[Openid-specs-heart] Draft HEART Meeting Notes 2016-02-27

Sarah Squire sarah at engageidentity.com
Mon Feb 27 21:59:58 UTC 2017


Attending:

Debbie Bucci

Adrian Gropper

Caitlin Ryan

Celestin Bitjonck

Edmund Jay

Eve Maler

Glen Marshall

Julie Maas

Justin Richer

Kenneth Salyards

Nancy Lush

Sarah Squire

Justin:

I’d like to go over the newest version of the specs

https://openid.bitbucket.io/HEART/

*Justin read through and explained the new specs*

UMA resources must be associated with authorization servers

Resource types are defined by hl7.org URLs

Our scopes for now are read, write, and *

Claims are organizational affiliation, licensing status, individual
identification, emergency responders, and purpose of use

Glen:

Accreditation is a better term than licensing

Justin:

Great. Send that to the list.

Adrian:

Does this support self-sovereign identity?

Justin:

All blockchain technology is out of scope for this specification

Eve:

But claims are open-ended. You can use any claims you want to.

Debbie:

Can a webfinger lookup handle any URL?

Justin:

No, only ones that conform to specific claims

I put purpose of use in here, but I actually don’t think it should be
associated with the identity of the requesting party.

Eve:

I have a use case for it. You could want to share a photo with anyone who
promises not to use it for marketing.

Justin:

Yes, but that doesn’t fit into an id token

Eve:

Maybe we need to add a layer of abstraction to claims gathering

Justin:

Send it to the list.

Moving on to policy guidance, these are just general understandings of what
a HEART compliant system should expect in terms of policy.

Next steps:
Read through the specs and send your feedback to the list.

Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170227/48b25942/attachment.html>


More information about the Openid-specs-heart mailing list