[Openid-specs-heart] Draft HEART Meeting Notes 2016-11-28
Nancy Lush
nlush at lgisoftware.com
Mon Nov 28 23:32:29 UTC 2016
Adrian, I added inline.
-Nancy
From: Openid-specs-heart [mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Adrian Gropper
Sent: Monday, November 28, 2016 5:14 PM
To: HEART List <openid-specs-heart at lists.openid.net>; Sarah Squire <sarah at engageidentity.com>
Subject: Re: [Openid-specs-heart] Draft HEART Meeting Notes 2016-11-28
I wasn't taking notes but I found the structiring of the work in terms of Q1-6 very helpful.
Q1 - do we need to profile standard friendly names for resources?
Q2 - [NSL] Do we want to profile a notification protocol to notify Dr. Erica?
Q3 - do we need to profile patient metadata obfuscation methods?
Q4 - are there any ways to verify claims other than A, B, C? (A=AS verified, B=RS verified, C=federation verified)
Q5 - [NSL] Can we elevate permissions through claims?
Q6 - do we need to profile the semantics for claims?
Can anyone remember Q2 and Q5?
Adrian
On Mon, Nov 28, 2016 at 5:00 PM Sarah Squire <sarah at engageidentity.com <mailto:sarah at engageidentity.com> > wrote:
Light notes this week since we mostly walked through the use case that Eve and Nancy have been working on which will be sent out to the list shortly.
Attending:
Debbie Bucci
Adrian Gropper
Celestin Bitjonck
Edmund Jay
Eve Maler
Glen Marshall
Jim Kragh
Jin Wen
Luis Maas
Nancy Lush
Sarah Squire
Scott Shorter
Thomas Sullivan
Walter Kirk
Eve:
We’ve been winnowing down the resources we think people should focus on. We want to help people think with the lens of UMA. We might want to profile what normal people would say in natural English. So “medicines I take” might be friendlier than “current medications”
Adrian:
So we’re saying that our goal is that two RSs would describe the same words to describe a resource?
Eve:
We should decide whether or not to standardize that.
Glen:
Well, this might not be as straightforward as you might think to map these to FHIR resources.
Adrian:
Is it allowed for a server to list the FHIR resource itself? Rather than the friendly name?
Eve:
So we need to decide whether we want friendly names at all, and then whether we want to suggest or require them. We have a use case for proactive Alice sharing including notifications.
Nancy:
Is it okay to notify the client what Alice’s patient ID is? If the FHIR interface knows it and sends it over the wire, then the client should be able to know it and send it over the wire.
Adrian:
Why do we need a patient ID?
Eve:
All we really need is the resource endpoint, we don’t need Alice’s patient ID. You can notify Dr. Erica with knowledge of that endpoint. We probably want the client to pass all the trust elevation tests before it can see the URL with a patient ID in it. We don’t want a patient id in the clear.
Nancy:
We really tried to make this as simple as possible.
Eve:
We’re trying to replicate what Google has already done with document sharing in a loosely coupled protocol.
Sarah Squire
Engage Identity
<http://engageidentity.com/> http://engageidentity.com
_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net <mailto:Openid-specs-heart at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-heart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20161128/1ffb9239/attachment.html>
More information about the Openid-specs-heart
mailing list