[Openid-specs-heart] HEART 2015-08-05 meeting notes

Debbie Bucci debbucci at gmail.com
Thu Aug 6 13:42:31 UTC 2015


+1 !!!
On Aug 6, 2015 9:40 AM, "Maxwell, Jeremy (OS/OCPO)" <Jeremy.Maxwell at hhs.gov>
wrote:

>
>
> The pre determined choice token confidential token choice and exactly what
> information needs (example: PHR's authorization endpoint)  to be shared in
> advance between the PCP's EHR and Alice's PCP was left out of the
> discussion for now.
>
>
>
> Perfectly fine with leaving this in the parking lot for now, but before
> we’re done we need to have very clear setup/configuration/implementation
> guidance.  It needs to be clear and easy to setup and use.  If we add a
> bunch of configuration steps it will be additional hurdles to adoption.
> Remember, many folks have struggled with certificate and trust bundle
> management in Direct.  So we need to at least be simpler than that.
>
>
>
>
>
> *From:* Openid-specs-heart [mailto:
> openid-specs-heart-bounces at lists.openid.net] *On Behalf Of *jim kragh
> *Sent:* Wednesday, August 05, 2015 8:28 PM
> *To:* Debbie Bucci
> *Cc:* openid-specs-heart at lists.openid.net
> *Subject:* Re: [Openid-specs-heart] HEART 2015-08-05 meeting notes
>
>
>
> Thanks for sharing,...  informative and constructive in reaching the
> patient end point.
>
>
>
> May all have a nice evening!
>
>
>
> On Wed, Aug 5, 2015 at 3:26 PM, Debbie Bucci <debbucci at gmail.com> wrote:
>
> Attendees:
>
> Eve Maler
>
> Justin Richer
>
> Josh Mandel
>
> Adrian Gropper
>
> Thomas Sullivan
>
> Debbie Bucci
>
>
>
> We have decided to delineate between mechanical and semantic scope docs.
>
>
>
> For the PCP <-> PHR use case:
>
>
>
> The pre determined choice token confidential token choice and exactly what
> information needs (example: PHR's authorization endpoint)  to be shared in
> advance between the PCP's EHR and Alice's PCP was left out of the
> discussion for now.
>
>
>
> There is one basic mechanical Oauth  generic flow that occurs twice in the
> use case.
>
>
>
> Given the group has generally agreed that the SMART specifications are a
> good place to *start **... *for this particular use case  the only
> semantic FHIR scope that is necessary is the patient/*.read scope that
> grants permission to read any resource for the current patient.
>
>
>
> During the registration process Alice should be able to select at a fine
> grain level which resources she is willing to share with the PHR.   This
> mimic's a specific process - Adrian please provide.  This information will
> be used to generate the access token.
>
>
>
> The one thing left at the end of the discussion is whether the patient
> record is implicit or explicitly stated.  This is a design decision that
> may make a difference as we move towards our next use case in
> which delegation is a factor.
>
>
>
> Corrections/updates appreciated.
>
>
>
>
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150806/7ccdfb04/attachment-0001.html>


More information about the Openid-specs-heart mailing list