[Openid-specs-heart] Draft HEART Meeting Notes 2016-02-27
Sarah Squire
sarah at engageidentity.com
Mon Feb 27 21:59:58 UTC 2017
Attending:
Debbie Bucci
Adrian Gropper
Caitlin Ryan
Celestin Bitjonck
Edmund Jay
Eve Maler
Glen Marshall
Julie Maas
Justin Richer
Kenneth Salyards
Nancy Lush
Sarah Squire
Justin:
I’d like to go over the newest version of the specs
https://openid.bitbucket.io/HEART/
*Justin read through and explained the new specs*
UMA resources must be associated with authorization servers
Resource types are defined by hl7.org URLs
Our scopes for now are read, write, and *
Claims are organizational affiliation, licensing status, individual
identification, emergency responders, and purpose of use
Glen:
Accreditation is a better term than licensing
Justin:
Great. Send that to the list.
Adrian:
Does this support self-sovereign identity?
Justin:
All blockchain technology is out of scope for this specification
Eve:
But claims are open-ended. You can use any claims you want to.
Debbie:
Can a webfinger lookup handle any URL?
Justin:
No, only ones that conform to specific claims
I put purpose of use in here, but I actually don’t think it should be
associated with the identity of the requesting party.
Eve:
I have a use case for it. You could want to share a photo with anyone who
promises not to use it for marketing.
Justin:
Yes, but that doesn’t fit into an id token
Eve:
Maybe we need to add a layer of abstraction to claims gathering
Justin:
Send it to the list.
Moving on to policy guidance, these are just general understandings of what
a HEART compliant system should expect in terms of policy.
Next steps:
Read through the specs and send your feedback to the list.
Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170227/48b25942/attachment.html>
More information about the Openid-specs-heart
mailing list