[Openid-specs-heart] HEART 2015-08-05 meeting notes
Debbie Bucci
debbucci at gmail.com
Wed Aug 5 19:26:00 UTC 2015
Attendees:
Eve Maler
Justin Richer
Josh Mandel
Adrian Gropper
Thomas Sullivan
Debbie Bucci
We have decided to delineate between mechanical and semantic scope docs.
For the PCP <-> PHR use case:
The pre determined choice token confidential token choice and exactly what
information needs (example: PHR's authorization endpoint) to be shared in
advance between the PCP's EHR and Alice's PCP was left out of the
discussion for now.
There is one basic mechanical Oauth generic flow that occurs twice in the
use case.
Given the group has generally agreed that the SMART specifications are a
good place to *start ... *for this particular use case the only semantic
FHIR scope that is necessary is the patient/*.read scope that grants
permission to read any resource for the current patient.
During the registration process Alice should be able to select at a fine
grain level which resources she is willing to share with the PHR. This
mimic's a specific process - Adrian please provide. This information will
be used to generate the access token.
The one thing left at the end of the discussion is whether the patient
record is implicit or explicitly stated. This is a design decision that
may make a difference as we move towards our next use case in
which delegation is a factor.
Corrections/updates appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150805/3e2b1b7c/attachment-0001.html>
More information about the Openid-specs-heart
mailing list