[Openid-specs-ab] Draft Agenda for 2020-11-09 Pacific Call

OpenID Foundation Director director at oidf.org
Mon Nov 9 17:07:29 UTC 2020

Dear AB/C WG experts:

This is to suggest an item to your agenda.

After years of operations, new legal requirements and increased adoption, the OIDF will soon be updating and enhancing its Certification Program.

One example is the US Center for Medicaid and Medicare services and the Office of the National Coordinator for Health Information Technology’s consideration of the role of the certification of technical conformance to identity standards, e.g. OpenID Connect. An excerpt from a consultation is available below. It’s incumbent on the OIDF to anticipate any impacts regulatory action may have on our certification program.

Our goals are to make the ( renamed ) OpenID Foundation Directory of Conformance easier to navigate and reference. We plan to better distinguish the OpenID Connect Directory from Financial-Grade APIs Directory and the sub categories in each. We will include new legal language to protect information about those organizations that have self certified their conformance to OpenID Connect and Financial-Grade APIs.

Initial feedback from the Financial-Grade APIs Work Group include the ability of allow each firm to have its own page, so they can link to these in their own communications, i.e. as XXX firm, here is my certification URL.

Your suggestions are welcome. Please send them to OIDF Program Manager Michael R. Leszcz Jr." mike.leszcz at oidf.org<mailto:mike.leszcz at oidf.org>

Thanks and stay safe,

Relevant text from CMS regulations ...Response: We appreciate the commenters’ recommendations, and we appreciate the concerns raised around privacy and security and the discussion regarding additional steps we can take to protect patient health information. We note that hospitals, health systems, and other health care providers are considered covered entities under HIPAA, and the HIPAA Privacy and Security Rules apply.

We do appreciate that app vetting, in particular, is an issue of great interest to payers and providers. We note that we strongly value the role that industry can play in this capacity, and we support efforts within industry to facilitate efficient and effective, publicly accessible information on vetted apps and vendors. We believe industry is in the best position to collectively find the best ways to identify those apps with strong privacy and security practices. We also appreciate the commenters’ request for best practices learned through our experience with Blue Button 2.0. You can find this information at https://www.cms.gov/ Regulations-and-Guidance/Guidance/ Interoperability/index.

We are not going to pursue the recommendation to develop a CMS or HHS app certification program. Under our current authorities, we do not believe we have the ability to require a third-party app to take part in such a certification program.

We do appreciate that, above all else, stakeholders commented on privacy and security and the need to do more to protect patient health information. Throughout this rule we have noted the limitations to our authority to directly regulate third-party applications.

Don Thibeau : Executive Director, OpenID Foundation
Email: director at oidf.org<mailto:director at oidf.org>
Voice: +1 202.841.8222

On Nov 9, 2020, at 11:39 AM, Nat Sakimura via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:

Dear AB/C WG experts:

Here is a draft agenda for the call.
If you have additional items, please let me know.

Draft Agenda
1.   Roll Call
2.   Adoption of Agenda (Nat)
3.   External Organizations and events
3.1.   DIF (Tom/Kristina)
3.2.   W3C
3.2.1.   WebID and IsLoggedIn
3.2.2.   Verifiable credential
3.2.3.   DID
4.   Drafts
4.1.   SIOP Requirements document (Kristina/Tim)
4.2.   prompt=create draft (George)
4.3.   Claims Aggregation (Edmund)
5.  New work item proposals
5.1 Ephemeral Identifier Subject type http://lists.openid.net/pipermail/openid-specs-ab/2020-November/007943.html
6. PRs
7. Issues
5.   AOB

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

Don Thibeau : Executive Director, OpenID Foundation
Email: director at oidf.org<mailto:director at oidf.org>
Voice: +1 202.841.8222

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20201109/aaa8f336/attachment.html>

More information about the Openid-specs-ab mailing list