[Openid-specs-heart] DRAFT meeting minutes January 26, 2015

Don Thibeau don at oidf.org
Wed Jan 28 15:20:38 UTC 2015


OpenID Foundation can support the proposed F2F at the HIMSS

We often look to member direct funding to support the cost of meeting rooms etc.


Don Thibeau
The OpenID Foundation <http://openid.net/>



> On Jan 28, 2015, at 10:08 AM, Debbie Bucci <debbucci at gmail.com> wrote:
> 
>  
> Roll call/stats:  There were 21 on the call, 11/19 were voting members 4 additional IPRs this week
> 
>  
> Meeting notes approval by John Bradley
> 
>  
> HEART Timeline  (Deb Bucci) The charter says 12-18 months for completion  - that includes profiles implemented with working reference and implementations in the wild.  
> 
>  
> Tentative schedule:
> 
> Now until April
> 
> •          Identify use cases
> 
> •          Technology level set
> 
> •          Divide Use cases into obvious groupings – see if can be resolved with existing Profile work
> 
> •          Discuss existing pilot/demonstration – reference implementations  that may inform profile
> 
> •          F2F @ HIMSS
> 
> May – Aug
> 
> •          Release first round of profiles
> 
> •          Start /encourage pilots
> 
> •          Dig into the more complex use cases
> 
> Sept – Dec
> 
> •          Work through the more complex us case – possibly identify gaps in standards
> 
> •          Release second round of profiles
> 
> Jan – ?
> 
> •          Access and regroup
> 
>  
> Common Terminology - (Eve Maler) Eve introduced various terms that would be used within the different profiles and highlighted some the commonalities and difference.  
> 
> ·       IdP = identity provider
> 
> ·       RP = relying party
> 
> ·       user = user trying to achieve single sign-on (SSO)
> 
> ·       RO = resource owner (user trying to achieve controlled sharing – could be same as SSO user)
> 
> ·       AS = authorization server (could be the same as IdP)
> 
> ·       RS = resource server (could be the same as AS)
> 
> ·       C = client
> 
> ·       RqP = requesting party (user trying to achieve authorized access – could be same as RO)
> 
>  
> Comment from the discussion
> 
> •          OAuth has no IDP or PR – Client(API) – focus is to get to the service
> 
> •          UMA introduces controlled sharing with someone else – introduced Alice to Bob sharing – requesting party
> 
> •          There are clear use case where multi-parties doing authn/authz job
> 
> •          Software or person may have multiple roles example – enable sharing
> 
> •          Could apply to a Person/patient caregiver or provider.  Think of Person as one class of user/resource.  This enables reuse to support other use cases such as moving information between provider to provider – or referrals without having to create new profiles.
> 
>  
>  
> Use Case Format (Deb and Eve)  - Deb provided and except from the ACE Use case format for discussion as a possible format to gather use case  http://datatracker.ietf.org/doc/draft-ietf-ace-usecases/?include_text=1 <http://datatracker.ietf.org/doc/draft-ietf-ace-usecases/?include_text=1>
>  
> Feedback on doc:
> 
>  
> The format is useful until it gets in the way of the work and should be viewed with the appropriate lens.  Its as good to get started to develop common terms etc but less useful to tightly bind with the profile creation process.
> 
>  
> Our approach going forward:
> 
> Deb will work with OIDF to understand how to access the wiki space and we will define a template for those who wish to use it.   Suggested elements
> 
>  
> Capture /classifying
> 
> •          Who are the actors
> 
> •          What data
> 
> •          What are the sticking points
> 
> •          Potential problems
> 
> •          Limitations
> 
>  
> Where possible try to neutrally state the problem.
> 
> Write use cases from multiple perspectives
> 
> Identify Use cases for multiple purposes
> 
> Use cases past mustard with subject matter experts. As we collect them, we should vet them with authoritative sources.
> 
> Not necessary to be technology specific – write in plain English and capture wants and goals
> 
>  
> Suggested Initial Use cases:
> 
>  
> Kathleen Connor has been the lead on the Privacy on FHIR use case/story board.  That work has been vetted with clinicians within the VA.   Perhaps we can put her on the spot for next week
> 
>  
> Further explore the use cases Justin Richer introduced that are tied to the  Secure RESTful Interface Profile – http://secure-restful-interface-profile.github.io/pages/ <http://secure-restful-interface-profile.github.io/pages/> 
> 
>  
> Explore the Restful Health Exchange (RHEX) use case developed for the Federal Health Architecture (FHA) a couple of years ago 
> 
>  
> Blue Button Restful API (is that the same as SMART?)  Use case
> 
>  
> Virtual Clipboard is a potential candidate but that work is just beginning.  Catherine Shulten will focus on her work with Virtual Patient Registration
> 
>  
> Eve suggested we should explore the National Cybersecurity Center of Exellence (NCCOE) mobile PHR use case
> 
>  
> Adrian Gropper is working on a High Security Use case
> 
>  
> Deb Bucci will work with (? Did not capture who mentioned) on a home healthcare use case.
> 
>  
>  
>  
> We will take 15 minutes over the next few weeks for technology level set
> 
>  
> •          OAUTH – 2/2
> 
> •          OpenID Connect – 2/9
> 
> •          UMA 2/16
> 
>  
>  
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150128/d6dfb89d/attachment-0001.html>


More information about the Openid-specs-heart mailing list