[Openid-specs-heart] Alice's health resource set

Debbie Bucci debbucci at gmail.com
Tue Aug 2 14:26:45 UTC 2016


On Tue, Aug 2, 2016 at 10:13 AM, Adrian Gropper <agropper at healthurl.com>
wrote:

> I intentionally avoided introducing the term Resource Set because I want
> to understand what purpose it might serve.
>
> For example,
>
>    - assume an RS registers the 39 scopes in Debbie's 9:21 post, and both
>    the RS and the AS are aware of the FHIR spec at
>    http://www.hl7.org/fhir/
>
>
Looking as the spec - I believe there would be 39 separate resources
registered using the resource set method

"..The resource server uses the POST method at the permission registration
endpoint. The body of the HTTP request message contains a JSON object
providing the requested permission, using a format derived from the
resource set description format specified in [OAuth-resource-reg]
<https://docs.kantarainitiative.org/uma/rec-uma-core.html#OAuth-resource-reg>
 .."

>
>    - Alice sets a policy at her AS that anyone that cannot provide a
>    claim as a licensed physician can only see Immunizations from this
>    particular RS.
>    - Now let's say Bob and his Client show up and Alice's policies and
>    Bob doesn't claim to be an MD to the AS
>    - Can Alice AS issue an RPT to Bob's Client for just Immunizations and
>    Patient without there ever being a concept of Resource Set discussed or
>    defined?
>
> Yes she can issue the RPT but the concept of Resource set appears to be
required by the spec


Adrian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160802/e5800313/attachment.html>


More information about the Openid-specs-heart mailing list