[Openid-specs-heart] Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes

Glen Marshall [SRS] gfm at securityrs.com
Tue Oct 6 18:12:00 UTC 2015


I would strongly prefer that the function of pseudonym-to-subject 
re-identification be distinct from the AS.  Exactly how that occurs, and 
who is responsible for what functions, is policy-driven and outside of 
the use cases but is certainly an interesting topic for implementation 
guidance.  We should not constrain policy, but should expose practical 
implementation factors to inform it.

*Glen F. Marshall*
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com

On 10/6/15 11:18, Adrian Gropper wrote:
> When the resource does not contain Subject identity information, the 
> Authorization Server is responsible for associating the pseudonyms 
> with an identity.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151006/3ee1915c/attachment.html>


More information about the Openid-specs-heart mailing list