[Openid-specs-heart] Health Relationship Trust Profile for User Managed Access 1.0

Justin Richer jricher at mit.edu
Mon Nov 30 02:27:54 UTC 2015 

That’s why these are all RECOMMENDED. If we don’t recommend something, people will just pick values out of thin air, we should at least give folks a starting point to keep defaults from being too crazy.

 — Justin

> On Nov 28, 2015, at 11:56 AM, Moehrke, John (GE Healthcare) <John.Moehrke at med.ge.com> wrote:
> 
> I would expect these to be policy driven. If we specify values we need it then describe our policy choice. Other use cases, and threat environment may choose other values. Right?
> 
> John
> 
> Sent from my iPhone
> 
> On Nov 28, 2015, at 10:32 AM, Eve Maler <eve.maler at forgerock.com<mailto:eve.maler at forgerock.com>> wrote:
> 
> Agree! Offline, I have suggested to Justin that he fill in the figures for AATs and PATs with the same recommendations as for ordinary OAuth access tokens (as that is what they are), and the figures for RPTs with recommendations inspired by his analysis of different "client types" that appears in the OAuth profile, since the ability of a client to keep a secret should determine what it does with an overall RPT. (The "guts" of an RPT can have individual expiration times commensurate with the policy set by a resource owner.)
> 
> 
> Eve Maler
> ForgeRock Office of the CTO | VP Innovation & Emerging Technology
> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
> Join our ForgeRock.org OpenUMA<https://urldefense.proofpoint.com/v2/url?u=http-3A__forgerock.org_openuma_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=Os6mERfCAqkTkNGQh-saaWLpddrHOPg80AFdTX8-RFg&e=> community!
> 
> On Sat, Nov 28, 2015 at 12:35 AM, Danny van Leeuwen <danny at health-hats.com<mailto:danny at health-hats.com>> wrote:
> 
> 2.4.<https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.bitbucket.org_HEART_openid-2Dheart-2Duma.html-23rfc.section.2.4&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=TG0Ob9ovYQ_QL4bZ8Lfdo6NWIG0Cv7I_k1-b83jFeck&e=> Token Lifetimes
> 
> It is RECOMMENDED that AATs have a lifetime of no greater than [XX] hours.
> 
> It is RECOMMENDED that PATs have a lifetime of no greater than [XX] hours.
> 
> It is RECOMMENDED that RPTs have a lifetime of no greater than [XX] hours.
> 
> 
> 
> [shouldn't xx be defined?]
> 
> 
> 
> From <http://openid.bitbucket.org/HEART/openid-heart-uma.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.bitbucket.org_HEART_openid-2Dheart-2Duma.html&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=SsXVuXInyZJJVRUIHYkuyPb2u0EN9afGbpJs4MGtuVQ&e=>>
> 
> --
> Danny van Leeuwen
> 617-304-4681<tel:617-304-4681>
> 
> Blog www.health-hats.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.health-2Dhats.com_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=WLUQNlD8_RUWZD0h_tTEe-oqKx9FeEHi90BInkHULpg&e=> discovering the magic levers of best health
> Twitter @healthhats
> 
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-heart<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=D-_XITV9f9wlV97efF4N_FU8WudA5D_G7mUiaL9uC5A&e=>
> 
> 
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=CwICAg&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=D-_XITV9f9wlV97efF4N_FU8WudA5D_G7mUiaL9uC5A&e=
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart

More information about the Openid-specs-heart mailing list