[Openid-specs-heart] HEART WG meeting notes for 2015 03 02

Debbie Bucci debbucci at gmail.com
Wed Mar 4 13:02:57 UTC 2015


Roll call stats  - https://bitbucket.org/openid/heart/wiki/Roll_Call

25 in attendance - 11 members

Reminder re: IPR - reminder - http://openid.net/intellectual-property.
specify the working group as “OpenID HEART"

Next week - Focus on Delegation : PRIVO will present their Parent/Child
delegation registration/authorization model for COPPA.  Deb has seen their
presentation before and believes the flows are relevant to Health
Delegation Use case

Eve will present some UMA-related options for handling custodial delegation.
Adrian presents Post-MI Implant and Rehab

This is based on a real clinical situation. It’s severe and complicated,
but not necessarily unusual. It’s designed to highlight patient Alice’s
perspective. There are four devices and attendant vendors. He has made some
assumptions about what sorts of standards we might have in the future.

Implantable cardiac defibrillator (ICD) - this is a two-way device. It both
senses and acts on the heart. It treats fainting. It interacts with an ICD
programmer, which has a local low-power link. This is monitored by a
vendor. There’s an device relay and control, using, say, an iPhone. These
are currently proprietary, but that has no benefit to Alice.

Alice is working with two doctors who don’t trust each other. So she’s a
go-between. This is to stress the fact that, for wearables or attached
devices, you can’t count on federation to solve everything. When it’s your
car or your ICD, you want to have the opportunity to be the “middle person”
for how these things communicates because there isn’t always another choice.

There is the patient domain, the VA domain, and the Rwanda domain when
she’s in that country. Adrian counts 8 different services, though there’s
controversy about who you count that.

Alice’s alma mater offers her an UMA AS.

She adds a second device, a FitBit, where FIPPs and data minimization come
in. She chooses a device that meets her requirements along these lines.

This involves multiple portals, akin to Kathleen’s use case.

Nate DiNiro asks: Is anyone using this today? No one’s using an UMA AS
today, but people do use ICDs and so on. Two cardiologists have looked it
over from that perspective.

Justin is only concerned about the FIDO connection and the “backup token
kept with the sister” element. He thinks that technology path won’t work
and advocates identity federation for solving these elements vs. proof of
possession of a secure token. Adrian agrees that we should be doing the
federation case, and believes there’s a way to do this use case that way,
but isn’t sure how to write the use case that way. Account recovery is the
thing that needs to be solved.

Andy observes that account recovery seems peripheral to the use case.

AI: Justin and Adrian: Work on revisions to capture the central spirit of
the Post-MI use case without the distraction of too many account recovery
details.

Justin likes that the use case crosses multiple security domains, which is
important.

Adrian’s manifesto of sorts: When you look at UMA and FHIR, and the
proposition of enabling the personal building/running/outsourcing of
services, it will seem silly for there to be secret ingredients of devices,
and also secret ingredients of pills. In neither case will people accept
secrecy for very much longer.

Adrian’s take on what this use case has to teach us vs. Kathleen’s is that
his takes a “hard” patient-centered perspective.

Privacy on FHIR tackles how we include consent with a patient-centered
point of view.


Deb noted that, although Federation or discussions about Trust are out of
scope for the workgroup, the technical means to describe should be part of
the profiles.


Jim Kraugh notes that the “trustmark” concept is relevant to what we’re
doing here.
F2F planning

We are seriously thinking about doing a HEART F2F, likely Wednesday April
15, but possibly late afternoon Tuesday April 14. Our agenda would be to
consolidate our use cases into a single document, and to start work on our
technical profiles.  Update:  We are targeting 2-3 hours on Wednesday April
15th - hope to have timeslot finalized next week.

AI: Eve & Deb: Coordinate the HIMSS meeting on behalf of HEART WG /
OIDF. Advise
the group when we’ll meet F2F.

AI: Eve: Advertise the Kantara breakfast to the group. [DONE]

We would also have opportunities to get together informally at RSA the week
after, and during the VRM day on the Monday of IIW one week before. Adrian
has been asked to present on VRM day. Debbie and Eve are presenting on
HEART at the OpenID Foundation meeting on the Monday prior to IIW.



AI: Debbie: Consolidate a use case draft for two weeks hence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150304/90bf84a2/attachment.html>


More information about the Openid-specs-heart mailing list