[Openid-specs-heart] AS authentication
Adrian Gropper
agropper at healthurl.com
Wed May 4 04:05:00 UTC 2016
I don't see any problem here.
The use of OpenID Connect as a recommended standard for provider
authentication at the AS seems obvious and uncontroversial.
Every AS (be it institutional or patient-owned) can choose which ID
providers to white-list as an OIDC IdP..
Every RS can choose to provide OIDC IdP services to the ASs that patients
introduce.
A state medical society or HIE can choose to operate an OIDC IdP for their
members. In MA, we actually have funding for such a project at the medical
society waiting for HEART and related standards to make that practical.
Dynamic OIDC Client registration should be required by HEART to make it
easy for all AS to participate.
Adrian
On Tue, May 3, 2016 at 10:05 AM, Debbie Bucci <debbucci at gmail.com> wrote:
> I was actually focused on the authentication burden by the providers that
> will want/need to support their patient/consumers.
>
> We had discussed a webfinger like flow to enable discover consumer
> resources as part of the introduction piece ...which in turn may indeed be
> an OIDC provider-AS for the consumer.
>
>
>
>
> On Tue, May 3, 2016 at 9:49 AM, Glen Marshall [SRS] <gfm at securityrs.com>
> wrote:
>
>> Debbie,
>>
>>
>>
>> I share your concern. A secure AS registry infrastructure is needed for
>> multiple AS instances, especially at scale.
>>
>>
>>
>> I am very leery of the business case for them. In particular, what
>> financial burden should the patients/subjects take-on for the AS(s) they
>> choose, and how does the consumer evaluate AS product offerings? Also,
>> since the chosen AS URIs can be used to help re-identify patients, we
>> probably need a scheme to pseudonymize them in shared patient EHR & PHR
>> data.
>>
>>
>>
>> Glen
>>
>>
>>
>> Glen F. Marshall
>>
>> Consultant
>>
>> Security Risk Solutions, Inc.
>>
>> 698 Fishermans Bend
>>
>> Mount Pleasant, SC 29464
>>
>> Tel: (610) 644-2452
>>
>> Mobile: (610) 613-3084
>>
>> gfm at securityrs.com
>>
>> www.SecurityRiskSolutions.com <http://www.securityrisksolutions.com/>
>>
>>
>>
>> *From:* Openid-specs-heart [mailto:
>> openid-specs-heart-bounces at lists.openid.net] *On Behalf Of *Debbie Bucci
>> *Sent:* Tuesday, May 3, 2016 09:37
>> *To:* openid-specs-heart at lists.openid.net
>> *Subject:* [Openid-specs-heart] AS authentication
>>
>>
>>
>>
>>
>> Are there a methods to register additional OIDC Providers as part of
>> the dynamic client registration "dance" or open multiprotocol (sambits ?)
>> registries in place today where OIDC providers can register in advance to
>> aide these type of interactions?
>>
>>
>>
>> The thought of a provider (or researcher) having to authenticate to
>> potentially hundreds of [UMA] AS is worrisome and seems unmanageable at
>> scale.
>>
>>
>>
>> Perhaps I'm missing something ...
>>
>>
>>
>>
>>
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160504/6e79fef6/attachment.html>
More information about the Openid-specs-heart
mailing list