[Openid-specs-heart] Draft minutes of HEART meeting 2018-03-26

[Eve Maler]

*HEART meeting 2018-03-26*


Attending:

Debbie Bucci

Thompson Boyd

Catherine Schulten

Justin Richer

Alan Byers

Luis Maas

Nancy Lush

Eve Maler


*Profiles status*


Justin reports that the text has been revised. He hasn’t received any
comments. Setting up a vote deadline will likely force the situation.
Justin moves, Eve seconds. Justin recommends a WG review period of 1-2
weeks and then start an Implementer’s Draft period after that.


*CARIN Alliance F2F meeting*


Alan reports that there was a payer meeting at the end. He can send notes
from that. Debbie asks: Are they doing anything with ID proofing? Is there
anything the HEART group can help with? They may require some
investigation. They are just trying to bring people together, and come up
with a standard to vet people to IAL2. There has been discussion on doing
KBA, all around proofing. Justin: If that’s the focus, then this seems not
directly HEART-related, unless VoT gets involved. Alan: VoT has been
acknowledged, as has FIDO and social logon, as potentially helpful.


*Vectors of Trust update*


Justin: The shepherd review has been submitted. It will go through AD
review, then IESG review, then to RFC.


*Adrian’s email thread on “What’s the best way to coordinate FHIR and
HEART?”*


Debbie summarized for those not on the thread: Adrian started a thread to
see where HEART could be relevant. Graham opined that HEART isn’t modular
enough, and laid out four use cases. One was sort of about record locator
service. Justin added: It was more like “I have a record; what are other
related records?” This touches on other privacy discussions we’ve had about
a protected discovery endpoint. The pre-FHIR notion of an hData document
that comes back with pointers rather than documents would be something like
the idea. Nancy: She saw the thread as their listing livewire issues, and
quite a few of them do seem relevant to HEART.


Alan: There’s been a discussion about this being the time to create a
national patient identity, like other countries have. Debbie: That’s been a
nonstarter. Catherine: CARIN is not advocating for this; it’s just still on
people’s minds. Organizations can do two forms of queries: “give me
everything you have” and more directed. Justin: Here’s how the discussion
is coming up: https://catalyst.nejm.org/time-unique-patient-identifiers-us/


*HEART “marketing” and use cases*


Nancy: Since there is so much confusion about what HEART does and doesn’t
do, proposes that we put together use cases, maybe 3 patient-facing and 3
provider-facing. Catherine: Supports this. Debbie: This could be useful
for, e.g., the HL7 Connectathons. Nancy: Would like to see this connected
to the Argonaut work so that it can be moved into the mainstream.


Catherine: Has written some use cases in English. She’ll share them and
work with Nancy. Luis: Has HEART-enabled servers and clients, and they were
there in the consumer-mediated exchange track. there were ~9 different
scenarios there, and they made sure HEART — including UMA (then 1.0) — was
included. Subjectively, the feedback he got was that they were looking for
less complex solutions and less involved specs, e.g. Sync 4 Science with
long-lived tokens. However they then need to enroll at each service. He’ll
present in Cologne again.


Eve: This feedback is great. To date we’ve provided no auxiliary material
whatsoever about the operational and topological elements, just the bare
bones of specs that mostly point to other specs. Suspects that would likely
help. Debbie: The notion of a patient’s own AS is the new piece, and
discussing that is something we need to do. Nancy: We need to discuss the
notion of trusted IdP and a provider directory. If Alice wants to share
with a provider, how does that happen? Justin: We’ve discussed that, and
there are places in the specs to deal with it, but we don’t deal with the
policy elements. Nancy: If we make some assumptions, that would make it
realistic for readers. Could be non-normative.


Catherine: Some examples she runs into all the time: How would that work
with a child? Or how would that work if I were unconscious? Nancy: Agreed
that delegation is really important; we also don’t want to get bogged down
by edge cases. Let’s keep the main cases simple and to the point. Debbie:
Willing to join ad hoc groups to work on all of this. Luis: Also willing.
Debbie: It would be good also to have discussions with the broader FHIR
community.


Who will be at IIW next week? Eve, Justin, Adrian probably, Alan maybe,
Debbie maybe. That *might* work.


Nancy thinks use cases and, secondarily, messaging, are the first task.
Debbie thinks the use cases need to be easily implementable.


*Meeting logistics*


   - Thu Mar 29 8am PT/11am ET: Ad hoc meeting to discuss use cases and
   marketing (Nancy will send out invitation and connection info)
   - No meeting Mon Apr 2 due to IIW
   - Mon Apr 9 1pm PT/4pm ET: Next regular HEART meeting
   - No meeting Mon Apr 16 due to RSA



[image: ForgeRock] <https://www.forgerock.com/> *Eve Maler*
VP Innovation & Emerging Technology  |  ForgeRock
*t* (425) 345-6756  |  *e* eve.maler at forgerock.com
*twitter* xmlgrrl  |  *web* www.forgerock.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20180326/9906bac8/attachment.html>