[Openid-specs-heart] AS authentication
Glen Marshall [SRS]
gfm at securityrs.com
Tue May 3 13:49:28 UTC 2016
Debbie,
I share your concern. A secure AS registry infrastructure is needed for multiple AS instances, especially at scale.
Are there any such registries? I am very leery of the business case for them. In particular, what financial burden should the patients/subjects take-on for the AS(s) they choose, and how does the consumer evaluate AS product offerings? Also, since the chosen AS URIs can be used to help re-identify patients, we probably need a scheme to pseudonymize them in shared patient EHR & PHR data.
Glen
Glen F. Marshall
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com<http://www.securityrisksolutions.com/>
From: Openid-specs-heart [mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Debbie Bucci
Sent: Tuesday, May 3, 2016 09:37
To: openid-specs-heart at lists.openid.net
Subject: [Openid-specs-heart] AS authentication
Are there a methods to register additional OIDC Providers as part of the dynamic client registration "dance" or open multiprotocol (sambits ?) registries in place today where OIDC providers can register in advance to aide these type of interactions?
The thought of a provider (or researcher) having to authenticate to potentially hundreds of [UMA] AS is worrisome and seems unmanageable at scale.
Perhaps I'm missing something ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160503/6d77f375/attachment.html>
More information about the Openid-specs-heart
mailing list