[Openid-specs-heart] An approach to data portability for the RO's policies
Adrian Gropper
agropper at healthurl.com
Wed Aug 31 05:04:03 UTC 2016
My point is that once you take away Alice's right to "build, run, or
outsource" her authorization server we're no longer talking about a
patient-centered system and we should not call it HEART.
If Alice is forced to expose her policies to the RS, then she does not need
UMA. The RS can simply put up any API that it WANs to put up. Alice, once
she has shared her prince is with the RS, is effectively out of the
picture. This is the opt-in and opt-out dream of institutions.
You just don't need UMA at all to do this. It's just FHIR.
Adrian
On Wednesday, August 31, 2016, Debbie Bucci <debbucci at gmail.com> wrote:
>
>
> Debbie, The situation you're describing is already here. It's called OAuth
>> - What's your point? I would say it's all OAuth - right? OpenID Connect
>> and UMA have their additional APIs /functionality but the underlying
>> protocol is OAuth.
>>
>
>
>
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160831/56083e59/attachment.html>
More information about the Openid-specs-heart
mailing list