[Openid-specs-heart] Identity Federation?

Eve Maler eve.maler at forgerock.com
Tue Aug 18 14:31:38 UTC 2015 

Hi Chad-- Welcome to the group!

You're right that OAuth underlies the OIDC federation mechanism, and OIDC
is squarely in our profiling charter. For this use case, however, we've
left federated identity out of the equation as (strictly) unneeded to
accomplish its aims.


*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
Join our ForgeRock.org OpenUMA <http://forgerock.org/openuma/> community!

On Mon, Aug 17, 2015 at 3:00 PM, Evans, Chad <chad.evans at philips.com> wrote:

> Hi,
>
>
>
> I’m still a little confused on the identity federation being out of scope.
> A comment was made today on the call to what I understood that clinical
> organizations would not accept outside identity systems. But I would assume
> if Alice had a PHR that it would be unaffiliated with a particular health
> care organization and therefore have its own Identity Provider. To link up
> the PHR and the EHR you would have to establish trust. I would have thought
> that using OpenID Connect or just OAuth to solve this would have been a key
> part of HEART. Is it out of scope just for the use case we have been
> discussing recently? I can understand why the proofing part would be out of
> scope.
>
>
>
> And also, hi everyone. I’ve been listening for a couple of weeks but
> haven’t been able to actively participate. I hope to be able to contribute
> more going forward.
>
>
>
> Thanks
>
>
> Chad
>
>
>
> Chad Evans
>
> Software Architect  HealthSuite DigitalPlatform
>
> Philips Healthcare
>
> +1770-731-0821 (office)
>
> +1770-330-5228 (cell)
>
>
>
> *From:* Openid-specs-heart [mailto:
> openid-specs-heart-bounces at lists.openid.net] *On Behalf Of *Eve Maler
> *Sent:* Friday, August 14, 2015 1:16 PM
> *To:* Danny van Leeuwen
> *Cc:* openid-specs-heart at lists.openid.net
> *Subject:* Re: [Openid-specs-heart] Identity Federation?
>
>
>
> Hi Danny-- Identity federation is the process of a service or application,
> such as a website (like an EHR portal) accepting the results of user
> authentication having been performed by a different service (like a
> government eID system or a bank or the AMA, or some other trustworthy
> party). It's federated, vs. local, because even though the EHR portal has
> an account for you, they don't have to perform the login duties for that
> account themselves -- it comes from afar (like a federation of states or
> planets :-) that work together).
>
>
>
> When people say "*an* identity federation", they usually mean a group of
> organizations that have agreed to work together under a standard agreement
> that lays out the responsibilities and rights of the parties. Trusting
> someone else to do authentication for you is a big step. If the person's
> identity needs to have been proofed too (what we've been talking about
> lately -- the mapping of someone's identity credential to a real-world
> person), then the trustworthiness requirements on the "identity provider"
> go way up. Facebook, for example, simply won't do.
>
>
>
> *Eve Maler *ForgeRock Office of the CTO | VP Innovation & Emerging
> Technology
> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
> Join our ForgeRock.org OpenUMA <http://forgerock.org/openuma/> community!
>
>
>
> On Fri, Aug 14, 2015 at 9:07 AM, Danny van Leeuwen <danny at health-hats.com>
> wrote:
>
> What is Identity Federation?
>
> On Tuesday, August 11, 2015, <openid-specs-heart-request at lists.openid.net>
> wrote:
>
> Send Openid-specs-heart mailing list submissions to
>         openid-specs-heart at lists.openid.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.openid.net/mailman/listinfo/openid-specs-heart
> or, via email, send a message with subject or body 'help' to
>         openid-specs-heart-request at lists.openid.net
>
> You can reach the person managing the list at
>         openid-specs-heart-owner at lists.openid.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openid-specs-heart digest..."
>
>
> Today's Topics:
>
>    1. Re: Draft HEART Meeting Notes 2015-08-10 (Aaron Seib)
>    2.  Draft HEART Meeting Notes 2015-08-10 (Adrian Gropper)
>    3. Re: Draft HEART Meeting Notes 2015-08-10 (Aaron Seib)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 11 Aug 2015 09:34:58 -0400
> From: "Aaron Seib" <aaron.seib at nate-trust.org>
> To: "'Adrian Gropper'" <agropper at healthurl.com>, "'Kinsley, William'"
>         <BKinsley at nextgen.com>
> Cc: openid-specs-heart at lists.openid.net
> Subject: Re: [Openid-specs-heart] Draft HEART Meeting Notes 2015-08-10
> Message-ID: <05f601d0d43a$84d61a40$8e824ec0$@nate-trust.org>
> Content-Type: text/plain; charset="utf-8"
>
> I am confused or might have a friendly amendment for what you are trying
> to communicate.
>
>
>
> Are you positing to the group that item (3) is out of scope because it is
> an Identity Federation feature and by definition not part of the charter of
> the HEART project?
>
>
>
> If that is what you are saying could you please tell me who is working on
> enabling the inclusion of the PCP?s Identity Proofing of Alice in
> determining the level of assurance associated with her accounts (in any
> system ? PHR, EMR or the portals thereof)?
>
>
>
> This is what I am trying to discover.  When the PCP has a patient-provider
> relationship established with Alice and he is provide with Alice?s URL to
> her AS I am very interested in how we can reuse this ID proofing event to
> increase the level of assurance associated with Alice?s AS.  There are many
> ways to remote Identity proof Alice that have cost associated with them.
> If we can capture the ID Proofing event (I assume that a URL and some
> unique Identifier related to Alice is required in the HEART transactions
> when Alice has her privacy preferences configured in an AS that has
> multiple users) from when the PCP trust the URL/GUID associated with Alice
> for an AS it would create value too.
>
>
>
> In other words ? how do we make it possible for relying parties other than
> Alice?s PCP to discover that her PCP has come to trust the binding of
> Alice?s Identity to a specific URL/ID for her AS?
>
>
>
> Is that being discussed anywhere other than the HEART project?
>
>
>
>
>
> Aaron Seib, CEO
>
> @CaptBlueButton
>
>  (o) 301-540-2311
>
> (m) 301-326-6843
>
>
>
>
>
>
>
>
> ------------------------------
> The information contained in this message may be confidential and legally
> protected under applicable law. The message is intended solely for the
> addressee(s). If you are not the intended recipient, you are hereby
> notified that any use, forwarding, dissemination, or reproduction of this
> message is strictly prohibited and may be unlawful. If you are not the
> intended recipient, please contact the sender by return e-mail and destroy
> all copies of the original message.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150818/a3ff2709/attachment.html>

More information about the Openid-specs-heart mailing list