[Openid-specs-heart] Dissecting the Release of information form
Adrian Gropper
agropper at healthurl.com
Tue Jul 19 03:43:45 UTC 2016
Debbie,
In case it's not on the HEART servers, I've put a copy of the NYP
Authorization Form here:
https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf
Mapping the NYP Authorization Form to actual UMA protocol is way above my
pay grade. Here's as far as I get (inline):
In the case of Alice authorizing Dr. Bob:
>
>
>
> - Alice is the Resource Owner *[Yes. Notice that we have to handle the
> case where Alice has a Representative sign for her as at the bottom of the
> form]*
>
>
> - The requested resource set - is the protected resource. *[Someone
> else needs to propose the mapping to standards]*
> - The resource set would need to have date range.
> - Form indicates that release of sensitive information is
> explicitly OPT-IN so a confidentiality code of V (very sensitive) would not
> release HIV-AIDS/Mental Health/Genetics/Substance Abuse unless explicitly
> asked for (as a scope?).
> - Can the Authorization server sign the RPT(ROI) on behalf of Alice?*
> [Yes. That's the whole point of UMA and HEART as far as I can tell.]*
> - Probably good hygiene to recommend that claims re: Bob's medical
> affiliation be recorded as part of the audit or consent receipt if unable
> to include as part of RPT process. *[Maybe but it seems peripheral.]*
>
> It's important to note that this form is labeled by NYP as an
"authorization" and represents UMA Phase 2 where Dr. Bob is on the scene.
Whoever proposes a mapping to standards needs to also deal with UMA Phase 1
where Alice or her representative tells NYP the address of her UMA
Authorization Server. This happens before Bob is on the scene and is what I
would call "consent".
For the purpose of HEART, could we call UMA Phase 1 consent and UMA Phase 2
authorization?
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160718/ee9e19c5/attachment.html>
More information about the Openid-specs-heart
mailing list