[Openid-specs-heart] Resources vs Resource sets

Debbie Bucci debbucci at gmail.com
Sun Jul 31 22:47:22 UTC 2016


Adrian -

My sincere apologies if I offended you.   I just voiced a personal
opinion.  That was not the point of the paragraph though - I failed to
state the point I was trying to make - sorry to send you off on a tangent.

Totally agree with the following statement.

The degree to which HEART chooses to profile particular subsets of FHIR has
nothing to do with whether a person chooses to outsource his / her
authorization server. It simply has to do with the person's user experience
in setting policies that HIPAA-covered-entities and FTC-covered-entities
and 42-CFR-covered-entities as resource servers will need to follow. In
some cases, the resource servers will voluntarily take advantage of the
FHIR standard while in others it will not apply at all.


I do not see the rise of totally independent AS.   I see it more as a
federate authorization model (kind of what MIT is thinking about with
Datahub - DUMA - PDS).  All RS will have their own AS processes to deal
with - even if trusted, most likely the sharing preference/consent/ROI
would be replicated to the RA AS to manage ongoing requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160731/6dd0e7b8/attachment.html>


More information about the Openid-specs-heart mailing list