suggested Standards):
 * Three ‘Suggested’ Standards (based on initial work by the Harmonization Team):
 * DNS
 * LDAP
 * HPD
 * Potential Standards Deferred (can be discussed and refuted by the group)
 * Review of the Harmonization Workgroup Review – Direct Project Recommendation Page
 * Review of Standards Criteria Page
 * Introduction of Review Documents ([|Standards Criteria spreadsheets], etc.):
 * Discussion of Harmonization end goal and WG roadmap:
 * We can narrow it down to suggest one specific standard or we can narrow it down to 2 and provide implementation suggestions
 * Our end product is some type of implementation guidance (Harmonization support team will help to develop that guide)
 * Comments and Questions:
 * Discussion of risk mitigation for each standards option
 * Reasoning for not including X.12 in our discussion is that the standards are proprietary information. If access to these standards can be quickly and easily gained, the Harmonization team will gladly add X.12 standards back into consideration.
 * Request that LDAP is referred to as X500 (parent standard) and X.509 v3 (digital certificates) going forward to eliminate confusion
 * Discussion regarding whether or not our decision is being made in a ‘vacuum’ that ignores the possibility of implications of future use cases
 * Please enter opinions, concerns, or comments regarding this topic on the Discussion Page
 * Discussion regarding HIT SC input and opinions regarding microformats and microdata
 * Concern raised regarding adhering to a 3 week timeline if it will compromise the group's ability to decide on the best strategy
 * This is a concern that can certainly be raised directly to ONC if more time is thought to be needed
 * Request to include 'viability' as an additional valuation criteria for whatever approach is selected (whether or not the solution is broadly supported by vendors in the industry)
 * Discussion regarding the definition of ‘certification’:
 * Harmonization's definition of ‘certificate’ comes from the use case
 * If there is a need for an alternative definition, that the use case team should address that
 * Concern regarding where risks should be addressed and mitigated within the Harmonization process, specifically in relation to risk of stakeholder willingness

Key Discussion Points:

 * The Issues and Obstacles section supports a broader risks analysis that will be conducted as part of the Harmonization process.
 * Additional risks around potential lack of vendor support for the identified solution and convergence of HHS or the participants should be included
 * Some statements in the issues and obstacles section reflect issues, obstacles, as well as risk factors

Resolution(s):

 * Limited experience around the use of provider directories for the intended uses of the Use Case was included as potential issue
 * Inserted the “Potential lack of vendor support for the identified solution” and “Potential lack of convergence of HHS or the participants” as additional risks
 * Updated the section heading to “Issues, Obstacles, and Potential Risks”

Key Discussion Points:

 * Next Certificate Discovery SWG Meeting scheduled for occur Monday June 27 2:30-4:00PM ET
 * Next Electronic Address Discovery SWG Meeting scheduled for next Thursday June 30, 12:00-1:30PM ET)
 * Next Sprint Team Meeting scheduled for July 1, 2011 3:00-5:00PM ET

Key Discussion Points:

 * Cast vote for Query for Digital Certificate Use Case on Wiki to achieve consensus
 * Review and provide comments on Query for Electronic Address Use Case
 * Complete Harmonization homework items for Digital Certificate Discovery work stream
 * Review posted Meeting Minutes for Sprint Team and SWG meetings