[Openid-specs-heart] Proposal for reworked use case AND use case template

Aaron Seib aaron.seib at nate-trust.org
Wed Aug 5 14:11:29 UTC 2015 

Thanks for asking this question.  I wasn’t sure if I was being overly dense but I didn’t get it either.  

 

At a minimum I believe that the verticals are important as they help prioritize what needs to be modified about the underlying technology to be applicable.

 

I thought about it for a specific topic – delegation.  We need to be able to do that in healthcare for family care givers with family members that are developmentally disadvantaged (adult children) and for family members with Alzheimer’s for example  We also end up doing it in the financial domain – I manage my elderly parents checking and social security information.  Both are similar but the underlying requirements and cultures are hugely different.  Trying to solve the problem for either in isolation would be very difficult and likely produce something that didn’t work for either.

 

I don’t argue that there isn’t a lot of desirability to reuse Identity across domains but I don’t know about some of the other topics.

 

At the end of the day all relying parties would be better off if there was a unified solution across verticals due to economies of scale and so forth but I don’t think we are anywhere near that stage yet.  The NSTIC program has been running for 5 years now.  They are probably getting closer to Identity solutions that can be reused across verticals but I am suspicious of the notion that delegation for Health is the same problem as delegation for Finance for example in today’s real world.  

 

Aaron Seib, CEO

@CaptBlueButton 

 (o) 301-540-2311

(m) 301-326-6843



 

From: Openid-specs-heart [mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Josh Mandel
Sent: Wednesday, August 05, 2015 9:09 AM
To: Adrian Gropper
Cc: openid-specs-heart at lists.openid.net
Subject: Re: [Openid-specs-heart] Proposal for reworked use case AND use case template

 

Adrian,

 

I take your point that the healthcare vertical must end somewhere, but I can't quite follow this argument:

 

I suggest that authentication, authorization, delegation, and credential management... are ... not specific to any particular vertical. The OpenID Foundation and HEART are as good a place to deal with these standards ...

 

But HEART is OpenID's Health Relationship Trust Workgroup; as such, it appears to be a health-vertical-oriented approach, even if the underlying technology isn't vertical-specific. I don't see many efforts defining (say) healthcare-specific alternatives to OAuth or SAML (or UMA). Instead, I see groups using those standards much the same way HEART is doing. But I may be missing the thrust of your argument.

 

What specifically are the stuffing-too-much-into-the-health-vertical activities that you are arguing against?

 

 -J

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150805/5e6a0853/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3142 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150805/5e6a0853/attachment.jpg>

More information about the Openid-specs-heart mailing list