[Openid-specs-heart] Health Relationship Trust Profile for User Managed Access 1.0

Aaron Seib aaron.seib at nate-trust.org
Mon Nov 30 15:18:00 UTC 2015 

I completely agree - there is a need to define the markers on the journey but each authoritative entity has to make the decisions of the path that they take to climb the mountain.

Aaron Seib, CEO
@CaptBlueButton 
 (o) 301-540-2311
(m) 301-326-6843


-----Original Message-----
From: Openid-specs-heart [mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Justin Richer
Sent: Sunday, November 29, 2015 9:28 PM
To: John Moehrke
Cc: openid-specs-heart at lists.openid.net
Subject: Re: [Openid-specs-heart] Health Relationship Trust Profile for User Managed Access 1.0

That’s why these are all RECOMMENDED. If we don’t recommend something, people will just pick values out of thin air, we should at least give folks a starting point to keep defaults from being too crazy.

 — Justin

> On Nov 28, 2015, at 11:56 AM, Moehrke, John (GE Healthcare) <John.Moehrke at med.ge.com> wrote:
> 
> I would expect these to be policy driven. If we specify values we need it then describe our policy choice. Other use cases, and threat environment may choose other values. Right?
> 
> John
> 
> Sent from my iPhone
> 
> On Nov 28, 2015, at 10:32 AM, Eve Maler <eve.maler at forgerock.com<mailto:eve.maler at forgerock.com>> wrote:
> 
> Agree! Offline, I have suggested to Justin that he fill in the figures 
> for AATs and PATs with the same recommendations as for ordinary OAuth 
> access tokens (as that is what they are), and the figures for RPTs 
> with recommendations inspired by his analysis of different "client 
> types" that appears in the OAuth profile, since the ability of a 
> client to keep a secret should determine what it does with an overall 
> RPT. (The "guts" of an RPT can have individual expiration times 
> commensurate with the policy set by a resource owner.)
> 
> 
> Eve Maler
> ForgeRock Office of the CTO | VP Innovation & Emerging Technology Cell 
> +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl Join our 
> ForgeRock.org OpenUMA<https://urldefense.proofpoint.com/v2/url?u=http-3A__forgerock.org_openuma_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=Os6mERfCAqkTkNGQh-saaWLpddrHOPg80AFdTX8-RFg&e=> community!
> 
> On Sat, Nov 28, 2015 at 12:35 AM, Danny van Leeuwen <danny at health-hats.com<mailto:danny at health-hats.com>> wrote:
> 
> 2.4.<https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.bitbuc
> ket.org_HEART_openid-2Dheart-2Duma.html-23rfc.section.2.4&d=CwMFaQ&c=I
> V_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49uj
> UftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=TG0
> Ob9ovYQ_QL4bZ8Lfdo6NWIG0Cv7I_k1-b83jFeck&e=> Token Lifetimes
> 
> It is RECOMMENDED that AATs have a lifetime of no greater than [XX] hours.
> 
> It is RECOMMENDED that PATs have a lifetime of no greater than [XX] hours.
> 
> It is RECOMMENDED that RPTs have a lifetime of no greater than [XX] hours.
> 
> 
> 
> [shouldn't xx be defined?]
> 
> 
> 
> From 
> <http://openid.bitbucket.org/HEART/openid-heart-uma.html<https://urlde
> fense.proofpoint.com/v2/url?u=http-3A__openid.bitbucket.org_HEART_open
> id-2Dheart-2Duma.html&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLr
> DQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIK
> kQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=SsXVuXInyZJJVRUIHYkuyPb2u0EN9afGbpJs4MG
> tuVQ&e=>>
> 
> --
> Danny van Leeuwen
> 617-304-4681<tel:617-304-4681>
> 
> Blog 
> www.health-hats.com<https://urldefense.proofpoint.com/v2/url?u=http-3A
> __www.health-2Dhats.com_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wU
> rLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5f
> YIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=WLUQNlD8_RUWZD0h_tTEe-oqKx9FeEHi90BI
> nkHULpg&e=> discovering the magic levers of best health Twitter 
> @healthhats
> 
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.op
> enid.net> 
> http://lists.openid.net/mailman/listinfo/openid-specs-heart<https://ur
> ldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_lis
> tinfo_openid-2Dspecs-2Dheart&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_Ri
> V3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tb
> Hx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=D-_XITV9f9wlV97efF4N_FU8WudA5D_G
> 7mUiaL9uC5A&e=>
> 
> 
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.op
> enid.net> 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_m
> ailman_listinfo_openid-2Dspecs-2Dheart&d=CwICAg&c=IV_clAzoPDE253xZdHui
> lRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&
> m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=D-_XITV9f9wlV97efF4N_F
> U8WudA5D_G7mUiaL9uC5A&e= 
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart

_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-heart

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2016.0.7227 / Virus Database: 4477/11090 - Release Date: 11/29/15

More information about the Openid-specs-heart mailing list