[Openid-specs-heart] Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes
Glen Marshall [SRS]
gfm at securityrs.com
Tue Oct 6 18:12:00 UTC 2015
I would strongly prefer that the function of pseudonym-to-subject
re-identification be distinct from the AS. Exactly how that occurs, and
who is responsible for what functions, is policy-driven and outside of
the use cases but is certainly an interesting topic for implementation
guidance. We should not constrain policy, but should expose practical
implementation factors to inform it.
*Glen F. Marshall*
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com
On 10/6/15 11:18, Adrian Gropper wrote:
> When the resource does not contain Subject identity information, the
> Authorization Server is responsible for associating the pseudonyms
> with an identity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151006/3ee1915c/attachment.html>
More information about the Openid-specs-heart
mailing list