[Openid-specs-heart] Health Relationship Trust Profile for User Managed Access 1.0

[Thomas Rieneck]

Token Lifetimes for refresh tokens for PAT should not exceed 24 hours according to the above spec  - that implies that Resource Owners should authenticate every day for Requesting Parties being able to access their resources.

If the patient is the Resource Owner that does not seem realistic.

Best regards
Thomas Rieneck
Nationale Health Data Agency
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160826/24083913/attachment.html>