[Openid-specs-heart] Health Relationship Trust Profile for User Managed Access 1.0
Justin Richer
jricher at mit.edu
Sat Aug 27 22:24:39 UTC 2016
This is a recommendation, not a requirement, but better guidance might be warranted. The current text errs on the side of failing closed.
— Justin
> On Aug 26, 2016, at 4:55 AM, Thomas Rieneck <THRE at sundhedsdata.dk> wrote:
>
> Token Lifetimes for refresh tokens for PAT should not exceed 24 hours according to the above spec – that implies that Resource Owners should authenticate every day for Requesting Parties being able to access their resources.
> If the patient is the Resource Owner that does not seem realistic.
>
> Best regards
> Thomas Rieneck
> Nationale Health Data Agency
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net <mailto:Openid-specs-heart at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-heart <http://lists.openid.net/mailman/listinfo/openid-specs-heart>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160827/f9078883/attachment.html>
More information about the Openid-specs-heart
mailing list