[Openid-specs-heart] How do you define a resource set?

Debbie Bucci debbucci at gmail.com
Fri Jul 1 20:17:36 UTC 2016


In an effort to move things along, I was going to attempt to define a
resource set or two.   Is
https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg-v1_0_1.html
the right documents to reference ?    Boy did i have things backasswords!


This document describes how to post/get/update/delete the overall resource
set name, but I am having a bit of difficulty understanding what resources
are actually in that set.    Given that is defined on the RS - perhaps the
AS would never know nor could it make fine grained decisions on an element
within the set.  Instead the AS could consent or deny to share based on
AIDs  or Mental diagnosis but it would be up to the RS to understand how to
translate how those decisions are made.

This helps better explain to me how the AS could
configure/register/interact with a different RS *on the fly*.  So, based on
skimming the reference, our profile will suggest resource set names for
subsets of  data that we believe a consumer would want to authorize and
potentially additional scopes not included as part of the FHIR/OAUTH
Profile.  Even those would be dependent on what the RS is willing or could
technically support.

I'm missing something  ... right?

Deb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160701/4a514f8a/attachment.html>


More information about the Openid-specs-heart mailing list